Centos7.4安装openstack(queens)详细安装部署(二)-认证服务(keystone)安装

一、安装认证服务

  1.1、(控制节点)创建并配置keystone数据库

mysql -u root -pADMIN_PASS
CREATE DATABASE keystone;
设置keystone数据库的访问权限 GRANT ALL PRIVILEGES ON keystone.
* TO 'keystone'@'localhost' \ IDENTIFIED BY 'ADMIN_PASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'ADMIN_PASS';

  1.2、(控制节点)安装并配置服务 

 yum install openstack-keystone httpd mod_wsgi -y

  1.3、编辑/etc/keystone/keystone.conf并设置以下内容

cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak  
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:ADMIN_PASS@controller/keystone
...
[token]
provider = fernet

  1.4、同步数据库

 su -s /bin/sh -c "keystone-manage db_sync" keystone
 mysql -uroot -pADMIN_PASS keystone -e 'show tables;'

  初始化

 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
 keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

  引导认证

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

  1.5、控制节点)配置apache服务 ,编辑/etc/httpd/conf/httpd.conf文件配置如下内容

echo "ServerName controller" >> /etc/httpd/conf/httpd.conf

    创建链接文件

 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

  1.6、设置服务的开机启动

systemctl enable httpd.service
systemctl start httpd.service

  1.7、(控制节点)创建相关域、项目、用户和角色 

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

  1.8、创建域,api实体、项目

openstack domain create --description "An Example Domain" example        创建域
创建service项目
openstack project create --domain default  --description "Service Project" service
创建demo项目
openstack project create --domain default  --description "Demo Project" demo
这里要设置demo用户的密码
openstack user create --domain default --password ADMIN_PASS demo
创建用户角色
openstack role create user
给demo用户添加user角色
openstack role add --project demo --user demo user

  1.9、(控制节点)验证操作

    解除环境变量的设置

unset OS_AUTH_URL OS_PASSWORD
env|grep OS 查看环境变量

    使用admin用户请求token

    注意:这里需要输入admin的密码,我得是ADMIN_PASS

openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

    使用demo用户请求token

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue

  2.0、(控制节点)创建环境变量脚本

    创建admin-openrc文件增加如下内容

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

    验证下脚本的效果

. admin-openrc
openstack token issue

     2.1、自动执行,开机拥有环境变量

[root@controller ~]# vim .bashrc
# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
source admin-openrc                             在最后加入这段

 

posted @ 2020-07-16 10:45  人走茶良  阅读(258)  评论(0编辑  收藏  举报
推荐:华为云