openstack-o版安裝keystone
Keustone身份認證組件是openstack項目中默認的身份認證管理系統,所有的服務都需要keystone認證、根據用戶的等級分配相應的權限。
那麽我們現在配置最新版本openstack的認證服務keystone
前提準備:Centos7.3、163yum源、openstack-o版源、DNS、時間同步、數據庫、rabbitmq、memcache
創建數據庫
create database keystone;
為數據庫用戶賦予權限(賦予一個本地用戶權限,一個遠程登入權限)
GRANT ALL PRIVILEGES ON keystone.* TO [email protected]
GRANT ALL PRIVILEGES ON keystone.* TO [email protected]%‘ IDENTIFIED BY ‘111‘;
查看數據庫
安裝openstack客戶端軟件以及keystone的相關軟件
yum install python-openstackclient openstack-keystone httpd mod_wsgi -y
如果報錯的話,說明你沒有配置openstack的源
我們需要配置openstack的源(僅供參考)
配置源成功後,
[[email protected] ~]# yum clean all
[[email protected] ~]# yum makecache
接下來我們配置keystone,配置文件在/etc/keystone/keystone.conf
把配置文件做備份:
[[[email protected] ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.ds.bak
配置keystone
[[email protected] ~]# cat /etc/keystone/keystone.conf.ds.bak | grep -v ^# | uniq > /etc/keystone/keystone.conf
[[email protected] ~]# sed -i ‘/^\[database\]$/a\connection = mysql+pymysql://keystone:[email protected]/keystone‘ /etc/keystone/keystone.conf
[[email protected] ~]# sed -i ‘/^\[token\]$/a\provider = fernet‘ /etc/keystone/keystone.conf
同步數據庫
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
註意:O版的會有38個表
初始化fernet keys
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
創建訪問該實體的三個api端點
[[email protected] ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
> --bootstrap-admin-url http://wang02:35357/v3/ \
> --bootstrap-internal-url http://wang02:5000/v3/ \
> --bootstrap-public-url http://wang02:5000/v3/ \
> --bootstrap-region-id RegionOne
配置apache服務
[[email protected] ~]# vi /etc/httpd/conf/httpd.conf
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
創建環境變量
[[email protected] ~]# export OS_USERNAME=admin
[[email protected] ~]# export OS_PASSWORD=ADMIN_PASS
[[email protected] ~]# export OS_PROJECT_NAME=admin
[[email protected] ~]# export OS_USER_DOMAIN_NAME=Default
[[email protected] ~]# export OS_PROJECT_DOMAIN_NAME=Default
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# export OS_AUTH_URL=http://wang02:35357/v3
創建一個域
[[email protected] ~]# openstack project create --domain default \
> --description "Service Project" service
創建一個demo的項目
[[email protected] ~]# openstack project create --domain default \
> --description "Demo Project" demo
創建一個demo用戶
[[email protected] ~]# openstack user create --domain default --password DEMO_PASS demo
創建一個demo的角色
[[email protected] ~]# openstack role create user
將demo角色加入到demo項目中的demo用戶中
[[email protected] ~]# openstack role add --project demo --user demo user
編輯/etc/keystone/keystone-paste.ini
在[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三個地方
移走:admin_token_auth
取消剛才設置的環境變量
unset OS_AUTH_URL OS_PASSWORD
驗證操作:
[[email protected] ~]# openstack --os-auth-url http://wang02:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
密碼是 ADMIN_PASS
到此為止,keystone搭建成功。
為了每次都得輸入環境變量,我們創建一個腳本
[[email protected] ~]# vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://wang02:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
驗證一下腳本:
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack token issue
到這裏我們的keystone算是搭建完成。如果搭建過程中遇到問題或有不對的地方,大家可提出來,我們共同進步。
openstack-o版安裝keystone