标签:.com 网关 style grant conf 文件 domain sync admin
mysql -uroot -proot
CREATE DATABASE keystone
GRANT ALL PRIVILEGES ON keystone.* to ‘keystone‘@‘localhost‘IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
SHOW DATABASES;
EXIT
#网卡1:eth0
IP:172.16.2.52/16,网关:172.16.0.1,DNS:172.16.2.51。
#网卡2:eth1
vim /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
#NTP Server配置
yum install python-openstackclient
vim /etc/chrony.conf
server base.test.com
systemctl restart chronyd.service
systemctl enable chronyd.service
chronyc sources -v
#安装openstack-keystone软件
yum install python-openstackclient -y
yum install openstack-selinux -y
yum install openstack-keystone httpd mod_wsgi -y
#编辑配置文件
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@base.test.com/keystone
[token]
provider = fernet
#初始化身份认证服务的数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化fernet秘钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#引导identify service
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://ctrl.test.com:35357/v3/ \
--bootstrap-internal-url http://ctrl.test.com:5000/v3/ \
--bootstrap-public-url http://ctrl.test.com:5000/v3/ \
--bootstrap-region-id RegionOne
#HTTP配置
vim /etc/httpd/conf/httpd.conf
ServerName ctrl.test.com
#创建软连接,启动hhtpd时启动wsgi模块(端口为5000和35357)
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#启动http服务
systemctl restart httpd
systemctl enable httpd
systemctl status httpd
#环境变量(配置管理账户)
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3
#创建项目、用户和角色
openstack project create --domain default --description "Server Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user
#查看创建的项目和用户
openstack project list、openstack user list
#校验操作,出于安全原因,禁用临时身份验证令牌机制
vim /etc/keystone/keystone-paste.ini
[pipeline:public_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension public_service
[pipeline:admin_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension s3_extension admin_service
[pipeline:api_v3]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
#删除OS_AUTH_URL OS-PASSWORD 临时环境变量
unset OS_AUTH_URL OS_PASSWORD
#作为管理用户,请求身份验证令牌
openstack --os-auth-url http://ctrl.test.com:35357/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name admin \
--os-username admin token issue
输入PASSWORD:ADMIN_PASS
#作为demo用户,请求身份验证令牌
openstack --os-auth-url http://ctrl.test.com:5000/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name demo \
--os-username demo token issue
输入PASSWORD:DEMO_PASS
#创建admin管理员运行脚本
vim /root/admin-openrc
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#创建demo用户运行脚本
vim /root/demo-openrc
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#测试
. admin-openrc
openstack token issue
标签:.com 网关 style grant conf 文件 domain sync admin
原文地址:https://www.cnblogs.com/chenli90/p/10351513.html