zoukankan      html  css  js  c++  java

  • openstack搭建之-keystone配置(8)

     

    一、 Base Node配置

    mysql -uroot -proot

    CREATE DATABASE keystone

    GRANT ALL PRIVILEGES ON keystone.* to 'keystone'@'localhost'IDENTIFIED BY 'KEYSTONE_DBPASS';

    SHOW DATABASES;

    EXIT

    二、 ctrl Node(控制节点)配置

    #网卡1:eth0

    IP:172.16.2.52/16,网关:172.16.0.1,DNS:172.16.2.51。

     

    #网卡2:eth1

    vim /etc/sysconfig/network-scripts/ifcfg-eth1

    TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03

     

    #NTP Server配置

    yum install python-openstackclient

    vim /etc/chrony.conf

    server base.test.com

    systemctl restart chronyd.service

    systemctl enable chronyd.service

    chronyc sources -v

    #安装openstack-keystone软件

    yum install python-openstackclient -y

    yum install openstack-selinux -y

    yum install openstack-keystone httpd mod_wsgi -y

     

    #编辑配置文件

    vim /etc/keystone/keystone.conf

    [database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@base.test.com/keystone

[token] 
provider = fernet

     

    #初始化身份认证服务的数据库

    su -s /bin/sh -c "keystone-manage db_sync" keystone

     

    #初始化fernet秘钥存储库

    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

    keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

     

    #引导identify service

    keystone-manage bootstrap --bootstrap-password ADMIN_PASS 
--bootstrap-admin-url  http://ctrl.test.com:35357/v3/ 
--bootstrap-internal-url  http://ctrl.test.com:5000/v3/ 
--bootstrap-public-url  http://ctrl.test.com:5000/v3/ 
--bootstrap-region-id RegionOne

     

    #HTTP配置

    vim /etc/httpd/conf/httpd.conf

    ServerName ctrl.test.com

     

    #创建软连接,启动hhtpd时启动wsgi模块(端口为5000和35357)

    ln -s /usr/share/keystone/wsgi-keystone.conf  /etc/httpd/conf.d/

    #启动http服务

    systemctl restart httpd

    systemctl enable httpd

    systemctl status httpd

     

    #环境变量(配置管理账户)

    export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3

     

    #创建项目、用户和角色

    openstack project create --domain default --description "Server Project" service

    openstack project create --domain default --description "Demo Project" demo

    openstack user create --domain default --password DEMO_PASS demo

    openstack role create user

    openstack role add --project demo --user demo user

     

    #查看创建的项目和用户

    openstack project list、openstack user list

     

    #校验操作,出于安全原因,禁用临时身份验证令牌机制

    vim /etc/keystone/keystone-paste.ini

    [pipeline:public_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension public_service


[pipeline:admin_api]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension s3_extension admin_service


[pipeline:api_v3]
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id (删除admin_token_auth) build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

     

    #删除OS_AUTH_URL OS-PASSWORD 临时环境变量

    unset OS_AUTH_URL OS_PASSWORD

     

    #作为管理用户,请求身份验证令牌

    openstack --os-auth-url http://ctrl.test.com:35357/v3

    --os-project-domain-name default

    --os-user-domain-name default

    --os-project-name admin

    --os-username admin token issue

    输入PASSWORD:ADMIN_PASS

     

    #作为demo用户,请求身份验证令牌

    openstack --os-auth-url http://ctrl.test.com:5000/v3

    --os-project-domain-name default

    --os-user-domain-name default

    --os-project-name demo

    --os-username demo token issue

    输入PASSWORD:DEMO_PASS

     

    #创建admin管理员运行脚本

    vim /root/admin-openrc

    #!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

     

    #创建demo用户运行脚本

    vim /root/demo-openrc

    #!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=HTTP://ctrl.test.com:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

     

    #测试

    . admin-openrc

    openstack token issue
  • 相关阅读:
    ubuntu 14.04 安装python包psycopg2
    vmare 往 virtualbox迁移
    docker-compose & docker 镜像/加速
    nodejs & npm & gulp 安装和配置
    airflow 优化
    airflow 部署
    windows 上vmare超卡的问题解决方案
    HDU 6781 Solo (贪心 + 优先队列)
    HDU 6779 Drink (最小费用流)
    HDU 6778 Car (状压DP)
  • 原文地址:https://www.cnblogs.com/chenli90/p/10351513.html
Copyright © 2011-2022 走看看