--------controller節點-------------------
1.安裝Keystone服務軟體包
#yum install -y openstack-keystone httpd mod_wsgi
2.建立Keystone資料庫
# mysql -u root -p000000
------------建立資料庫---------------
-------------設定授權使用者和密碼---------------------
CREATE DATABASE keystone;
-----------’%'表示從任何位址連接配接 --------------------
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
exit;
3.配置資料庫連接配接
#
在 [database]節點下添加:
vi /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:[email protected]/keystone
在[token]下修改
provider = uuid
為:
provider =fernet
初始化身份認證服務的資料庫:
#su -s /bin/sh -c "keystone-manage db_sync" keystone
4.建立令牌
--------------生成admin_token的随機值(儲存下這個值,後面會用到)----------------
#openssl rand -hex 10
複制産生的随機數儲存在記事本上後面用!!!(我的是4f4ab0f57fa3f4c7f9f9)
#vi /etc/keystone/keystone.conf
修改[DEFAULT]節點下的:admin_token={随機數}
5.建立簽名密鑰和證書
(1)初始化keys
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
(2)配置apache:
#vi /etc/httpd/conf/httpd.conf
将ServerName www.example.com:80
改為:ServerName controller
(3)生成wsgi配置檔案:
#vi /etc/httpd/conf.d/wsgi-keystone.conf
加入:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
儲存後,啟動httpd
#systemctl enable httpd.service
#systemctl start httpd.service
6.建立服務實體和API端點
(1)設定環境變量
#export OS_TOKEN=4f4ab0f57fa3f4c7f9f9
#export OS_URL=http://controller:35357/v3
#export OS_IDENTITY_API_VERSION=3
(2)建立keystone的service:
#openstack service create --name keystone --description "OpenStack Identity" identity
(3)建立keystone的endpoint:
#openstack endpoint create --region RegionOne identity public http://controller:5000/v3
#openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
#openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
6-2
1.建立域、項目、使用者和角色
(1)建立預設域default:
#openstack domain create --description "Default Domain" default
(2)建立admin的租戶:
#openstack project create --domain default --description "Admin Project" admin
(3)建立admin使用者:
#openstack user create --domain default --password 000000 admin
(4)建立admin角色:
#openstack role create admin
(5)将使用者租戶角色連接配接起來
#openstack role add --project admin --user admin admin
(6)建立服務目錄
#openstack project create --domain default --description "Service Project" service
(7)建立demo資訊類似admin
#openstack project create --domain default --description "Demo Project" demo
#openstack user create --domain default --password 000000 demo
#openstack role create user
#openstack role add --project demo --user demo user
2.清除環境變量
#unset OS_TOKEN OS_URL
3.驗證
(1)作為 admin 使用者,請求認證令牌:
#openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
輸入密碼之後,有正确的輸出即為配置正确。
(2)作為
demo
使用者,請求認證令牌:
#openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
4.建立admin環境變量admin-openrc.sh
#vi admin-openrc.sh
在裡面添加以下内容:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
5.生效環境變量
#source admin-openrc.sh
6.驗證輸入指令:
#openstack token issue
環境變量指令:
#source admin-openrc.sh
再輸入驗證指令
有任何疑問或建議歡迎留言讨論,下一節進行Glance鏡像服務的安裝歡迎通路,點選傳送。