Openstack Keystone 认证服务(四)
Openstack Keystone 认证服务(四)
keystone 的安装完全依赖ocata的源, 如果没有建议自己搭建. 否则用的源不对会产生各种奇葩问题.
创建keystone库和用户:
## 建库和用户:
mysql -u root -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
flush privileges;
*** 做完后去2台控制机上测试一下keystone 账号是否能够正常登录.
控制节点安装内容(2台):
# 控制节点安装:
yum install -y openstack-keystone httpd mod_wsgi
## 编辑文件 /etc/keystone/keystone.conf 并完成如下动作,在 [database] 部分,配置数据库访问:
vim /etc/keystone/keystone.conf
[database]
......
#connection = <None> # 574行
connection = mysql+pymysql://keystone:123456@openstack-linux36-vip.magedu.net/keystone
keystone:123456 # 用户名和密码
openstack-linux36-vip.magedu.net # 内部域名可以直接指向DB或者VIP,写成域名方便后期自行切换.
## 写入/etc/hosts ***
vim /etc/hosts
10.10.5.140 openstack-linux36-vip.magedu.net
*** 测试一下: mysql -h openstack-linux36-vip.magedu.net -u keystone -p123456
## 在``[token]``部分,配置Fernet UUID令牌的提供者。
[token]
# ...
provider = fernet
## 添加admin验证token(手工生成并添加):
[root@cont-1 ~]# openssl rand -hex 10
99251e93898c371cb0c1
vim +15 /etc/keystone/keystone.conf
[DEFAULT]
......
[DEFAULT]
admin_token = 99251e93898c371cb0c1
### 总结一下内容(省略默认的内容):
[root@cro-1 yum.repos.d]# grep -vE '^$|^#' /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 99251e93898c371cb0c1
[database]
connection = mysql+pymysql://keystone:123456@openstack-linux36-vip.magedu.net/keystone
[token]
provider = fernet
......
####################################################################################
### 初始化keystone 身份认证服务的数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
*** 连接数据库查看keystone 库,如果配置文件的mysql连接正常,会生成很多表.
### 初始化Fernet key:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
*** 会在/etc/keystone 下生成2个目录,credential-keys , fernet-keys
### 创建自定义的配置文件:
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
########################################################################################################################
## 启动httpd:
systemctl enable httpd
systemctl start httpd
## 添加环境变量让我们可以跳过密码通过token创建项目:
*** 目前没有方法可以认证keystone 通过环境变量的方法去做一下认证:
export OS_TOKEN=99251e93898c371cb0c1
export OS_AUTH_URL=http://10.10.5.138:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_URL=http://10.10.5.138:35357/v3
## 测试一下 是否可以不出错误:
openstack user list
创建并初始化一个项目:
# 初始化:
openstack domain create --description "Default Domain" default
查看并删除一个domain:
# 查看domain list:
[root@cont-1 ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------+
| 317ace63cb8f4562af682ca6c7bdf955 | default | True | Default Domain |
+----------------------------------+---------+---------+----------------+
## 删除一个domain id:
** openstack domain delete + ID
openstack domain delete 317ace63cb8f4562af682ca6c7bdf955
创建一个admin的项目:
## 创建admin 项目:
[root@cont-1 ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 317ace63cb8f4562af682ca6c7bdf955 |
| enabled | True |
| id | 7895c74b24e640498acb869a790f7092 |
| is_domain | False |
| name | admin |
| parent_id | 317ace63cb8f4562af682ca6c7bdf955 |
+-------------+----------------------------------+
## 创建admin 账号(我设置的是:123456):
[root@cont-1 ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 317ace63cb8f4562af682ca6c7bdf955 |
| enabled | True |
| id | 7e5fe95e8caa48f78e218919d05693d5 |
| name | admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
## 创建admin role(创建admin角色, 账号和role角色关联后就有了admin role的权限.(角色即权限)):
[root@cont-1 ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | ff08ecd7583542bc94ac3eb56794638a |
| name | admin |
+-----------+----------------------------------+
## 给admin 用户授权(角色即权限):
#将admin用户授予admin项目的admin 角色,即给admin项目添加一个用户叫做admin, 并将其添加至admin角色,角色是权限的一种集合:
[root@cont-1 ~]# openstack role add --project admin --user admin admin
*** --project admin # 给admin项目
*** --user admin # 添加admin用户账号
*** 最后的admin # 角色名称(role admin)
############################ 现在 admin 才是一个真正的管理员账号 拥有权限和项目 ##############################################
创建一个Demo 项目:
# 创建一个Demo 项目组(没啥大用处,给其他人演示可以放在这个项目里面。):
[root@cont-1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 317ace63cb8f4562af682ca6c7bdf955 |
| enabled | True |
| id | bebe93941d3d4203a2c630ff4da4596c |
| is_domain | False |
| name | demo |
| parent_id | 317ace63cb8f4562af682ca6c7bdf955 |
+-------------+----------------------------------+
# 创建demo用户并设置密码为demo:
[root@cont-1 ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 317ace63cb8f4562af682ca6c7bdf955 |
