Centos7.4安装openstack(queens)详细安装部署(二)-认证服务(keystone)安装
一、安装认证服务
1.1、(控制节点)创建并配置keystone数据库
mysql -u root -pADMIN_PASS
CREATE DATABASE keystone;
设置keystone数据库的访问权限 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'ADMIN_PASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'ADMIN_PASS';
1.2、(控制节点)安装并配置服务
yum install openstack-keystone httpd mod_wsgi -y
1.3、编辑/etc/keystone/keystone.conf并设置以下内容
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:ADMIN_PASS@controller/keystone
...
[token]
provider = fernet
1.4、同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql -uroot -pADMIN_PASS keystone -e 'show tables;'
初始化
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导认证
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
1.5、控制节点)配置apache服务 ,编辑/etc/httpd/conf/httpd.conf文件配置如下内容
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
创建链接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
1.6、设置服务的开机启动
systemctl enable httpd.service
systemctl start httpd.service
1.7、(控制节点)创建相关域、项目、用户和角色
export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
1.8、创建域,api实体、项目
openstack domain create --description "An Example Domain" example 创建域 创建service项目 openstack project create --domain default --description "Service Project" service 创建demo项目 openstack project create --domain default --description "Demo Project" demo 这里要设置demo用户的密码 openstack user create --domain default --password ADMIN_PASS demo 创建用户角色 openstack role create user 给demo用户添加user角色 openstack role add --project demo --user demo user
1.9、(控制节点)验证操作
解除环境变量的设置
unset OS_AUTH_URL OS_PASSWORD
env|grep OS 查看环境变量
使用admin用户请求token
注意:这里需要输入admin的密码,我得是ADMIN_PASS
openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
使用demo用户请求token
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue
2.0、(控制节点)创建环境变量脚本
创建admin-openrc文件增加如下内容
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
验证下脚本的效果
. admin-openrc
openstack token issue
2.1、自动执行,开机拥有环境变量
[root@controller ~]# vim .bashrc # .bashrc # User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi source admin-openrc 在最后加入这段