keystone配置

/etc/keystone/keystone.conf配置：

[DEFAULT]
admin_token=91c81bf488a68a6621a5
admin_port=35757
public_port=5005
public_endpoint=http://localhost:%(public_port)s/
admin_endpoint=http://localhost:%(admin_port)s/
verbose=True


[database]
connection = mysql://keystone:keystone@localhost/keystone


[memcache]
servers=localhost:11211


[revoke]
driver=keystone.contrib.revoke.backends.sql.Revoke


[token]
provider=keystone.token.providers.uuid.Provider
driver = keystone.token.backends.sql.Token


[extra_headers]
Distribution = Ubuntu

/etc/apache2/apache2.conf里面添加 ServerName 127.0.0.1

/etc/apache2/sites-available/wsgi-keystone.conf : （改端口，免得被tcp6占用）

 1 Listen 5005
 2 Listen 35757
 3  
 4 <VirtualHost *:5005>
 5     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
 6     WSGIProcessGroup keystone-public
 7     WSGIScriptAlias / /var/www/cgi-bin/keystone/main
 8     WSGIApplicationGroup %{GLOBAL}
 9     WSGIPassAuthorization On
10     <IfVersion >= 2.4>
11       ErrorLogFormat "%{cu}t %M"
12     </IfVersion>
13     LogLevel info
14     ErrorLog /var/log/apache2/keystone-error.log
15     CustomLog /var/log/apache2/keystone-access.log combined
16 </VirtualHost>
17  
18 <VirtualHost *:35757>
19     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
20     WSGIProcessGroup keystone-admin
21     WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
22     WSGIApplicationGroup %{GLOBAL}
23     WSGIPassAuthorization On
24     <IfVersion >= 2.4>
25       ErrorLogFormat "%{cu}t %M"
26     </IfVersion>
27     LogLevel info
28     ErrorLog /var/log/apache2/keystone-error.log
29     CustomLog /var/log/apache2/keystone-access.log combined
30 </VirtualHost>

本地SAIO配置

/etc/swift/proxy-server.conf：

  1 [DEFAULT]
  2 bind_ip = 127.0.0.1
  3 bind_port = 8080
  4 workers = 1
  5 user = meow
  6 log_facility = LOG_LOCAL1
  7 eventlet_debug = true
  8 swift_dir = /etc/swift
  9 
 10 [pipeline:main]
 11 pipeline = catch_errors healthcheck cache authtoken proxy-server
 12 
 13 [filter:keystoneauth]
 14 use = egg:swift#keystoneauth
 15 operator_roles = admin,_member_
 16 reseller_prefix=AUTH_
 17 
 18 [filter:authtoken]
 19 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 20 delay_auth_decision = true
 21 signing_dir = /home/meow/keystone-signing
 22 
 23 auth_protocol = http
 24 auth_host = 127.0.0.1
 25 auth_port = 35757
 26 service_host=127.0.0.1
 27 service_port=5005
 28 auth_uri=http://localhost:35757/v2.0
 29 identity_uri=http://localhost:35757
 30 
 31 admin_token = 91c81bf488a68a6621a5
 32
 33 admin_tenant_name = service
 34 admin_user = meow
 35 admin_password = 123456
 36 
 37 
 38 
 39 [filter:catch_errors]
 40 use = egg:swift#catch_errors
 41 
 42 [filter:healthcheck]
 43 use = egg:swift#healthcheck
 44 
 45 [filter:proxy-logging]
 46 use = egg:swift#proxy_logging
 47 
 48 [filter:bulk]
 49 use = egg:swift#bulk
 50 
 51 [filter:ratelimit]
 52 use = egg:swift#ratelimit
 53 
 54 [filter:crossdomain]
 55 use = egg:swift#crossdomain
 56 
 57 [filter:dlo]
 58 use = egg:swift#dlo
 59 
 60 [filter:slo]
 61 use = egg:swift#slo
 62 
 63 [filter:container_sync]
 64 use = egg:swift#container_sync
 65 current = //saio/saio_endpoint
 66 
 67 [filter:tempurl]
 68 use = egg:swift#tempurl
 69 
 70 [filter:tempauth]
 71 use = egg:swift#tempauth
 72 user_admin_admin = admin .admin .reseller_admin
 73 user_test_tester = testing .admin
 74 user_test2_tester2 = testing2 .admin
 75 user_test_tester3 = testing3
 76 
 77 [filter:staticweb]
 78 use = egg:swift#staticweb
 79 
 80 [filter:account-quotas]
 81 use = egg:swift#account_quotas
 82 
 83 [filter:container-quotas]
 84 use = egg:swift#container_quotas
 85 
 86 [filter:cache]
 87 use = egg:swift#memcache
 88 memcache_servers = 127.0.0.1:11211
 89 
 90 [filter:gatekeeper]
 91 use = egg:swift#gatekeeper
 92 
 93 [filter:versioned_writes]
 94 use = egg:swift#versioned_writes
 95 allow_versioned_writes = true
 96 
 97 [filter:copy]
 98 use = egg:swift#copy
 99 
100 [app:proxy-server]
101 use = egg:swift#proxy
102 allow_account_management = true
103 account_autocreate = true

几个出现的错误：

错误：'NoneType' object has no attribute 'has_service_catalog'

无法获取token

显示'NoneType' object has no attribute 'has_service_catalog'

