OpenStack之四: keystone验证服务(端口5000)
#官网地址:https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html #:创建库,并授权 MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123'; #: 在控制端安装keystone服务 [root@localhost ~]# yum install openstack-keystone httpd mod_wsgi -y #: 配置keystone [root@localhost ~]# vim /etc/keystone/keystone.conf [database] connection=mysql+pymysql://keystone:keystone123@www.magedu.net/keystone [token] provider = fernet #: 解析域名 [root@localhost ~]# vim /etc/hosts 192.168.7.101 www.magedu.net #: 安装haproxy [root@localhost ~]# yum install haproxy -y #: 配置haproxy [root@localhost ~]# vim /etc/haproxy/haproxy.cfg listen mysqlserver bind 192.168.7.101:3306 mode tcp server mysql 192.168.7.105:3306 check inter 2s fall 3 rise 5 #:配置sysctl [root@localhost ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 [root@localhost ~]# sysctl -p #: 启动haproxy [root@localhost ~]# systemctl start haproxy [root@localhost ~]# systemctl enable haproxy #:初始化数据库 [root@localhost ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#: 提供两个认证文件
[root@localhost ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@localhost ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#:修改http 的配置
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.7.101:80
#:做一个软连接
[root@localhost ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#:绕过keystone用命令生成token
[root@node1 ~]# openssl rand -hex 10
de844334c3e60d1ae559 #随便找一台机子生成字符串
de844334c3e60d1ae559 #随便找一台机子生成字符串
[root@controller1 ~]# vim /etc/keystone/keystone.conf
admin_token = de844334c3e60d1ae559
#:再次做一次初始化
[root@localhost ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#:新打开一个窗口导入环境变量
[root@localhost ~]# export OS_TOKEN=de844334c3e60d1ae559
[root@localhost ~]# export OS_URL=http://192.168.7.101:5000/v3
[root@localhost ~]# export OS_IDENTITY_API_VERSION=3
[root@localhost ~]# export OS_URL=http://192.168.7.101:5000/v3
[root@localhost ~]# export OS_IDENTITY_API_VERSION=3
#: 启动httpd服务
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# systemctl enable httpd
#: 创建一个default域
[root@controller1 ~]# openstack domain create --description "Default Domain" default
#:在default域中创建一个admin项目
[root@controller1 ~]# openstack project create --domain default --description "Admin Project" admin
#:在default域中创建一个admin的用户(密码是admin)
[root@controller1 ~]# openstack user create --domain default --password-prompt admin
#:创建一个admin角色,一个项目里面可以有多个角色
[root@controller1 ~]# openstack role create admin
#:给admin项目添加一个用户叫admin,并将其添加至admin角色中
[root@controller1 ~]# openstack role add --project admin --user admin admin
#:再在default域中创建一个demo项目
[root@controller1 ~]# openstack project create --domain default --description "Demo Project" demo
#:在default域中创建一个demo用户(密码是demo)
[root@controller1 ~]# openstack user create --domain default --password-prompt demo
#:创建一个user角色
[root@controller1 ~]# openstack role create user
#:给demo项目添加一个用户叫demo,并将其添加至user角色中
[root@controller1 ~]# openstack role add --project demo --user demo user
#:创建一个service项目
[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
#:创建一个类型为identity的service
[root@controller1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
#:注册API
[root@localhost ~]# openstack endpoint create --region RegionOne identity public http://www.magedu.net:5000/v3
[root@localhost ~]# openstack endpoint create --region RegionOne identity internal http://www.magedu.net:5000/v3
[root@localhost ~]# openstack endpoint create --region RegionOne identity admin http://www.magedu.net:5000/v3
#:新打开一个窗口,测试
[root@localhost ~]# export OS_IDENTITY_API_VERSION=3
[root@localhost ~]# openstack --os-auth-url http://www.magedu.net:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
[root@localhost ~]# openstack --os-auth-url http://www.magedu.net:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
#: 创建脚本
[root@localhost ~]# mkdir scripts
[root@localhost ~]# cd scripts/
[root@localhost ~]# cd scripts/
[root@localhost scripts]# vim admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://www.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://www.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@localhost scripts]# vim demo-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://www.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://www.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#:测试
[root@localhost ~]# source scripts/admin-stein.sh
[root@localhost ~]# openstack token issue
[root@localhost ~]# source scripts/demo-stein.sh
[root@localhost ~]# openstack token issue
[root@localhost ~]# openstack token issue
[root@localhost ~]# source scripts/demo-stein.sh
[root@localhost ~]# openstack token issue