zoukankan      html  css  js  c++  java
  • 3.安装OpenStack-keystone

    安装keystone(控制器上安装)

    使用root用户访问数据库

    mysql -uroot -ptoyo123
    CREATE DATABASE keystone;
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' 
      IDENTIFIED BY 'toyo123';
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' 
      IDENTIFIED BY 'toyo123';
    exit

    生成令牌 后面会用到的需要记住

    openssl rand -hex 10
    
    4f0f715c2cdcce1bb59e

    安装keystone程序包

           

    yum install –y openstack-keystone python-keystoneclient

    启动memcached服务并将其配置为开机自启动

        

    systemctl enable memcached.service
    systemctl start memcached.service

    编辑/etc/keystone/keystone.conf文件

           

    mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf_bak
    vim /etc/keystone/keystone.conf
       
    [DEFAULT]
       
    admin_token     = 4f0f715c2cdcce1bb59e
       
    log_dir = /var/log/keystone
       
    verbose = True
       
     
       
    [database]
       
    connection = mysql://keystone:toyo123@controller/keystone
       
     
       
    [memcache]
       
    servers = localhost:11211
       
     
       
    [token]
       
    provider = keystone.token.providers.uuid.Provider
       
    driver =     keystone.token.persistence.backends.sql.Token
        
       
    [revoke]
       
    driver = keystone.contrib.revoke.backends.sql.Revoke

    创建通用的证书和密钥,并限制访问相关的文件与填充身份服务数据库

    keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
    chown -R keystone:keystone /var/log/keystone
    chown -R keystone:keystone /etc/keystone/ssl
    chmod -R o-rwx /etc/keystone/ssl
    su -s /bin/sh -c "keystone-manage db_sync" keystone

    启动身份服务并将其配置为开机自启动      

    systemctl enable openstack-keystone.service
    systemctl start openstack-keystone.service

    我建议您使用 cron配置周期性任务是清除过期令牌小时: 

    (crontab -l -u keystone 2>&1 | grep -q token_flush) || 
      echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' 
      >> /var/spool/cron/keystone

    配置系统环境

    export OS_SERVICE_TOKEN=4f0f715c2cdcce1bb59e
    export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

    创建租户,用户和角色

    keystone tenant-create --name admin --description "Admin Tenant"
    keystone user-create --name admin --pass Abcd1234 --email test@test.com
    keystone role-create --name admin
    keystone user-role-add --user admin --tenant admin --role admin

    创建演示租户和用户环境与服务租户

    keystone tenant-create --name demo --description "Demo Tenant"
    keystone user-create --name demo --tenant demo --pass Abcd1234 --email test@test.com
    keystone user-role-add --user demo -—tenant demo --role demo
    keystone tenant-create --name service --description "Service Tenant"

     

    创建服务实体和API端点

    keystone service-create --name keystone --type identity 
      --description "OpenStack Identity"
    keystone endpoint-create 
      --service-id $(keystone service-list | awk '/ identity / {print $2}') 
      --publicurl http://controller:5000/v2.0 
      --internalurl http://controller:5000/v2.0 
      --adminurl http://controller:35357/v2.0 
      --region regionOne

     

    取消设置临时的临时OS_SERVICE_TOKEN和 OS_SERVICE_ENDPOINT环境变量:

    不要取消环境变量可能会造成一些问题,这里只是告诉大家怎么取消

    unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

     

    验证keystone:

               

    keystone --os-tenant-name admin --os-username admin --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 token-get
    keystone --os-tenant-name admin --os-username admin --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 tenant-list
    keystone --os-tenant-name admin --os-username admin --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 user-list
    keystone --os-tenant-name admin --os-username admin --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 role-list
    keystone --os-tenant-name demo --os-username demo --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 token-get
    keystone --os-tenant-name demo --os-username demo --os-password Abcd1234 
      --os-auth-url http://controller:35357/v2.0 user-list

     

  • 相关阅读:
    facebook开源前端UI框架React初探
    javascript中数组的map方法
    处理 InterruptedException——Brian Goetz
    eclipse 打开是报错"reload maven project has encountered a problem"
    Java并发大师Brain Goetz和Doug Lea 的中英文博客文章地址
    修复 Java 内存模型,第 2 部分——Brian Goetz
    修复 Java 内存模型,第 1 部分——Brian Goetz
    正确使用 Volatile 变量——Brian Goetz
    mysql数据备份
    小知识点
  • 原文地址:https://www.cnblogs.com/cainiaoit/p/6533176.html
Copyright © 2011-2022 走看看