openstack-rocky安装部署-02安装keystone
先决条件
创建keystone数据库并授权
mysql -u root -p123 CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
安装
yum install openstack-keystone httpd mod_wsgi -y
配置
vi /etc/keystone/keystone.conf
[database] # ... connection = mysql+pymysql://keystone:123@controller/keystone [token] # ... provider = fernet
填充identity数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导身份服务
keystone-manage bootstrap --bootstrap-password admin123 \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
配置apache http服务器
vi /etc/httpd/conf/httpd.conf
ServerName controller
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
完成安装
systemctl enable httpd.service systemctl start httpd.service
配置管理账号
export OS_USERNAME=admin export OS_PASSWORD=admin123 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3
创建域,项目,用户和角色
#忽略该域的创建
openstack domain create --description "An Example Domain" example
#创建service
openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 2f5e4f59bb1344c88787c8b0979dfe8c |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#创建myproject项目:
openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 8255187f8d5742bb8add96ee5ad17327 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#创建myuser用户:
openstack user create --domain default \
--password-prompt myuser
123
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c12193855f5543a7b618fcfe90522f80 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#创建myrole角色:
openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | b19dc270441a4587a4f701a48ddaa0ff |
| name | myrole |
+-----------+----------------------------------+
#将myrole角色添加到myproject项目和myuser用户,默认无输出
openstack role add --project myproject --user myuser myrole
验证
取消设置的临时变量
unset OS_AUTH_URL OS_PASSWORD
作为admin用户,请求身份验证令牌
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2019-04-02T09:59:33+0000 | | id | gAAAAABcoyR1FaYDogftjzdaqOBmmPaInNt8SQdGu7IJlzYDhs_ie1phQwyoj0xtIvP4oqcW32qdbuUXRX9UIW7ordK8_9XFbGliljV1j19TCuvAgHVp_kdjOEG59_DMpVmuvF61l5qdx-n7LahM9stRldkOCK-WdJqqGGzHJnVsnY-IlXoiWq0 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | user_id | cf86a58ebc3f462c9465beda84ec705c | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
作为myuser用户,请求身份验证令牌
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2019-04-02T09:59:55+0000 | | id | gAAAAABcoySL2d9itUIWMDOtjlNEumDn1s9YkBKWiwqsogtqRkvGl7tu3EPmKX1zsamgCC8LbjXXFe_HIK3bSHafrn6Y56PU1XPk_DunzWIldm5FWiGK4prgZFS26lnqQVOgZ8lBw4zXPSK2_L7P7XONUHpKedUnrIHMcXBDGlhSeOm4YJPpDT4 | | project_id | 8255187f8d5742bb8add96ee5ad17327 | | user_id | c12193855f5543a7b618fcfe90522f80 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建openstack客户端环境脚本
#shell script vi admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin123 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 vi demo-openrc.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=myproject export OS_USERNAME=myuser export OS_PASSWORD=MYUSER_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
使用脚本
. admin-openrc
请求身份验证令牌
openstack token issue
浙公网安备 33010602011771号