标签:认证 VID res 用户 open entity iss read start
1. 创建keystone数据库并授权
1 mysql -uroot 2 CREATE DATABASE keystone; 3 GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘; 4 GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
2. 安装keystone软件包
1 [root@controller ~]# yum install openstack-keystone httpd mod_wsgi
3. 修改配置文件
1 cp -a /etc/keystone/keystone.conf{,.bak} 2 grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf 3 4 [root@controller ~]# yum install -y openstack-utils 5 6 [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone 7 8 [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
4. 填充数据库
1 [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥存储库
这是新版本的OpenStack的新功能,在Train版本下,keystone不再使用简单的字符串作为临时token,而是使用下面创建的fernet的用户来运行keystone。同时,keystone也不再对管理员用户和普通用户的服务端点区分使用不同的端口5000和35357,而是只使用5000端口不再使用35357端口。
1 [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 2 [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 3 4 [root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS 5 --bootstrap-admin-url http://controller:5000/v3/ \ 6 --bootstrap-internal-url http://controller:5000/v3/ \ 7 --bootstrap-public-url http://controller:5000/v3/ \ 8 --bootstrap-region-id RegionOne
5. 修改apache配置
1 [root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
创建wsgi配置文件软链接
1 [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动和开机自启动apache
1 [root@controller ~]# systemctl enable httpd.service 2 [root@controller ~]# systemctl start httpd.service
6. 初始化环境变量
1 [root@controller ~]# cat >> ~/.bashrc << EOF 2 export OS_USERNAME=admin 3 export OS_PASSWORD=ADMIN_PASS 4 export OS_PROJECT_NAME=admin 5 export OS_USER_DOMAIN_NAME=Default 6 export OS_PROJECT_DOMAIN_NAME=Default 7 export OS_AUTH_URL=http://controller:5000/v3 8 export OS_IDENTITY_API_VERSION=3 9 EOF 10 11 [root@controller ~]# source ~/.bashrc 12 [root@controller ~]# openstack token issue 13 +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 14 | Field | Value | 15 +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 16 | expires | 2020-01-09T14:53:57+0000 | 17 | id | gAAAAABeFzB1bgQlTdO7E2x2UNvHWbtsd7KRipn0v-RhHaGwZzcnvE8bPsMwnh06CXVrwMkzGEV-VFLXZBICd3cJt5NZqLB_x-tZLmr8qiKZiK9yyiCCCZG3xncQUUQ8zTKcv02Nyz6CHA99AzRxWgetZFG1bAiHdfr1LxxsfR6ZuSsNYl0fLvU | 18 | project_id | 8dd2972e6c0b4d99b100d087e35ad439 | 19 | user_id | 656ea39f6bac482d8a0d0e49fc74e8a5 | 20 +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7. 创建服务所使用的项目
1 [root@controller ~]# openstack project create --domain default --description "Service Project" service 2 +-------------+----------------------------------+ 3 | Field | Value | 4 +-------------+----------------------------------+ 5 | description | Service Project | 6 | domain_id | default | 7 | enabled | True | 8 | id | 7bc35b309acd46de99edbbefaf012de6 | 9 | is_domain | False | 10 | name | service | 11 | options | {} | 12 | parent_id | default | 13 | tags | [] | 14 +-------------+----------------------------------+
8. 创建user角色
1 [root@controller ~]# openstack role create user 2 +-------------+----------------------------------+ 3 | Field | Value | 4 +-------------+----------------------------------+ 5 | description | None | 6 | domain_id | None | 7 | id | 56b5ef9b944b4ecaa65b0313ab194f21 | 8 | name | user | 9 | options | {} | 10 +-------------+----------------------------------+ 11 [root@controller ~]# openstack role list 12 +----------------------------------+--------+ 13 | ID | Name | 14 +----------------------------------+--------+ 15 | 19f4b5f6a4e74a72bd47acf56d918fdf | admin | 16 | 22339e09b9864c58b33ec9f3ab8d0882 | member | 17 | 56b5ef9b944b4ecaa65b0313ab194f21 | user | 18 | ff4eb910bb184190a270b1813d028c4a | reader | 19 +----------------------------------+--------+
OpenStack Train版-2.安装keystone身份认证服务
标签:认证 VID res 用户 open entity iss read start
原文地址:https://www.cnblogs.com/Wang-Hongwei/p/13097830.html