OpenStack OTACA版本安装-2.认证服务

1.用数据库连接客户端以 root 用户连接到数据库服务器：

$ mysql -u root -p

2.创建 keystone 数据库：

MariaDB [(none)]> CREATE DATABASE keystone;

3.对``keystone``数据库授予恰当的权限：

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';

//用合适的密码替换 KEYSTONE_DBPASS 。

4.退出数据库客户端

5.运行以下命令来安装包。

yum install openstack-keystone httpd mod_wsgi

6.编辑文件 /etc/keystone/keystone.conf

[database]部分

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

//将``KEYSTONE_DBPASS``替换为你为数据库选择的密码。

[token]部分

[token]
# ...
provider = fernet

7.初始化身份认证服务的数据库：

su -s /bin/sh -c "keystone-manage db_sync" keystone

8.初始化Fernet key：

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

9.引导身份服务

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

//用合适的密码替代ADMIN_PASS

10.编辑``/etc/httpd/conf/httpd.conf`` 文件，配置``ServerName`` 选项为控制节点：

ServerName controller

11.创建一个链接到``/usr/share/keystone/wsgi-keystone.conf``文件

 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

12.启动 Apache HTTP 服务并配置其随系统启动：

# systemctl enable httpd.service
# systemctl start httpd.service

13.配置admin账户

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

14.创建service项目

openstack project create --domain default \
  --description "Service Project" service

15.创建脚本文件admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

16.使用脚本

. admin-openrc  //加载``admin-openrc``文件来身份认证服务的环境变量位置和``admin``项目和用户证书：

openstack token issue    //请求认证令牌: