openstack学习-KeyStone安装（二）

一、安装keystone

# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

二、设置Memcache开启启动并启动Memcached

[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.56.11,::1"
[root@linux-node1 ~]# systemctl start memcached.service

三、Keystone配置

1、配置KeyStone数据库

[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone

2、设置Token和Memcached

[token]
provider = fernet

3、同步数据库

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"

4、初始化fernet keys

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5、初始化keystone

[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin 
 --bootstrap-admin-url http://192.168.56.11:35357/v3/ 
 --bootstrap-internal-url http://192.168.56.11:35357/v3/ 
 --bootstrap-public-url http://192.168.56.11:5000/v3/ 
 --bootstrap-region-id RegionOne

6、验证Keystone修改的配置

[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet

7、修改httpd配置

[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf

ServerName 192.168.56.11:80

8、创建软连接

[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

四、启动Keystone

[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service

五、设置环境变量

[root@linux-node1 ~]# export OS_USERNAME=admin
[root@linux-node1 ~]# export OS_PASSWORD=admin
[root@linux-node1 ~]# export OS_PROJECT_NAME=admin
[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3

六、创建项目和demo用户

# openstack project create --domain default --description "Demo Project" demo  --创建一个demo的项目
# openstack user create --domain default --password demo demo   --创建一个用户为demo 密码为demo的用户
# openstack role create user    --创建一个角色为user
# openstack role add --project demo --user demo user  --把demo的用户加入到demo的项目中并赋予user角色

七、创建Service项目

openstack project create --domain default --description "Service Project" service  --创建一个服务的项目为service

八、用户创建

1、创建glance用户

# openstack user create --domain default --password glance glance --创建一个glance用户，密码为glance
# openstack role add --project service --user glance admin  --把glance用户加入到service这个服务项目中，并授予admin角色

2、创建nova用户

# openstack user create --domain default --password nova nova  --创建一个nova用户，密码为nova

# openstack role add --project service --user nova admin  --把nova用户加入到service这个服务项目中，并授予admin角色

3、创建placement用户

# openstack user create --domain default --password placement placement --创建一个placement用户，密码为placement

# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中，并授予admin角色

4、创建Neutron用户

# openstack user create --domain default --password neutron neutron --创建一个neutron用户，密码为neutron

# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中，并授予admin角色

5、创建cinder用户（本次用不到）

# openstack user create --domain default --password cinder cinder
# openstack role add --project service --user cinder admin

九、验证Keystone

[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD  ##清除环境变量
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 
--os-project-domain-name default --os-user-domain-name default 
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 
--os-project-domain-name default --os-user-domain-name default 
--os-project-name demo --os-username demo token issue
Password:

十、环境变量脚本

[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

十一、验证

[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-11-22T15:37:36+0000                                                                                                                                                                |
| id         | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI |
| project_id | 41501647e47f4eb3880b17ef9776e2c1                                                                                                                                                        |
| user_id    | 320ded70f6ea46c0bd640f7b7802d7de                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-11-22T15:38:06+0000                                                                                                                                                                |
| id         | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ |
| project_id | 61a918afeae24861ae08d0944737890c                                                                                                                                                        |
| user_id    | f3922f1b44e3483995e23aaf855161c0                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  user list
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17)
[root@linux-node1 ~]# 
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  user list
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 2bb9ce88ae5649b58a2879e53bf60017 | glance    |
| 320ded70f6ea46c0bd640f7b7802d7de | admin     |
| 36d1834f4a524e4383068e193b042a0b | neutron   |
| 7fedca53c5bc42cebc396b5b690968d4 | nova      |
| f120f4c6fa074e76a2367b7b103b6c6f | placement |
| f3922f1b44e3483995e23aaf855161c0 | demo      |
+----------------------------------+-----------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  role  list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| aef5b0e9aca441c5aaaff560b15e2a46 | user  |
| c4229971a0834e629dcb69dc7a0b10cd | admin |
+----------------------------------+-------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  project  list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 41501647e47f4eb3880b17ef9776e2c1 | admin   |
| 61a918afeae24861ae08d0944737890c | demo    |
| 6d0619edd470440abea5805ff47b4f1a | service |
+----------------------------------+---------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  service  list
+----------------------------------+-----------+-----------+
| ID                               | Name      | Type      |
+----------------------------------+-----------+-----------+
| 7a75ea530f2d4af59e3ab423bd47a11b | keystone  | identity  |
+----------------------------------+-----------+-----------+
[root@linux-node1 ~]# 
[root@linux-node1 ~]# 
[root@linux-node1 ~]# openstack  endpoint  list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                            |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.56.11:35357/v3/ |
| cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone     | identity     | True    | public    | http://192.168.56.11:5000/v3/  |
| f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.56.11:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

如果用户和密码写错了，就需要删除了重新创建，可以查看帮组信息 openstack   user --help

openstack  user  delete  用户的id

同理role、project、service、endpoint都是同样操作