| enabled | True |
| id | 00ff302f8c924bb1b171965c5d5aca92 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
## 创建一个User角色:
[root@cont-1 ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 66a589c005b0410eb71f5e4aaa5f0418 |
| name | user |
+-----------+----------------------------------+
## 把Demo 用户添加到Demo 项目:
[root@cont-1 ~]# openstack role add --project demo --user demo user
#############################至此 demo 用户已经被添加到user role里,权限就没有admin 那么大了#####################################
创建一个service项目:
*** 各服务之间与keystone进行访问和认证,service用于给服务创建用户:
openstack project create --domain default --description "Service Project" service
[root@cont-1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 317ace63cb8f4562af682ca6c7bdf955 |
| enabled | True |
| id | 89067cca56fd477d86aed5c221b4c55d |
| is_domain | False |
| name | service |
| parent_id | 317ace63cb8f4562af682ca6c7bdf955 |
+-------------+----------------------------------+
XX 服务注册:
*** 将Keystone 服务地址注册到 openstack ***
# 3.9.1 创建一个keystone 认证服务:
[root@cont-1 ~]# openstack service list
[root@cont-1 ~]# openstack service create --name keystone --description "Openstack Identity" identity # identity 是验证方式
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Identity |
| enabled | True |
| id | 376d49d3d59147a49e5f5081cb04a2b1 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@cont-1 ~]# openstack service list ## 验证服务是否创建成功
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 376d49d3d59147a49e5f5081cb04a2b1 | keystone | identity |
+----------------------------------+----------+----------+
# 3.9.2 创建端点 (public interntl admin)
public # 公共端点
internal # 私有端点
admin # 管理端点
# 注册以上3个端点服务,后面的所有服务都执行以上操作:
*** 此处注册一定要写上域名 或者 VIP地址,这样以后方便扩容和更换设备:
*** 不记得是哪个 可以看/etc/hosts 里面的绑定IP 和 keystone 里面的"connection"
*** 既然写了VIP 地址或者域名,也要去haproxy 上做一下 端口转发.
openstack endpoint create --region RegionOne identity public http://openstack-linux36-vip.magedu.net:5000/v3
openstack endpoint create --region RegionOne identity internal http://openstack-linux36-vip.magedu.net:5000/v3
openstack endpoint create --region RegionOne identity admin http://openstack-linux36-vip.magedu.net:35357/v3
## 执行过程:
[root@cont-1 ~]# openstack endpoint create --region RegionOne identity public http://openstack-linux36-vip.magedu.net:5000/v3
+--------------+-------------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------------+
| enabled | True |
| id | 65605d57632a4c8ba0521b20f28bbcc2 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 376d49d3d59147a49e5f5081cb04a2b1 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-linux36-vip.magedu.net:5000/v3 |
+--------------+-------------------------------------------------+
[root@cont-1 ~]# openstack endpoint create --region RegionOne identity internal http://openstack-linux36-vip.magedu.net:5000/v3
+--------------+-------------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------------+
| enabled | True |
| id | ec3647ea42f347008d7e35b52324d995 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 376d49d3d59147a49e5f5081cb04a2b1 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-linux36-vip.magedu.net:5000/v3 |
+--------------+-------------------------------------------------+
[root@cont-1 ~]# openstack endpoint create --region RegionOne identity admin http://openstack-linux36-vip.magedu.net:35357/v3
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 858dee6eafb54902826175be76954094 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 376d49d3d59147a49e5f5081cb04a2b1 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-linux36-vip.magedu.net:35357/v3 |
+--------------+--------------------------------------------------+
## 验证是否添加成功:
[root@cont-1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| 65605d57632a4c8ba0521b20f28bbcc2 | RegionOne | keystone | identity | True | public | http://openstack-linux36-vip.magedu.net:5000/v3 |
| 858dee6eafb54902826175be76954094 | RegionOne | keystone | identity | True | admin | http://openstack-linux36-vip.magedu.net:35357/v3 |
| ec3647ea42f347008d7e35b52324d995 | RegionOne | keystone | identity | True | internal | http://openstack-linux36-vip.magedu.net:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
