Openstack_Pike 安装部署之Keystone,
数据库设置
[root@controller ~]# mysql -u root -psursen@2015
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
-> IDENTIFIED BY 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
设置keystone
[root@controller ~]# cp /etc/keystone/keystone.conf{,.bak}
[root@controller ~]# vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet完整keystone.conf 如下,可以直接替换原配置
[root@controller ~]# egrep -v '#|^$' /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]同步数据库并确认
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# mysql -ukeystone -pKEYSTONE_DBPASS -e "use keystone;show tables;"初始化配置,完全参照官网设置
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
> --bootstrap-admin-url http://controller:35357/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne设置httpd.conf
[root@controller ~]# vi /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller ~]# systemctl start httpd.service设置环境变量
[root@controller ~]# vi ./admin-opensrtackrc.sh
[root@controller ~]# less admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
admin-openstack.sh (END)
[root@controller ~]# source ./admin-opensrtackrc.sh
创建域、项目、用户、角色 完全参照官网设置
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | edb99012d695427c86291d61d5e2f680 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | ee287d17bf0b4c7188645200b3ac8d4a |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
The passwords entered were not the same
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | f7832cc2ae224750aa86e19ab6b73081 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 9f0c7bdde0de4ef6963ac4f5653c4359 |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-03-26T11:08:31+0000 |
| id | gAAAAABauMafgStdAn4KnMELEnbI74vFu1aFKeFLshyUzUIS4ie-q2yulsH35uI7THhNM2EZv0KQgL19xLXjkJcfK-vr5FLIWzBC-bNNXz1r2gMnuBOi1o1nC4boA666Z26uKvGV6D5utv4HvCE_aDdlLxJNCOohzuL4K_TrO6-PeLlkNQgAMxg |
| project_id | ff092630a87740e599d79861b144c845 |
| user_id | 9eaf7fdcfc4446c58bca578611ebce9f |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-03-26T11:08:52+0000 |
| id | gAAAAABauMa0gp9yp2GGQied0yn7UzvJ6hlbBm7pXBzYqgxZFhbkfhD6BeGLwHUApL3t5w0LCUQW5oID8ptU7N_GWUv4ULwaAS3dmgbFw6hYMQlUQQ6_6lHTsNfh2Ap0vjH9WKwpWeXVGYZOLVV1B8nhgBOynp4EsnQ0cAVsqqs85kjWOpGtN10 |
| project_id | ee287d17bf0b4c7188645200b3ac8d4a |
| user_id | f7832cc2ae224750aa86e19ab6b73081 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# ls
admin-opensrtackrc.sh anaconda-ks.cfg
[root@controller ~]# vi demo-openstackrc.sh
[root@controller ~]# less demo-openstackrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source ./admin-opensrtackrc.sh
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-03-26T11:09:54+0000 |
| id | gAAAAABauMbyahpdAAnxnlhBSH66OZpXr92akAM3MvXNdkZFueqkRQxO1scFIQ2-Z2IdFV_a3n-v_Dl6lutTuIsHlQ5iMPfRb12bQfyvvaf5oouWQCl-E2X12l47ITiQn3BFUBE9JhDqYAPWhMeDDJUPtW0wF_H8cMnrtR5zaNiL4DlxMPhQXB8 |
| project_id | ff092630a87740e599d79861b144c845 |
| user_id | 9eaf7fdcfc4446c58bca578611ebce9f |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
参考官网地址
https://docs.openstack.org/keystone/pike/install/keystone-install-rdo.html
本站文章为和通数据库网友分享或者投稿,欢迎任何形式的转载,但请务必注明出处.
同时文章内容如有侵犯了您的权益,请联系QQ:970679559,我们会在尽快处理。