一、准备工作
- root用户连接数据库
controller ~# mysql -u root -p
- 创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
- 对keystone数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’localhost’ IDENTIFIED BY ‘1111’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’%’ IDENTIFIED BY ‘1111’;
二、安装并配置组件
- 安装软件包
controller ~# yum -y install openstack-keystone httpd mod_wsgi
- 编辑/etc/keystone/keystone.conf 配置文件
controller ~# vim /etc/keystone/keystone.conf
- 在 [database] 部分,配置数据库访问:
[database]
# …
connection = mysql+pymysql://keystone:1111@controller/keystone
- 在
[token]部分,配置Fernet UUID令牌的提供者。
[token]
…
provider = fernet
- 初始化身份认证服务的数据库
controller ~# su -s /bin/sh -c “keystone-manage db_sync” keystone
- 初始化fernet keys:
controller ~# keystone-manage fernet_setup —keystone-user keystone —keystone-group keystone
controller ~# keystone-manage credential_setup —keystone-user keystone —keystone-group keystone
- 引导认证服务
controller ~# keystone-manage bootstrap —bootstrap-password 1111—bootstrap-admin-url http://controller:35357/v3/—bootstrap-internal-url http://controller:5000/v3/—bootstrap-public-url http://controller:5000/v3/—bootstrap-region-id RegionOne
三、配置Apache服务器
编辑/etc/httpd/conf/httpd.conf文件,配置ServerName选项为控制节点:
controller ~# vim /etc/httpd/conf/httpd.conf
ServerName controller
- 给/usr/share/keystone/wsgi-keystone.conf文件创建链接
controller ~# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
- 启动Apache服务
controller~# systemctl enable httpd.service
controller~# systemctl start httpd.service
- 在启动时遇到错误
检查mod_wsgi是否成功安装
检查selinux是否关闭
- 配置管理账户
controller~# export OS_USERNAME=admin
controller~# export OS_PASSWORD=1111
controller~# export OS_PROJECT_NAME=admin
controller~# export OS_USER_DOMAIN_NAME=Default
controller~# export OS_PROJECT_DOMAIN_NAME=Default
controller~# export OS_AUTH_URL=http://controller:35357/v3
controller~# export OS_IDENTITY_API_VERSION=3
四、创建域、项目、用户和角色
- 创建service项目,添加用户
controller ~# openstack project create —domain default —description “Service Project” service
- 创建demo项目
controller ~# openstack project create —domain default —description “Demo Project” demo
- 创建demo用户
controller ~# openstack user create —domain default —password-prompt demo
- 创建user角色
controller ~# openstack role create user
- 将user角色添加到demo项目和用户中
controller ~# openstack role add —project demo —user demo user
五、验证操作
- 禁用认证令牌机制
controller ~# vim /etc/keystone/keystone-paste.ini
从[pipeline:public_api], [pipeline:admin_api], 和[pipeline:api_v3]选项中删除admin_token_auth
- 取消设置临时的OS_AUTH_URL和OS_PASSWORD环境变量:
controller ~# unset OS_AUTH_URL OS_PASSWORD
- 使用admin用户,请求一个认证令牌
controller ~# openstack —os-auth-url http://controller:35357/v3 —os-project-domain-name default —os-user-domain-name default —os-project-name admin —os-username admin token issue
- 这里遇到错误
由于是Http错误,所以返回Apache HTTP 服务配置的地方,重启Apache 服务,并重新设置管理账户:
# systemctlrestart httpd.service
$ export OS_USERNAME=admin
$ export OS_PASSWORD=1111
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3
- 使用demo用户,请求认证令牌:
controller ~# openstack —os-auth-url http://controller:5000/v3 —os-project-domain-name default —os-user-domain-name default —os-project-name demo —os-username demo token issue
- 创建admin-openrc脚本,添加一下内容
controller ~# vim admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=1111
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
controller ~# . admin-openrc.sh
- 创建demo-openrc.sh文件,并添加以下内容
controller ~# vim demo-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=1111
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
controller ~# . demo-openrc.sh
- 请求一个认证令牌;
controller ~# openstack token issue
若有收获,就点个赞吧
0 人点赞
