3. Configure the Identity Service
Controller Node:
安装认证服务:
1. sudo apt-get install keystone
2. sudo vi /etc/keystone/keystone.conf
[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
3. sudo rm /var/lib/keystone/keystone.db
4. 创建数据库
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
5. su -s /bin/sh -c "keystone-manage db_sync" keystone
6. openssl rand -hex 10
7. sudo vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN (用6中生成的字符串替换这里)
log_dir = /var/log/keystone
8. sudo service keystone restart
创建用户,租户,角色:
1.
export OS_SERVICE_TOKEN=ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
2. 创建管理员
keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin
3. 创建普通用户
keystone user-create --name=demo --pass=DEMO_PASS --email=DEMO_EMAIL
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
4. 创建服务租户
keystone tenant-create --name=service --description="Service Tenant"
定义服务和应用程序接口:
1. keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
2. keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
验证认证服务是否安装成功:
1. unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
2. keystone --os-username=admin --os-password=ADMIN_PASS --os-auth-url=http://controller:35357/v2.0 token-get
3. keystone --os-username=admin --os-password=ADMIN_PASS \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 \
token-get
4. sudo vi admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
5. source admin-openrc.sh
6. keystone token-get
7. keystone user-list
8. keystone user-role-list --user admin --tenant admin