openstack 部署笔记--keystone

控制节点

安装keystone包

# yum install openstack-keystone httpd mod_wsgi

keystone配置文件

# vim /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:root@controller/keystone

[token]
# ...
provider = fernet

同步数据

# su -s /bin/sh -c "keystone-manage db_sync" keystone

配置keystone用户

“root” admin的用户密码

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 keystone-manage bootstrap --bootstrap-password root 
  --bootstrap-admin-url http://controller:35357/v3/ 
  --bootstrap-internal-url http://controller:5000/v3/ 
  --bootstrap-public-url http://controller:5000/v3/ 
  --bootstrap-region-id RegionOne

配置httpd

# vim /etc/httpd/conf/httpd.conf
ServerName controller

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

# systemctl enable httpd.service
# systemctl start httpd.service

配置变量

$ export OS_USERNAME=admin
$ export OS_PASSWORD=root
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

创建服务及用户

$ openstack project create --domain default 
  --description "Service Project" service

$ openstack project create --domain default 
  --description "Demo Project" demo

$ openstack user create --domain default 
  --password-prompt demo

$ openstack role create user

$ openstack role add --project demo --user demo user

停用临时token

vim /etc/keystone/keystone-paste.ini

[pipeline:public_api]
[pipeline:admin_api]
[pipeline:api_v3]

删除admin_token_auth
$ unset OS_AUTH_URL OS_PASSWORD

生产token

$ openstack --os-auth-url http://controller:35357/v3 
  --os-project-domain-name default --os-user-domain-name default 
  --os-project-name admin --os-username admin token issue

$ openstack --os-auth-url http://controller:5000/v3 
  --os-project-domain-name default --os-user-domain-name default 
  --os-project-name demo --os-username demo token issue

　　

创建变量文件用于openstack客户端

# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=root
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

验证配置

$ . admin-openrc

$ openstack token issue

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:44:35.659723Z                                     |
| id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+