## 去haproxy 上配置转发服务:
*** 目前就一台服务器在做这个验证, 所以呢 haproxy也只能吧5000 35357 80 这几个端口给转发到 10。10.5.138 上.
########### keystone ###########
listen openstack_keystone_port_5000
bind 0.0.0.0:5000
mode tcp
log global
server 10.10.5.138 10.10.5.138:5000 check inter 3000 fall 2 rise 5
listen openstack_keystone_port_35357
bind 0.0.0.0:35357
mode tcp
log global
server 10.10.5.138 10.10.5.138:35357 check inter 3000 fall 2 rise 5
########################################
/etc/init.d/haproxy restart
########### 重启 搞定 ###############
## 测试Keystone 是否可以做用户验证:
*** 验证admin用户, 密码123456 , 新打开一个窗口并进行一下操作:
*** 验证demo用户, 密码demo , 新打开一个窗口并进行一下操作:
1 打开新窗口
2 查看/etc/hosts文件,内容一定要对 "10.10.5.140 openstack-linux36-vip.magedu.net"
3 测试本机IP, VIP(haproxy) 随便切换,最后都能通过keystone的验证就行.
export OS_IDENTITY_API_VERSION=3 # 设置环境变量,
openstack --os-auth-url http://10.10.5.138:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
openstack --os-auth-url http://openstack-linux36-vip.magedu.net:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
# 测试结果如下
[root@cont-1 ~]# export OS_IDENTITY_API_VERSION=3
[root@cont-1 ~]# openstack --os-auth-url http://10.10.5.140:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-05-21T10:43:32+0000 |
| id | gAAAAABexk1E0Ya99oG-mHnbZ2s95Uy-HCRuii7rMraVmv5Mk2IEz41Hj0gysnaknb65H-D8RtimuXmlmxUqn4c9EC8lYDy6iMM- |
| | UYrw0ChvWrJ1HxGwC7IxsVGEFsYEApjgINyrT9fDtYQQZPh3GBFcuP8mGokiPb0PTZNMTWrxMSxZpRfJlr0 |
| project_id | bebe93941d3d4203a2c630ff4da4596c |
| user_id | 00ff302f8c924bb1b171965c5d5aca92 |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@cont-1 ~]# openstack --os-auth-url http://openstack-linux36-vip.magedu.net:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password:
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-05-21T10:44:51+0000 |
| id | gAAAAABexk2TBJXILbxI3l2F56SLisp7IIC9EqPM- |
| | fPpgR4p_DoHe_YGsz5z6rcPHtkEuHNvwD2OInIZFC33LknuuLRmGEXMXlYbLXkiyJ2_TlgROPEz1J3MU3Jkxbz6NcCxHJD1mR16VgY5_OPLpJ1bKowxFisM3khnnQVD62_NcSqLVbCcOlA |
| project_id | 7895c74b24e640498acb869a790f7092 |
| user_id | 7e5fe95e8caa48f78e218919d05693d5 |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
使用脚本设置环境变量:
## 验证admin 用户
[root@cont-1 ~]# cat admin.sh
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://10.10.5.140:35357/v3 # 注意此处端口是35357
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@cont-1 ~]# source admin.sh
[root@cont-1 ~]# sh s.sh
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-05-21T19:06:47+0000 |
| id | gAAAAABexsM3OugdYsDazpfSVf34OUH4Vp4Zb0HJdA21eHQ8mHHLuxxtoXbvL4nRDsgJHW5_zT8mPdLc64HXClqIgT6nZluWqnoGSwroGjdXaSQV08ij5h02qZYRIxnZxLi5N4FkijuArwq_6GiFhUedCBMq4jt8EZEk_2KZwa4y |
| | fgTQ-s44Sm8 |
| project_id | 7895c74b24e640498acb869a790f7092 |
| user_id | 7e5fe95e8caa48f78e218919d05693d5 |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## 验证demo 用户:
[root@cont-1 ~]# cat demo.sh
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://10.10.5.140:5000/v3 # 注意此处端口是5000
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@cont-1 ~]# source demo.sh
[root@cont-1 ~]# sh s.sh
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-05-21T19:05:16+0000 |
| id | gAAAAABexsLcyDOe4bL1Y5QLApF0i6OXu-S6iE-psbXCS3ZuySwPpkYyAieK2Ffe85mc5SUDJc_uN1vJsS9Wx7DOU6X16HF7anyWNYY4mKaWplcJPCDn9lQlOIPgMs48hodyHiDWrIjQDdLcY- |
| | UZIt6jvpfvqGsgGDSrRz4VI4G7iogJ546aPCY |
| project_id | bebe93941d3d4203a2c630ff4da4596c |
| user_id | 00ff302f8c924bb1b171965c5d5aca92 |
+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Openstack Keystone 认证服务(四)的更多相关文章
- keystone认证服务
实验操作平台:OpenStack单节点操作 一.相关概念 1.认证(authentication) 认证是确认允许一个用户访问的进程 2.证书(credentials) 用于确认用户身份的数据 3.令 ...