解决方法：删除环境变量

错误："get_version_v2() got an unexpected keyword argument 'auth'\"

解决方法：将URL：http://localhost:5000/v2.0/改为：

http://localhost:5000/
http://localhost:5000/v2.0/tokens/

本机通过CURL访问keystone查询SAIO container

curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "test", "password": "testing"}}}' 
-H "Content-type: application/json" http://127.0.0.1:5005/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1259  100  1159  100   100   2427    209 --:--:-- --:--:-- --:--:--  2424
{
    "access": {
        "metadata": {
            "is_admin": 0,
            "roles": [
                "78c7d84b9d194b1c9ac9d38df11bc07c"
            ]
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
                        "id": "80124aade3994f9496ae52b6a3f27bc9",
                        "internalURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
                        "publicURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
                        "region": "regionOne"
                    }
                ],
                "endpoints_links": [],
                "name": "swift",
                "type": "object-stoer"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://localhost:35757/v2.0",
                        "id": "97f87268f02d4c788a86a437e7ebabd6",
                        "internalURL": "http://localhost:5005/v2.0",
                        "publicURL": "http://localhost:5005/v2.0",
                        "region": "regionOne"
                    }
                ],
                "endpoints_links": [],
                "name": "keystone",
                "type": "identity"
            }
        ],
        "token": {
            "expires": "2017-03-23T08:42:02Z",
            "id": "eb265e79f5fa4849ab56edb60c1df884",
            "issued_at": "2017-03-23T07:42:02.677553",
            "tenant": {
                "description": "Admin Tenant",
                "enabled": true,
                "id": "a9333d8f415043709fdbf649a51c78b5",
                "name": "admin"
            }
        },
        "user": {
            "id": "e6d914c94a064645a7e5b97be1c08877",
            "name": "test",
            "roles": [
                {
                    "name": "admin"
                }
            ],
            "roles_links": [],
            "username": "test"
        }
    }
}

curl -v -H 'X-Auth-Token: c8d5d45c42484c7d81d6d2ddd1c1258b' http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /v1/AUTH_a9333d8f415043709fdbf649a51c78b5 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
> X-Auth-Token: c8d5d45c42484c7d81d6d2ddd1c1258b
> 
< HTTP/1.1 204 No Content
< Content-Type: text/plain; charset=utf-8
< X-Account-Object-Count: 0
< X-Timestamp: 1490255452.34606
< X-Account-Bytes-Used: 0
< X-Account-Container-Count: 0
< X-Put-Timestamp: 1490255452.34606
< X-Trans-Id: tx95806cf5365b4b03ba1f6-0058d37e5c
< X-Openstack-Request-Id: tx95806cf5365b4b03ba1f6-0058d37e5c
< Content-Length: 0
< Date: Thu, 23 Mar 2017 07:50:52 GMT
< 
* Connection #0 to host localhost left intact

本机通过libcloud链接keystone查询openstack SAIO

 1 from libcloud.storage.types import Provider
 2 from libcloud.storage.providers import get_driver
 3 import libcloud.security
 4 
 5 cls = get_driver(Provider.OPENSTACK_SWIFT)
 6 
 7 driver = cls('admin', '123456',\
 8 region = 'regionOne',\
 9 ex_force_auth_url='http://127.0.0.1:5005/v2.0/tokens/',\
10 ex_force_service_type='object-stoer',\
11 ex_force_service_name='swift',\
12 ex_force_auth_version='2.0_password',\
13 ex_force_auth_token='7a71c7795fe449bf994ce167760a23ee',\
14 ex_force_base_url='http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5')
15 
16 print(driver.list_containers())
17 
18 
19 # get the result [] because no containers here

 1 from libcloud.storage.types import Provider
 2 from libcloud.storage.providers import get_driver
 3 import libcloud.security
 4 
 5 cls = get_driver(Provider.OPENSTACK_SWIFT)
 6 
 7 driver = cls('admin', '123456',\
 8 region = 'regionOne',\
 9 ex_force_auth_url='http://127.0.0.1:5005/v2.0/tokens/',\
10 ex_force_service_type='object-stoer',\
11 ex_force_service_name='swift',\
12 ex_force_auth_version='2.0_password')
13 
14 print(driver.list_containers())
15 
16 
17 # always cant get the service and endpoint

获取不到endpoint，如果给出token和url绕过验证，则可以访问swift。

keystone一些命令：

创建tenant：

keystone --os-token 91c81bf488a68a6621a5 --os-endpoint http://localhost:35357/v2.0 tenant-create --name admin --description "Admin Tenant"

创建user：

keystone user-create --name admin --pass 123456

创建role：

keystone role-create --name admin

role添加user：

keystone user-role-add --user admin --role admin --tenant admin

创建service：

keystone service-create --name keystone --type identity

创建endpoint：

keystone endpoint-create --service keystone --region regionOne --publicurl http://localhost:5005/v2.0 --internalurl http://localhost:5005/v2.0 --adminurl http://localhost:35757/v2.0

显示所有的tenant：

keystone --os-tenant-name admin --os-username admin --os-password 123456 tenant-list

用户获取token：

keystone --os-tenant-name admin --os-username admin --os-password 123456 --os-auth-url http://localhost:35757/v2.0 token-get

posted on 2017-03-23 11:09 \0\0\0 阅读(707) 评论(0) 编辑收藏举报

刷新页面返回顶部