码迷,mamicode.com
首页 > 其他好文 > 详细

openstack搭建之-keystone配置(16)

时间:2019-02-05 18:13:37      阅读:98      评论:0      收藏:0      [点我收藏+]

标签:.com   网关   style   grant   conf   文件   domain   sync   admin   

 

一、 Base Node配置

mysql -uroot -proot

CREATE DATABASE keystone

GRANT ALL PRIVILEGES ON keystone.* to ‘keystone‘@‘localhost‘IDENTIFIED BY ‘KEYSTONE_DBPASS‘;

SHOW DATABASES;

EXIT

二、 ctrl Node(控制节点)配置

#网卡1:eth0

IP:172.16.2.52/16,网关:172.16.0.1,DNS:172.16.2.51。

 

#网卡2:eth1

vim /etc/sysconfig/network-scripts/ifcfg-eth1

TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03

 

#NTP Server配置

yum install python-openstackclient

vim /etc/chrony.conf

server base.test.com

systemctl restart chronyd.service

systemctl enable chronyd.service

chronyc sources -v

 

#安装openstack-keystone软件

yum install python-openstackclient -y

yum install openstack-selinux -y

yum install openstack-keystone httpd mod_wsgi -y

 

#编辑配置文件

vim /etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@base.test.com/keystone

[token] 
provider = fernet

 

#初始化身份认证服务的数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

 

#初始化fernet秘钥存储库

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

#引导identify service

keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url  http://ctrl.test.com:35357/v3/ \
--bootstrap-internal-url  http://ctrl.test.com:5000/v3/ \
--bootstrap-public-url  http://ctrl.test.com:5000/v3/ \
--bootstrap-region-id RegionOne

 

#HTTP配置

vim /etc/httpd/conf/httpd.conf

ServerName ctrl.test.com

 

#创建软连接,启动hhtpd时启动wsgi模块(端口为5000和35357)

ln -s /usr/share/keystone/wsgi-keystone.conf  /etc/httpd/conf.d/

 

#启动http服务

systemctl restart httpd

systemctl enable httpd

systemctl status httpd

 

#环境变量(配置管理账户)

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3

 

#创建项目、用户和角色

openstack project create --domain default --description "Server Project" service

openstack project create --domain default --description "Demo Project" demo

openstack user create --domain default --password DEMO_PASS demo

openstack role create user

openstack role add --project demo --user demo user

 

#查看创建的项目和用户

openstack project list、openstack user list

 

#校验操作,出于安全原因,禁用临时身份验证令牌机制

vim /etc/keystone/keystone-paste.ini

[pipeline:public_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension public_service


[pipeline:admin_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension s3_extension admin_service


[pipeline:api_v3]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

 

#删除OS_AUTH_URL OS-PASSWORD 临时环境变量

unset OS_AUTH_URL OS_PASSWORD

 

#作为管理用户,请求身份验证令牌

openstack --os-auth-url http://ctrl.test.com:35357/v3 \

--os-project-domain-name default \

--os-user-domain-name default \

--os-project-name admin \

--os-username admin token issue

输入PASSWORD:ADMIN_PASS

 

#作为demo用户,请求身份验证令牌

openstack --os-auth-url http://ctrl.test.com:5000/v3 \

--os-project-domain-name default \

--os-user-domain-name default \

--os-project-name demo \

--os-username demo token issue

输入PASSWORD:DEMO_PASS

 

#创建admin管理员运行脚本

vim /root/admin-openrc

#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

 

#创建demo用户运行脚本

vim /root/demo-openrc

#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

 

#测试

. admin-openrc

openstack token issue

 

openstack搭建之-keystone配置(16)

标签:.com   网关   style   grant   conf   文件   domain   sync   admin   

原文地址:https://www.cnblogs.com/chenli90/p/10351513.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!