- OpenStack Keystone安装部署流程
之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...
- OpenStack Keystone架构
一. Keystone简介 1. OpenStack Keystone简介 2. Keystone安装与部署 2.1 包安装Keystone 2.2 源码安装源码安装 3 配置运行Keystone 3 ...
- Openstack keystone组件详解
OpenStack Keystone Keystone(OpenStack Identity Service)是 OpenStack 框架中负责管理身份验证.服务规则和服务令牌功能的模块.用户访问资源 ...
- (转)理解Keystone的四种Token
Token 是什么 通俗的讲,token 是用户的一种凭证,需拿正确的用户名/密码向 Keystone 申请才能得到.如果用户每次都采用用户名/密码访问 OpenStack API,容易泄露用户信息, ...
- Ubuntu 14.04 LTS 安装 Juno 版 OpenStack Keystone
本文介绍如何在Ubuntu 14.04 LTS 上安装Juno版的Keystone, 我们采用的是手动安装的方式, 同时仅针对OpenStack的身份与访问管理系统Keystone. 事实上OpenS ...
- 3.openstack之mitaka搭建keystone认证服务
认证服务keystone部署 一:安装和配置服务 1.建库建用户 mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON ...
- openstack Q版部署-----keystone认证服务安装配置(3)
一.新建数据库及用户(控制节点) 登录数据库,创建db以及用户: CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'ke ...
- openstack 部署(Q版)-----keystone认证服务安装配置
一.新建数据库及用户 CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' ID ...
随机推荐
- 教你30秒解开手机的密码 适用于高通CPU
教程简介 先将手机进入9008模式.进入方法请自己百度. 进入9008方法如下: 先将手机关机,然后按住音量加和音量减不松手. 使用教程: 将数据线拆入电脑.会出现一个端口 出现端口后可以松开 ...
- 20201203-6 设置excel样式【】
1-1 1 import os 2 from openpyxl import load_workbook 3 from openpyxl.styles import PatternFill, Alig ...
- druid数据源yml配置
application.yml配置 spring: datasource: username: root password: 123456 url: jdbc:mysql://localhost:33 ...
- 基于 Source Generators 做个 AOP 静态编织小实验
0. 前言 上接:用 Roslyn 做个 JIT 的 AOP 作为第二篇,我们基于Source Generators做个AOP静态编织小实验. 内容安排如下: source generators 是什 ...
- 05-flask基础补充
flask数据获取 request.args - 请求参数 request.form - 请求参数 request.files - 请求文件 request.cookies - 请求cookies r ...
- get \post 接口代码及断言编写
post 请求接口 import requests import json url_path = "http://www.baidu.com" data = {"user ...
- Python读写EXCEL文件常用方法大全
前言 python读写excel的方式有很多,不同的模块在读写的讲法上稍有区别,这里我主要介绍几个常用的方式. 用xlrd和xlwt进行excel读写: 用openpyxl进行excel读写: 用pa ...
- 工作流学习之 IDEA 使用activiti插件 出现乱码
今天学习 工作流 (work flow ) 的时候遇到了一点小问题 就是在 activitit的插件的时候 出现了乱码,弄了很久,终于解决了,就做个总结 嘻嘻 当场懵了,我记得我改了编码呀 - (Se ...
- 用 Java 训练出一只“不死鸟”
作者:Kingyu & Lanking FlappyBird 是 2013 年推出的一款手机游戏,因其简单的玩法但极度困难的设定迅速走红全网.随着深度学习(DL)与增强学习(RL)等前沿算法的 ...
- Python----Flask Web框架(一)
Flask是一个轻量级的基于Python的web框架. 本文适合有一定HTML.Python.网络基础的同学阅读. 1. 简介 这份文档中的代码使用 Python 3 运行.是的,所以读者需要自己在电 ...