在前面的章节里面,我们配置了基本环境,也安装keystone服务,并且创建了keystone的数据库,在这一篇里面,我们说怎么配置keystone。

首先编辑keystone服务,需要修改如下数据

编辑 /etc/keystone/keystone.conf

[database]

# ...

connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
[token]

# ...

provider = fernet

将keystone服务同步到数据库

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

验证同步是否成功,如果成功,应该有如下输出

[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"

+------------------------+

| Tables_in_keystone |

+------------------------+

| access_token |

| assignment |

| config_register |

| consumer |

| credential |

| endpoint |

| endpoint_group |

| federated_user

| federation_protocol |

| group |

| id_mapping |

| identity_provider |

| idp_remote_ids |

| implied_role |

| local_user |

| mapping |

| migrate_version |

| nonlocal_user |

| password |

| policy |

| policy_association |

| project |

| project_endpoint |

| project_endpoint_group |

| region |

| request_token |

| revocation_event |

| role |

| sensitive_config |

| service |

| service_provider |

| token |

| trust |

| trust_role |

| user |

| user_group_membership |

| user_option |

| whitelisted_config |

初始化Fernet key 资源库

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

[root@linux-node1 ~]#

验证初始化是否成功,如果fernet-keys & credential-keys 下面多了两个文件,则为正确

[root@linux-node1 ~]# cd /etc/keystone/ 
[root@linux-node1 keystone]# tree fernet-keys/ fernet-keys/

├──

└──

 directories,  files

[root@linux-node1 keystone]# tree credential-keys/ credential-keys/

├──

└──

 directories,  files

启动keystone服务

keystone-manage bootstrap --bootstrap-password admin \

  --bootstrap-admin-url http://192.168.56.11:35357/v3/ \

  --bootstrap-internal-url http://192.168.56.11:5000/v3/ \

  --bootstrap-public-url http://192.168.56.11:5000/v3/ \

  --bootstrap-region-id RegionOne

因为keystone需要用httpd服务来运行,这里配置一下httpd.conf

[root@linux-node1 keystone]# vim /etc/httpd/conf/httpd.conf

#line 96:

ServerName 192.168.56.11:

创建链接

[root@linux-node1 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

将httpd启动并设置为开机启动

[root@linux-node1 httpd]# systemctl start httpd

[root@linux-node1 httpd]# systemctl enable httpd

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

将前面遗漏的rabbitmq和database也设置为开机启动

[root@linux-node1 httpd]# systemctl enable rabbitmq-server mariadb

配置admin用户环境变量

[root@linux-node1 ~]# cat admin-openstack.sh

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://192.168.56.11:35357/v3

export OS_IDENTITY_API_VERSION=

安装openstack客户端

[root@linux-node1 ~]# yum install python-openstackclient openstack-selinux -y

在本文档中,给每个服务用一个只包含唯一user的service project,现在创建这个 service project

#首先需引入环境变量

[root@linux-node1 ~]# source admin-openstack.sh
openstack project create --domain default \

  --description "Service Project" service
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | id | 773e022475654ab0a4fbbfd66dec62bd | | is_domain | False | name | service | | parent_id | default | +-------------+----------------------------------+ [root@linux-node1 ~]#

一般的任务应该有一个未授权的项目和user,现在我们创建这个demo(non-admin)用户和项目

openstack project create --domain default \
  --description "Demo Project" demo

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Demo Project |

| domain_id | default |

| enabled | True

| id | 1d5b969df6da43e69e4a956297404f5c |

| is_domain | False |

| name | demo |

| parent_id | default |

+-------------+----------------------------------+ 

Create the demo user:

openstack user create --domain default \
  --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field | Value |

+---------------------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | 291f02337e514343a09a92932a86fd22 |

| name | demo

|  options | {} |

| password_expires_at | None |

+-----------+----------------------------------+

创建user角色

[root@linux-node1 ~]# openstack role create user

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | None |

| id | 8996a91ed1214d82b107ca0e9aa94b15 |

| name | user |

+-----------+----------------------------------+

将user角色赋予demo project 和user

[root@linux-node1 ~]# openstack role add --project demo --user demo user

[root@linux-node1 ~]#

验证刚才所做的操作

首先unset环境变量 OS_AUTH_URL and OS_PASSWORD

[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD

用admin用户生成token

openstack --os-auth-url http://192.168.56.11:35357/v3 \

  --os-project-domain-name Default --os-user-domain-name Default \

  --os-project-name admin --os-username admin token issue

Password:

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value

|

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| expires    | --11T07::+ |

| id         | gAAAAABaVwTLT729scUG7kebG-S6MuXD2Ta9caG-

IowiOBR5D4yQhs3xFdZTBEFbc-XKSzdpnJxT-

J6DeQPy0uIZOExYFReTs_938NpQ5CWl_AzwNn5ZTAKrzj41d7_rQX6GYHLWDv4HGJG8_lTp_Ba9N0nsY

oDJ13r3pMJ28qgk1KT56T8L9Ys |

| project_id | fb6761ab3d3d43569d5fdfafcdfa5e28 |

| user_id    | d010fba89633421a800698b0e5300d50 |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

[root@linux-node1 ~]#

用demo用户生成token

openstack --os-auth-url http://192.168.56.11:5000/v3 \

  --os-project-domain-name Default --os-user-domain-name Default \

  --os-project-name demo --os-username demo token issue

Password:

