openstack验证服务keystone
keystone主要负责:
用户 认证:用户权限与用户行为追踪;
服务目录:提供一个服务目录,包括所有服务项与相关Api的端点
//安装Keystone所需组件(控制节点)
yum install -y openstack-keystone httpd mod_wsgi
//编辑etc/keystone/keystone.conf 配置keystone(控制节点)
vi /etc/keystone/keystone.conf
************************************************************************
#connection = <None> 改为 connection = mysql+pymysql://keystone:keystone@192.168.2.11/keystone
(661行)
provider = fernet(去掉注释)
(2774行)
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
测试同步数据库是否成功
mysql -h 192.168.2.11 -ukeystone -pkeystone -e "use keystone;show tables;"
初始化keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://192.168.2.11:35357/v3/ \
--bootstrap-internal-url http://192.168.2.11:5000/v3/ \
--bootstrap-public-url http://19.168.2.11:5000/v3/ \
--bootstrap-region-id RegionOne
//配置apache服务器
vi /etc/httpd/conf/httpd.conf
*************************************************************************
ServerName 192.168.2.11:80
(95行)
创建软链接:
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd
systemctl start httpd
systemctl enable rabbitmq-server mariadb
配置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.2.11:35357/v3
export OS_IDENTITY_API_VERSION=3
安装openstack命令
yum install -y python-openstackclient openstack-selinux
创建项目(server):openstack project create --domain default --description "Service Project" service
[root@localhost conf.d]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 53e9f6918d1748dcbba1e826826f0ab3 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
创建项目(demo):openstack project create --domain default --description "Demo Project" demo
[root@localhost conf.d]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | d6b069f841ce44749153bc1fb9be4f0e |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
创建demo用户:openstack user create --domain default --password-prompt demo
[root@localhost conf.d]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e9b0a1c05d1d4bc28c17de967f074c49 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#密码demo
创建一个user角色:openstack role create user
[root@localhost conf.d]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | b27542b0c88e4fbcbf7d10592e8e1fba |
| name | user |
+-----------+----------------------------------+
给项目添加角色:openstack role add --project demo --user demo user
验证
重置``OS_TOKEN``和``OS_URL`` 环境变量:
unset OS_AUTH_URL OS_PASSWORD
用admin用户获取token:
openstack --os-auth-url http://192.168.2.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
[root@localhost conf.d]# openstack --os-auth-url http://192.168.2.11:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password: (admin)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-11-01T04:58:28+0000 |
| id | gAAAAABb2nnkVl-DCKKY-f-sDFprra3iTxFrKkx-8TVC275vY3Vaa45lAKXzGvFUwtAuu9gZAnv3pJgpslXlU2VGNx918_4IEgGZH9AhwrzHOWYSA0j9llAW0zT5CPOqrxqHcuENLXVDYVsy8mvY3VbPgeUL906YnaiFbV92r1R8SFEpKLuylJ4 |
| project_id | d1ae9fb1fde54e349148b966df2fa951 |
| user_id | 51984c978be44a32898e11ed114fd8a9 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
用demo用户获取token
openstack --os-auth-url http://192.168.2.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
[root@localhost conf.d]# openstack --os-auth-url http://192.168.2.11:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password: (demo)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-11-01T05:13:06+0000 |
| id | gAAAAABb2n1SAad3YsAw_sw_QIsOMBS4Wk2HBGW1zd8godaC8kuHsQV_sO-QiFQN5D6V5QaGO9AhjGIBxtu6J-nRarPdZWZbL1x3ZBzg4oVznhy74gotVwxbOwAvmCY6rWdcxAUgXKw5x6Nzgip3OZXmmhDWebawl17BmPX1GUL_k0QSa_I3DYo |
| project_id | d6b069f841ce44749153bc1fb9be4f0e |
| user_id | e9b0a1c05d1d4bc28c17de967f074c49 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建环境变量脚本
vim /admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.2.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim /demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.2.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
测试这两种环境变量能否获取token:
source /admin-openstack.sh
openstack token issue
source /demo-openstack.sh
openstack token issue