OpenStack Pike Minimal安裝:二、身份認證
阿新 • • 發佈:2018-09-04
type http sys ont show pass tro install lock 1.在controller節點上安裝keystone
root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y2.配置
[root@controller ~]# vim /etc/keystone/keystone.conf[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet3.填充數據庫
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #日誌文件所處位置 [root@controller ~]# ll /var/log/keystone/keystone.log -rw-rw---- 1 root keystone 16062 Sep 4 01:05 /var/log/keystone/keystone.log #查看數據庫 [root@controller ~]# mysql -h controller -ukeystone -pkeystone -e "use keystone;show tables;"
4.初始化Fernet key
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone5.初始化服務
# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:35357/v3/ \--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
6.配置httpd
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
#修改ServerName為主機名
ServerName controller[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/[root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service
7.創建登陸腳本
[root@controller ~]# cat admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2[root@controller ~]# cat demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=28.創建domain, projects, users, and roles
#先使用腳本登陸admin
[root@controller ~]# . admin-openstack.sh①創建service project
openstack project create --domain default --description "Service Project" service
②創建demo project
openstack project create --domain default --description "Demo Project" demo
③創建demo user
openstack user create --domain default --password-prompt demo
④創建 user role
openstack role create user
⑤將user role添加到demo project和user
openstack role add --project demo --user demo user
9.驗證操作
①註銷登陸
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD②驗證admin用戶
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
③驗證demo用戶
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
④使用腳本查看
[root@controller ~]# . admin-openstack.sh
[root@controller ~]# openstack token issueOpenStack Pike Minimal安裝:二、身份認證