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| expires    | --11T07::+ |

| id         | gAAAAABaVwVcKzYPlTB9sg-

x21HDgCyCBqujQO4dqDaawlOSBixQFiSnFgRCiNx48MsLrLsGmX1o6HqcBOo84xPBy1UQIfUQlNhszd5

a_FpkHjY9AK61QTWV-AKBCzGUNJzyT7PNzs82ANF1K5dOltTsDVx40pmYMc0C6zXjIjHZsU2yuVLPOmY

|

| project_id | 1d5b969df6da43e69e4a956297404f5c |

| user_id    | 291f02337e514343a09a92932a86fd22 |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

编辑demo用户的环境变量

[root@linux-node1 ~]# cat demo-openstack.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://192.168.56.11:5000/v3

export OS_IDENTITY_API_VERSION=

export OS_IMAGE_API_VERSION=

导入demo环境变量,用openstack token issue可以直接为demo用户生成token

[root@linux-node1 ~]# source demo-openstack.sh

[root@linux-node1 ~]# openstack token issue

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value

|

+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+

| expires | --11T07::+ |

| id | gAAAAABaVwYysLrhxRdCprzhvU6r1S_kG3qo6bLNxjpq2IX_Ezwg1dAjnqPGXHMD5nYzqVyGViZQtJ5p W8IJDv0JN6Y9nT1hDbD-P- BRrhw0ki6eaSgoR0PiofIK1DmT3EV_RkPWT0Gd_CnEjbJFM6UcNts6E8tVsXku3vJZPG2GmIXcwLlqza M|

| project_id | 1d5b969df6da43e69e4a956297404f5c |

| user_id | 291f02337e514343a09a92932a86fd22 |

+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+

[root@linux-node1 ~]#

同理也可导入admin环境变量,用openstack token issue为admin用户生成环境变量

keystone服务的安装配置介绍到这里

OpenStack 安装:keystone服务的更多相关文章

  1. OpenStack 安装 Keystone

    OpenStack 安装 Keystone 本篇主要记录一下 如何安装 openstack的 第一个组件 keystone 认证授权组件 openstack 版本 我选的是queens 版本 1.Op ...

  2. CentOS 7部署OpenStack(二)—安装keystone服务

    1.创建数据库 [root@controller ~]# mysql -u root -p [root@controller ~]# CREATE DATABASE keystone; [root@c ...

  3. OpenStack:安装Keystone

    >安装Keystone1. 安装# apt-get install keystone2. 创建dbcreate database keystone;grant all privileges on ...

  4. OpenStack 认证服务 KeyStone 服务注册(五)

    创建服务实体和API端点 创建服务 openstack service create --name keystone --description "OpenStack Identity&qu ...

  5. OpenStack 认证服务 KeyStone 服务注册(六)

    一)检查keystone是否安装配置成功 1.1删除环境变量的配置 unset OS_AUTH_URL redhat 1.2 请求令牌认证 admin用户,请求认证令牌 openstack --os- ...

  6. openstack (3)---------部署memcached缓存服务,keystone服务

    一.memcached概念 Memcached 是一个开源的.高性能的分布式内存对象缓存系统.通过在内存中缓存数据和对象来减少读取数据库的次数,从而提高网站访问速度,加速动态WEB应用.减轻数据库负载 ...

  7. 003-官网安装openstack之-keystone身份认证服务

    以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...

  8. OpenStack核心组件-keystone

    1. Keystone介绍 keystone是OpenStack的组件之一,用于为OpenStack家族中的其它组件成员提供统一的认证服务,包括身份验证.令牌的发放和校验.服务列表.用户权限的定义等等 ...

  9. openstack部署keystone

    环境: 免密钥,域名解析 cat /etc/hosts 192.168.42.120 controller 192.168.42.121 compute 192.168.42.122 storage ...

随机推荐

  1. JavaScript 基础篇1

    JavaScript引用问题 1:<script>标签引用嵌入html页面中,在外部引用中是JavaScript文件时必须用src属性设置相应的文件的URL.2:在不使用defer和asy ...

  2. vc6.0使用

    1.文件结构 工作空间dsw 工程1    Source file        .cpp,main    Header file        .h    Resource files 工程2   ...

  3. spring--多人开发,模块化配置

    需要在配置文件中配置: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="h ...

  4. DRBD搭建

    基于块设备在不同的高可用服务器之间同步和镜像数据的软件,块设备可以是磁盘分区,LVM逻辑卷或整块磁盘,解决磁盘单点故障 三种复制协议 (1)协议A:异步复制协议,本地写成功后立即返回,数据放在发送bu ...

  5. xamarin C# 安卓实现 ListView 放大缩小

    翻译自java示例https://raw.githubusercontent.com/Xjasz/AndroidZoomableViewGroup/master/ZoomListView.java u ...

  6. 使用parted对大于2T的磁盘进行分区

    使用parted对磁盘进行分区 版本信息 版本 修改日期 修改人 修改内容 备注 V0.1 2018/09/06   初始化版本 讨论稿                                 ...

  7. windows 安装lua-5.3.4 --引用自https://blog.csdn.net/wangtong01/article/details/78296369

    版权声明:本文为博主原创文章,转载时请标明出处.http://blog.csdn.net/wangtong01 https://blog.csdn.net/wangtong01/article/det ...

  8. npm cnpm

    npm 1.说明: npm(node package manager)是nodejs的包管理器,用于node插件管理(包括安装.卸载.管理依赖等) 2.使用npm安装插件:命令提示符执行npm ins ...

  9. 对Array.prototype.slice.call()方法的理解

    在看别人代码时,发现有这么个写法:[].slice.call(arguments, 0),这到底是什么意思呢? 1.基础 1)slice() 方法可从已有的数组中返回选定的元素. start:必需.规 ...

  10. HTTP Protocol - URI

    Uniform Resource Identifier (URI): compact sequence of characters that identifies an abstract or phy ...