1.数据库配置

  1. mysql -uroot -p123456
  2. CREATE DATABASE keystone;
  3. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
  4. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
  5. #验证
  6. mysql -uroot -p123456 -e "show databases;"

2.安装keystone

安装

  1. yum install openstack-keystone httpd mod_wsgi -y
  2. cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
  3. sed -ri '/^[ \t]*(#|$)/d' /etc/keystone/keystone.conf
  4. vim /etc/keystone/keystone.conf
  5.   [database]
  6.   # ...
  7.   connection = mysql+pymysql://keystone:keystone@controller/keystone
  8.   [token]
  9.   # ...
  10.   provider = fernet

同步数据库

  1. su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化 Fernet 密钥存储库:

  1. keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
  2. keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导标识服务

  1. keystone-manage bootstrap --bootstrap-password admin\
  2.   --bootstrap-admin-url http://controller:5000/v3/ \
  3.   --bootstrap-internal-url http://controller:5000/v3/ \
  4.   --bootstrap-public-url http://controller:5000/v3/ \
  5.   --bootstrap-region-id RegionOne

3.安装httpd(控制节点)

  1. #安装
  2. yum install httpd -y
  4. #配置
  5. cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
  6. vim /etc/httpd/conf/httpd.conf
  7. ServerName controller
  9. #创建软连接
  10. ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
  12. #启动
  13. systemctl enable httpd.service 
  14. systemctl restart httpd.service
  15. systemctl status httpd

4.模拟用户登录的脚本

vim /root/admin-openrc.sh

  1. export OS_USERNAME=admin
  2. export OS_PASSWORD=admin
  3. export OS_PROJECT_NAME=admin
  4. export OS_USER_DOMAIN_NAME=Default
  5. export OS_PROJECT_DOMAIN_NAME=Default
  6. export OS_AUTH_URL=http://controller:5000/v3
  7. export OS_IDENTITY_API_VERSION=3

5.创建域、项目、用户、角色

  1. source /root/admin-openrc.sh
  2. openstack domain create --description "An Example Domain" example
  3. openstack project create --domain default --description "Service Project" service
  4. openstack project create --domain default --description "Demo Project" myproject
  5. openstack user create --domain default --password myuser myuser
  6. openstack role create myrole
  7. openstack role add --project myproject --user myuser myrole

6.验证

  1. #请求admin身份验证令牌:
  2.  openstack --os-auth-url http://controller:5000/v3 \
  3.   --os-project-domain-name Default --os-user-domain-name Default \
  4.   --os-project-name admin --os-username admin token issue
  6. #请求myuser身份验证令牌:
  7.   openstack --os-auth-url http://controller:5000/v3 \
  8.   --os-project-domain-name Default --os-user-domain-name Default \
  9.   --os-project-name myproject --os-username myuser --os-password myuser token issue