openstack 部署笔记--keystone
控制节点
安装keystone包
# yum install openstack-keystone httpd mod_wsgi
keystone配置文件
# vim /etc/keystone/keystone.conf [database] # ... connection = mysql+pymysql://keystone:root@controller/keystone [token] # ... provider = fernet
同步数据
# su -s /bin/sh -c "keystone-manage db_sync" keystone
配置keystone用户
“root” admin的用户密码
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone keystone-manage bootstrap --bootstrap-password root \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
配置httpd
# vim /etc/httpd/conf/httpd.conf ServerName controller # ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ # systemctl enable httpd.service # systemctl start httpd.service
配置变量
$ export OS_USERNAME=admin $ export OS_PASSWORD=root $ export OS_PROJECT_NAME=admin $ export OS_USER_DOMAIN_NAME=Default $ export OS_PROJECT_DOMAIN_NAME=Default $ export OS_AUTH_URL=http://controller:35357/v3 $ export OS_IDENTITY_API_VERSION=3
创建服务及用户
$ openstack project create --domain default \ --description "Service Project" service $ openstack project create --domain default \ --description "Demo Project" demo $ openstack user create --domain default \ --password-prompt demo $ openstack role create user $ openstack role add --project demo --user demo user
停用临时token
vim /etc/keystone/keystone-paste.ini [pipeline:public_api] [pipeline:admin_api] [pipeline:api_v3] 删除admin_token_auth $ unset OS_AUTH_URL OS_PASSWORD
生产token
$ openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue $ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue
创建变量文件用于openstack客户端
# vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=root export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 # vim demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
验证配置
$ . admin-openrc $ openstack token issue +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2016-02-12T20:44:35.659723Z | | id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl | | | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e | | | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E | | project_id | 343d245e850143a096806dfaefa9afdc | | user_id | ac3377633149401296f6c0d92d79dc16 | +------------+-----------------------------------------------------------------+