openstack-R版安装部署-02安装keystone

https://www.cnblogs.com/luoliyu/articles/10762401.html

https://docs.openstack.org/keystone/rocky/install/

 

三、安装keystone

创建keystone数据库并授权：

#mysql -u root -p123

show databases;

use keystone;

show tables;

desc table_name;

#CREATE DATABASE keystone;

#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123'; 本地访问

#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123'; 远程访问

#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123';

#flush privileges;

安装：

#yum install openstack-keystone httpd mod_wsgi -y

#vi /etc/keystone/keystone.conf

[database]

# ...

connection = mysql+pymysql://keystone:123@controller/keystone

 

[token]

# ...

provider = fernet

 

mysql -u keystone -p123 能进入数据库

填充identity数据库：

#su -s /bin/sh -c "keystone-manage db_sync" keystone

验证：

use keystone;

show tables;

初始化fernet密钥存储库：

#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

#keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

引导身份服务：

keystone-manage bootstrap --bootstrap-password admin123 \

--bootstrap-admin-url http://controller:5000/v3/ \

--bootstrap-internal-url http://controller:5000/v3/ \

--bootstrap-public-url http://controller:5000/v3/ \

--bootstrap-region-id RegionOne

 

配置apache http服务器：

#vi /etc/httpd/conf/httpd.conf

ServerName controller

 

#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#systemctl enable httpd.service

#systemctl start httpd.service

 

配置管理账号：

export OS_USERNAME=admin

export OS_PASSWORD=admin123

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

创建域，项目，用户和角色：

#创建project：

openstack project create --domain default --description "Service Project" service ，给nova、glance、neutron等内部服务用的

#创建project：

openstack project create --domain default --description "Demo Project" myproject

#创建myuser用户：

openstack user create --domain default --password-prompt myuser

123

#创建myrole角色：

openstack role create myrole

#将myrole角色添加到myproject项目和myuser用户，默认无输出

openstack role add --project myproject --user myuser myrole

验证：取消设置的临时变量

unset OS_AUTH_URL OS_PASSWORD

作为admin用户，请求身份验证令牌：

openstack --os-auth-url http://controller:5000/v3 \

--os-project-domain-name Default --os-user-domain-name Default \

--os-project-name admin --os-username admin token issue

admin123

作为myuser用户，请求身份验证令牌：

openstack --os-auth-url http://controller:5000/v3 \

--os-project-domain-name Default --os-user-domain-name Default \

--os-project-name myproject --os-username myuser token issue

123

创建openstack客户端环境脚本：

vi admin-openrc.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin123

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

vi demo-openrc.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

export OS_PASSWORD=123

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

　　

. admin-openrc

请求身份验证令牌：

openstack token issue