openstack验证服务keystone

keystone主要负责：
用户 认证：用户权限与用户行为追踪；
服务目录：提供一个服务目录，包括所有服务项与相关Api的端点

//安装Keystone所需组件（控制节点）
yum install -y openstack-keystone httpd mod_wsgi

//编辑etc/keystone/keystone.conf 配置keystone（控制节点）
vi /etc/keystone/keystone.conf
************************************************************************
#connection = <None> 改为 connection = mysql+pymysql://keystone:keystone@192.168.2.11/keystone
(661行)
provider = fernet（去掉注释）
（2774行）

同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
测试同步数据库是否成功
mysql -h 192.168.2.11 -ukeystone -pkeystone -e "use keystone;show tables;"
初始化keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password admin
--bootstrap-admin-url http://192.168.2.11:35357/v3/
--bootstrap-internal-url http://192.168.2.11:5000/v3/
--bootstrap-public-url http://19.168.2.11:5000/v3/
--bootstrap-region-id RegionOne

//配置apache服务器
vi /etc/httpd/conf/httpd.conf
*************************************************************************
ServerName 192.168.2.11:80

(95行)

创建软链接:

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

systemctl enable httpd
systemctl start httpd
systemctl enable rabbitmq-server mariadb

配置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.2.11:35357/v3
export OS_IDENTITY_API_VERSION=3

安装openstack命令
yum install -y python-openstackclient openstack-selinux

创建项目（server）：openstack project create --domain default --description "Service Project" service

[root@localhost conf.d]# openstack project create --domain default
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 53e9f6918d1748dcbba1e826826f0ab3 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+

创建项目（demo）：openstack project create --domain default --description "Demo Project" demo

[root@localhost conf.d]# openstack project create --domain default
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | d6b069f841ce44749153bc1fb9be4f0e |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+

创建demo用户:openstack user create --domain default --password-prompt demo

[root@localhost conf.d]# openstack user create --domain default
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e9b0a1c05d1d4bc28c17de967f074c49 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#密码demo

创建一个user角色：openstack role create user

[root@localhost conf.d]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | b27542b0c88e4fbcbf7d10592e8e1fba |
| name | user |
+-----------+----------------------------------+

给项目添加角色：openstack role add --project demo --user demo user

验证
重置``OS_TOKEN``和``OS_URL`` 环境变量：

unset OS_AUTH_URL OS_PASSWORD

用admin用户获取token:
openstack --os-auth-url http://192.168.2.11:35357/v3
--os-project-domain-name default --os-user-domain-name default
--os-project-name admin --os-username admin token issue

[root@localhost conf.d]# openstack --os-auth-url http://192.168.2.11:35357/v3
> --os-project-domain-name default --os-user-domain-name default
> --os-project-name admin --os-username admin token issue
Password: (admin)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-11-01T04:58:28+0000 |
| id | gAAAAABb2nnkVl-DCKKY-f-sDFprra3iTxFrKkx-8TVC275vY3Vaa45lAKXzGvFUwtAuu9gZAnv3pJgpslXlU2VGNx918_4IEgGZH9AhwrzHOWYSA0j9llAW0zT5CPOqrxqHcuENLXVDYVsy8mvY3VbPgeUL906YnaiFbV92r1R8SFEpKLuylJ4 |
| project_id | d1ae9fb1fde54e349148b966df2fa951 |
| user_id | 51984c978be44a32898e11ed114fd8a9 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

用demo用户获取token
openstack --os-auth-url http://192.168.2.11:5000/v3
--os-project-domain-name default --os-user-domain-name default
--os-project-name demo --os-username demo token issue

[root@localhost conf.d]# openstack --os-auth-url http://192.168.2.11:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password: (demo)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-11-01T05:13:06+0000 |
| id | gAAAAABb2n1SAad3YsAw_sw_QIsOMBS4Wk2HBGW1zd8godaC8kuHsQV_sO-QiFQN5D6V5QaGO9AhjGIBxtu6J-nRarPdZWZbL1x3ZBzg4oVznhy74gotVwxbOwAvmCY6rWdcxAUgXKw5x6Nzgip3OZXmmhDWebawl17BmPX1GUL_k0QSa_I3DYo |
| project_id | d6b069f841ce44749153bc1fb9be4f0e |
| user_id | e9b0a1c05d1d4bc28c17de967f074c49 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

创建环境变量脚本
vim /admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.2.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

vim /demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.2.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

测试这两种环境变量能否获取token：
source /admin-openstack.sh
openstack token issue

source /demo-openstack.sh
openstack token issue