• 3. Configure the Identity Service


    Controller Node:
    安装认证服务:
    1. sudo apt-get install keystone
     
    2. sudo vi /etc/keystone/keystone.conf
    [database]
    # The SQLAlchemy connection string used to connect to the database
    connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
     
    3. sudo rm /var/lib/keystone/keystone.db
     
    4. 创建数据库
    mysql -u root -p
    CREATE DATABASE keystone;
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; 
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'KEYSTONE_DBPASS'; 
     
    5. su -s /bin/sh -c "keystone-manage db_sync" keystone
     
    6. openssl rand -hex 10
     
    7. sudo vi /etc/keystone/keystone.conf
    [DEFAULT]
    admin_token = ADMIN_TOKEN (用6中生成的字符串替换这里)
    log_dir = /var/log/keystone
     
    8. sudo service keystone restart
     
    创建用户,租户,角色:
    1. 
    export OS_SERVICE_TOKEN=ADMIN_TOKEN
    export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
     
    2. 创建管理员
    keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
    keystone role-create --name=admin
    keystone tenant-create --name=admin --description="Admin Tenant"
    keystone user-role-add --user=admin --tenant=admin --role=admin
    keystone user-role-add --user=admin --role=_member_ --tenant=admin
     
    3. 创建普通用户
    keystone user-create --name=demo --pass=DEMO_PASS --email=DEMO_EMAIL
    keystone tenant-create --name=demo --description="Demo Tenant"
    keystone user-role-add --user=demo --role=_member_ --tenant=demo
     
    4. 创建服务租户
    keystone tenant-create --name=service --description="Service Tenant"
     
    定义服务和应用程序接口:
    1. keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
    2. keystone endpoint-create
      --service-id=$(keystone service-list | awk '/ identity / {print $2}')
      --publicurl=http://controller:5000/v2.0
      --internalurl=http://controller:5000/v2.0
      --adminurl=http://controller:35357/v2.0
     
    验证认证服务是否安装成功:
    1. unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
     
    2. keystone --os-username=admin --os-password=ADMIN_PASS --os-auth-url=http://controller:35357/v2.0 token-get
     
    3. keystone --os-username=admin --os-password=ADMIN_PASS
      --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0
      token-get
     
    4. sudo vi admin-openrc.sh
    export OS_USERNAME=admin
    export OS_PASSWORD=ADMIN_PASS
    export OS_TENANT_NAME=admin
    export OS_AUTH_URL=http://controller:35357/v2.0
     
    5. source admin-openrc.sh
     
    6. keystone token-get
     
    7. keystone user-list
     
    8. keystone user-role-list --user admin --tenant admin
  • 相关阅读:
    hive 三种启动方式及用途
    Nodejs根据字符串调用对象方法
    Hive原理与不足
    [置顶] 面向领域概念:流的思考
    curl的使用
    mysql知识点总结
    中文字符串反转
    《c陷阱与缺陷》之贪心法
    静态数据成员和静态成员函数
    常成员函数 int fun() const;
  • 原文地址:https://www.cnblogs.com/IvanChen/p/4489386.html
Copyright © 2020-2023  润新知