• openstack 部署笔记--keystone


    控制节点

    安装keystone包

    # yum install openstack-keystone httpd mod_wsgi
    

    keystone配置文件

    # vim /etc/keystone/keystone.conf
    [database]
    # ...
    connection = mysql+pymysql://keystone:root@controller/keystone
    
    [token]
    # ...
    provider = fernet
    

    同步数据

    # su -s /bin/sh -c "keystone-manage db_sync" keystone
    

    配置keystone用户

    “root” admin的用户密码

    # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
    # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
    
     keystone-manage bootstrap --bootstrap-password root 
      --bootstrap-admin-url http://controller:35357/v3/ 
      --bootstrap-internal-url http://controller:5000/v3/ 
      --bootstrap-public-url http://controller:5000/v3/ 
      --bootstrap-region-id RegionOne
    

    配置httpd

    # vim /etc/httpd/conf/httpd.conf
    ServerName controller
    
    # ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
    
    # systemctl enable httpd.service
    # systemctl start httpd.service
    

    配置变量

    $ export OS_USERNAME=admin
    $ export OS_PASSWORD=root
    $ export OS_PROJECT_NAME=admin
    $ export OS_USER_DOMAIN_NAME=Default
    $ export OS_PROJECT_DOMAIN_NAME=Default
    $ export OS_AUTH_URL=http://controller:35357/v3
    $ export OS_IDENTITY_API_VERSION=3
    

    创建服务及用户

    $ openstack project create --domain default 
      --description "Service Project" service
    
    $ openstack project create --domain default 
      --description "Demo Project" demo
    
    $ openstack user create --domain default 
      --password-prompt demo
    
    $ openstack role create user
    
    $ openstack role add --project demo --user demo user
    

    停用临时token

    vim /etc/keystone/keystone-paste.ini
    
    [pipeline:public_api]
    [pipeline:admin_api]
    [pipeline:api_v3]
    
    删除admin_token_auth
    $ unset OS_AUTH_URL OS_PASSWORD
    

    生产token

    $ openstack --os-auth-url http://controller:35357/v3 
      --os-project-domain-name default --os-user-domain-name default 
      --os-project-name admin --os-username admin token issue
    
    $ openstack --os-auth-url http://controller:5000/v3 
      --os-project-domain-name default --os-user-domain-name default 
      --os-project-name demo --os-username demo token issue
    

      

    创建变量文件用于openstack客户端

    # vim admin-openrc
    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_NAME=admin
    export OS_USERNAME=admin
    export OS_PASSWORD=root
    export OS_AUTH_URL=http://controller:35357/v3
    export OS_IDENTITY_API_VERSION=3
    export OS_IMAGE_API_VERSION=2
    
    # vim demo-openrc
    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_NAME=demo
    export OS_USERNAME=demo
    export OS_PASSWORD=demo
    export OS_AUTH_URL=http://controller:5000/v3
    export OS_IDENTITY_API_VERSION=3
    export OS_IMAGE_API_VERSION=2
    

    验证配置

    $ . admin-openrc
    
    $ openstack token issue
    
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2016-02-12T20:44:35.659723Z                                     |
    | id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
    |            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
    |            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
    | project_id | 343d245e850143a096806dfaefa9afdc                                |
    | user_id    | ac3377633149401296f6c0d92d79dc16                                |
    +------------+-----------------------------------------------------------------+
    

      

      

  • 相关阅读:
    Raspberry PI B+ debian + wifi 网络设置
    数据库表结构对比同步mysqldiff
    Wysiwyg Editors 标签过滤
    常用MySQL语句
    解决"is marked as crashed and should be repaired"方法
    Selinux在HTTP+PHP服务中的安全权限修改
    基本运用(一个一个字读)
    C语言基础四(敲打键盘、寻找资料,循环语句)请一个个字读,助于您的学会机率
    C语言基础三(敲打键盘、寻找资料,循环语句)
    C语言基础二(敲打键盘、寻找资料)
  • 原文地址:https://www.cnblogs.com/37yan/p/6934261.html
Copyright © 2020-2023  润新知