第一步:数据创建keystone的库
[root@zxw6 ~]# mysql -uroot -p123
create database keystone;
第二步:创建keystone的用户
grant all on keystone.* to keystone@localhost identified by 'zxw6';
给与远程登陆权限
grant all on keystone.* to keystone@'%' identified by 'zxw6';
第三步:下载安装keystone的主服务
[root@zxw6 ~]# yum install openstack-keystone httpd mod_wsgi -y
第四步:keystone配置文件
[root@zxw6 ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone:zxw6@zxw6/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
第五步:导入keystone数据库的内容
[root@zxw6 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
第六步:设置keystone的用和组
[root@zxw6 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
设置一个查看keystone时候从组里的用户查找
[root@zxw6 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
第七步:设置keystone的服务端点
[root@zxw6 ~]# keystone-manage bootstrap --bootstrap-password zxw6
--bootstrap-admin-url http://zxw6:35357/v3/ 管理
--bootstrap-internal-url http://zxw6:5000/v3/ 服务
--bootstrap-public-url http://zxw6:5000/v3/ 共享
--bootstrap-region-id RegionOne
第八步:修改httpd的配置文件
[root@zxw6 ~]# vim /etc/httpd/conf/httpd.conf
ServerName zxw6
第九步:软链接keystone到httpd
[root@zxw6 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@zxw6 ~]# ls /etc/httpd/conf.d/
autoindex.conf userdir.conf wsgi-keystone.conf
README welcome.conf
第十步:启动httpd
[root@zxw6 ~]# systemctl start httpd.service
[root@zxw6 ~]# systemctl enable httpd.service
第十一步:登录认证
[root@zxw6 ~]# vim openrc
export OS_USERNAME=admin 系统用户
export OS_PASSWORD=zxw6 用户密码
export OS_PROJECT_NAME=admin 工作项目名字
export OS_USER_DOMAIN_NAME=Default 用户工作的域
export OS_PROJECT_DOMAIN_NAME=Default 域的名字
export OS_AUTH_URL=http://zxw6:35357/v3 查找路径keystone
export OS_IDENTITY_API_VERSION=3 版本
~
第十二步:生效变量
[root@zxw6 ~]# source openrc
取消变量unset
第十三步:列出openstack用户
[root@zxw6 ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 8aca16a49b89486db6edc682e71f8403 | admin |
+----------------------------------+-------+
第十四步:创建项目
[root@zxw6 ~]# openstack project create --domain default
--description "Service Project" service
[root@zxw6 ~]# openstack project create --domain default
--description "Demo Project" demo
第十五步:创建用户并设置密码
[root@zxw6 ~]# openstack user create --domain default --password=zxw6 demo
第十六步:创建角色
[root@zxw6 ~]# openstack role create user
第十七步:设置deom用户到user角色
[root@zxw6 ~]# openstack role add --project demo --user demo user
手动输入密码
[root@zxw6 ~]# cat openrc
export OS_USERNAME=admin
export OS_PASSWORD=zxw6
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://zxw6:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@zxw6 ~]# unset OS_AUTH_URL OS_PASSWORD
[root@zxw6 ~]# openstack --os-auth-url http://zxw6:35357/v3
> --os-project-domain-name default --os-user-domain-name default
> --os-project-name admin --os-username admin token issue
Password:
+------------+------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------+
| expires | 2019-07-29T13:40:02+0000 |
| id | gAAAAABdPukih2C_J6L2ylhNxok6lOiF8RjGI2u-FVJanHvp0pmhsD1Soy |
| | bn6Kyt1TiS5QQpxry6DIgB7LriYKacoMgZMqTE7nVk1fTexuOqFMnE6Fi4 |
| | z2gnZPYOBL8gpT9CtUXDNj-c786G4xYv5Nh- |
| | jIsnhrTTuIc0MxJmfuAm5vAdnKbdpNU |
| project_id | 8affb35ba4134a8d8d120a0fad7cc85b |
| user_id | 8aca16a49b89486db6edc682e71f8403 |
+------------+------------------------------------------------------------+