150.OpenStack Train版-2.安装keystone身份认证服务

1. 创建keystone数据库并授权

[root@controller ~]# mysql -uroot 
	CREATE DATABASE keystone;
	GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
	GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

2. 安装keystone软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi

3. 修改配置文件

[root@controller ~]# cp -a /etc/keystone/keystone.conf{,.bak}
[root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
	
[root@controller ~]# yum install -y openstack-utils

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider  fernet

4. 填充数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet密钥存储库
这是新版本的OpenStack的新功能,在Train版本下,keystone不再使用简单的字符串作为临时token,而是使用下面创建的fernet的用户来运行keystone。同时,keystone也不再对管理员用户和普通用户的服务端点区分使用不同的端口5000和35357,而是只使用5000端口不再使用35357端口。
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  	--bootstrap-admin-url http://controller:5000/v3/ \
  	--bootstrap-internal-url http://controller:5000/v3/ \
  	--bootstrap-public-url http://controller:5000/v3/ \
  	--bootstrap-region-id RegionOne

5. 修改apache配置

[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf

创建wsgi配置文件软链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动和开机自启动apache
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service

6. 初始化环境变量

[root@controller ~]# cat >> ~/.bashrc << EOF
	export OS_USERNAME=admin
	export OS_PASSWORD=ADMIN_PASS
	export OS_PROJECT_NAME=admin
	export OS_USER_DOMAIN_NAME=Default
	export OS_PROJECT_DOMAIN_NAME=Default
	export OS_AUTH_URL=http://controller:5000/v3
	export OS_IDENTITY_API_VERSION=3
	EOF
	
[root@controller ~]# source ~/.bashrc 
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2020-01-09T14:53:57+0000                                                                                                                                                                |
| id         | gAAAAABeFzB1bgQlTdO7E2x2UNvHWbtsd7KRipn0v-RhHaGwZzcnvE8bPsMwnh06CXVrwMkzGEV-VFLXZBICd3cJt5NZqLB_x-tZLmr8qiKZiK9yyiCCCZG3xncQUUQ8zTKcv02Nyz6CHA99AzRxWgetZFG1bAiHdfr1LxxsfR6ZuSsNYl0fLvU |
| project_id | 8dd2972e6c0b4d99b100d087e35ad439                                                                                                                                                        |
| user_id    | 656ea39f6bac482d8a0d0e49fc74e8a5                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

7. 创建服务所使用的项目

[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 7bc35b309acd46de99edbbefaf012de6 |
| is_domain   | False                            |
| name        | service                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

8. 创建user角色

[root@controller ~]# openstack role create user
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | 56b5ef9b944b4ecaa65b0313ab194f21 |
| name        | user                             |
| options     | {}                               |
+-------------+----------------------------------+
[root@controller ~]# openstack role list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 19f4b5f6a4e74a72bd47acf56d918fdf | admin  |
| 22339e09b9864c58b33ec9f3ab8d0882 | member |
| 56b5ef9b944b4ecaa65b0313ab194f21 | user   |
| ff4eb910bb184190a270b1813d028c4a | reader |
+----------------------------------+--------+

150.OpenStack Train版-2.安装keystone身份认证服务

至此,keystone服务安装成功,下节俺会安装glance镜像服务
官方密码配置信息:
150.OpenStack Train版-2.安装keystone身份认证服务

150.OpenStack Train版-2.安装keystone身份认证服务150.OpenStack Train版-2.安装keystone身份认证服务 寻花之梦~~ 发布了155 篇原创文章 · 获赞 65 · 访问量 8992 私信 关注
上一篇:我使用的网方案拓扑


下一篇:教你如何将Pandas迭代速度加快150倍?