• 3. Configure the Identity Service


    Controller Node:
    安装认证服务:
    1. sudo apt-get install keystone
     
    2. sudo vi /etc/keystone/keystone.conf
    [database]
    # The SQLAlchemy connection string used to connect to the database
    connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
     
    3. sudo rm /var/lib/keystone/keystone.db
     
    4. 创建数据库
    mysql -u root -p
    CREATE DATABASE keystone;
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; 
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'KEYSTONE_DBPASS'; 
     
    5. su -s /bin/sh -c "keystone-manage db_sync" keystone
     
    6. openssl rand -hex 10
     
    7. sudo vi /etc/keystone/keystone.conf
    [DEFAULT]
    admin_token = ADMIN_TOKEN (用6中生成的字符串替换这里)
    log_dir = /var/log/keystone
     
    8. sudo service keystone restart
     
    创建用户,租户,角色:
    1. 
    export OS_SERVICE_TOKEN=ADMIN_TOKEN
    export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
     
    2. 创建管理员
    keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
    keystone role-create --name=admin
    keystone tenant-create --name=admin --description="Admin Tenant"
    keystone user-role-add --user=admin --tenant=admin --role=admin
    keystone user-role-add --user=admin --role=_member_ --tenant=admin
     
    3. 创建普通用户
    keystone user-create --name=demo --pass=DEMO_PASS --email=DEMO_EMAIL
    keystone tenant-create --name=demo --description="Demo Tenant"
    keystone user-role-add --user=demo --role=_member_ --tenant=demo
     
    4. 创建服务租户
    keystone tenant-create --name=service --description="Service Tenant"
     
    定义服务和应用程序接口:
    1. keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
    2. keystone endpoint-create
      --service-id=$(keystone service-list | awk '/ identity / {print $2}')
      --publicurl=http://controller:5000/v2.0
      --internalurl=http://controller:5000/v2.0
      --adminurl=http://controller:35357/v2.0
     
    验证认证服务是否安装成功:
    1. unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
     
    2. keystone --os-username=admin --os-password=ADMIN_PASS --os-auth-url=http://controller:35357/v2.0 token-get
     
    3. keystone --os-username=admin --os-password=ADMIN_PASS
      --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0
      token-get
     
    4. sudo vi admin-openrc.sh
    export OS_USERNAME=admin
    export OS_PASSWORD=ADMIN_PASS
    export OS_TENANT_NAME=admin
    export OS_AUTH_URL=http://controller:35357/v2.0
     
    5. source admin-openrc.sh
     
    6. keystone token-get
     
    7. keystone user-list
     
    8. keystone user-role-list --user admin --tenant admin
  • 相关阅读:
    python机器学习基础教程-鸢尾花分类
    LaTeX实战经验:如何写算法
    Latex公式最好的资料
    BibTex (.bib) 文件的注释
    Latex中参考文献排序
    LATEX双栏最后一页如何平衡两栏内容
    Latex强制图片位置
    Endnote输出Bibtex格式
    redis学习
    20180717
  • 原文地址:https://www.cnblogs.com/IvanChen/p/4489386.html
Copyright © 2020-2023  润新知