zoukankan      html  css  js  c++  java

  • OpenStack 安装:keystone服务

    在前面的章节里面,我们配置了基本环境,也安装keystone服务,并且创建了keystone的数据库,在这一篇里面,我们说怎么配置keystone。

    首先编辑keystone服务,需要修改如下数据

    编辑 /etc/keystone/keystone.conf

    [database]
# ...
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
    [token]
# ...
provider = fernet

    将keystone服务同步到数据库

    [root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

    验证同步是否成功,如果成功,应该有如下输出

    [root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group | 
| region |
| request_token |
| revocation_event | 
| role | 
| sensitive_config | 
| service |
| service_provider | 
| token |
| trust |
| trust_role |
| user |
| user_group_membership | 
| user_option |
| whitelisted_config |

    初始化Fernet key 资源库

    [root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]#

    验证初始化是否成功,如果fernet-keys & credential-keys 下面多了两个文件,则为正确

    [root@linux-node1 ~]# cd /etc/keystone/ 
    [root@linux-node1 keystone]# tree fernet-keys/ fernet-keys/
├── 0
└── 1
0 directories, 2 files
[root@linux-node1 keystone]# tree credential-keys/ credential-keys/
├── 0
└── 1
0 directories, 2 files

    启动keystone服务

    keystone-manage bootstrap --bootstrap-password admin 
  --bootstrap-admin-url http://192.168.56.11:35357/v3/ 
  --bootstrap-internal-url http://192.168.56.11:5000/v3/ 
  --bootstrap-public-url http://192.168.56.11:5000/v3/ 
  --bootstrap-region-id RegionOne

    因为keystone需要用httpd服务来运行,这里配置一下httpd.conf

    [root@linux-node1 keystone]# vim /etc/httpd/conf/httpd.conf 
#line 96:
ServerName 192.168.56.11:80

    创建链接

    [root@linux-node1 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

    将httpd启动并设置为开机启动

    [root@linux-node1 httpd]# systemctl start httpd
[root@linux-node1 httpd]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

    将前面遗漏的rabbitmq和database也设置为开机启动

    [root@linux-node1 httpd]# systemctl enable rabbitmq-server mariadb

    配置admin用户环境变量

    [root@linux-node1 ~]# cat admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3

    安装openstack客户端

    [root@linux-node1 ~]# yum install python-openstackclient openstack-selinux -y

    在本文档中,给每个服务用一个只包含唯一user的service project,现在创建这个 service project

    #首先需引入环境变量
[root@linux-node1 ~]# source admin-openstack.sh
    openstack project create --domain default 
  --description "Service Project" service
    +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | id | 773e022475654ab0a4fbbfd66dec62bd | | is_domain | False | name | service | | parent_id | default | +-------------+----------------------------------+ [root@linux-node1 ~]#

    一般的任务应该有一个未授权的项目和user,现在我们创建这个demo(non-admin)用户和项目

    openstack project create --domain default 
      --description "Demo Project" demo 
+-------------+----------------------------------+
| Field | Value | 
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True
| id | 1d5b969df6da43e69e4a956297404f5c |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+ 

    
Create the demo user:
openstack user create --domain default 
      --password-    prompt demo
User Password:
Repeat User Password: 
+---------------------+----------------------------------+ 
| Field | Value | 
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 291f02337e514343a09a92932a86fd22 |
| name | demo
|  options | {} |
| password_expires_at | None |
+-----------+----------------------------------+

    创建user角色

    [root@linux-node1 ~]# openstack role create user 
+-----------+----------------------------------+
| Field | Value | 
+-----------+----------------------------------+
| domain_id | None |
| id | 8996a91ed1214d82b107ca0e9aa94b15 | 
| name | user |
+-----------+----------------------------------+

    将user角色赋予demo project 和user

    [root@linux-node1 ~]# openstack role add --project demo --user demo user
[root@linux-node1 ~]#

    验证刚才所做的操作

    首先unset环境变量 OS_AUTH_URL and OS_PASSWORD 

    [root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD

    用admin用户生成token

    openstack --os-auth-url http://192.168.56.11:35357/v3 
  --os-project-domain-name Default --os-user-domain-name Default 
  --os-project-name admin --os-username admin token issue
Password:
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value
|
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| expires    | 2018-01-11T07:31:39+0000 |
| id         | gAAAAABaVwTLT729scUG7kebG-S6MuXD2Ta9caG-
IowiOBR5D4yQhs3xFdZTBEFbc-XKSzdpnJxT-
J6DeQPy0uIZOExYFReTs_938NpQ5CWl_AzwNn5ZTAKrzj41d7_rQX6GYHLWDv4HGJG8_lTp_Ba9N0nsY
oDJ13r3pMJ28qgk1KT56T8L9Ys |
| project_id | fb6761ab3d3d43569d5fdfafcdfa5e28 |
| user_id    | d010fba89633421a800698b0e5300d50 |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
[root@linux-node1 ~]#

    用demo用户生成token

    openstack --os-auth-url http://192.168.56.11:5000/v3 
  --os-project-domain-name Default --os-user-domain-name Default 
  --os-project-name demo --os-username demo token issue
Password:
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| expires    | 2018-01-11T07:34:04+0000 |
| id         | gAAAAABaVwVcKzYPlTB9sg-
x21HDgCyCBqujQO4dqDaawlOSBixQFiSnFgRCiNx48MsLrLsGmX1o6HqcBOo84xPBy1UQIfUQlNhszd5
a_FpkHjY9AK61QTWV-AKBCzGUNJzyT7PNzs82ANF1K5dOltTsDVx40pmYMc0C6zXjIjHZsU2yuVLPOmY
|
| project_id | 1d5b969df6da43e69e4a956297404f5c |
| user_id    | 291f02337e514343a09a92932a86fd22 |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+

    编辑demo用户的环境变量

    [root@linux-node1 ~]# cat demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

    导入demo环境变量,用openstack token issue可以直接为demo用户生成token

    [root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value
|
+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+
| expires | 2018-01-11T07:37:38+0000 |
| id | gAAAAABaVwYysLrhxRdCprzhvU6r1S_kG3qo6bLNxjpq2IX_Ezwg1dAjnqPGXHMD5nYzqVyGViZQtJ5p W8IJDv0JN6Y9nT1hDbD-P- BRrhw0ki6eaSgoR0PiofIK1DmT3EV_RkPWT0Gd_CnEjbJFM6UcNts6E8tVsXku3vJZPG2GmIXcwLlqza M|
| project_id | 1d5b969df6da43e69e4a956297404f5c |
| user_id | 291f02337e514343a09a92932a86fd22 |
+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+
[root@linux-node1 ~]#

    同理也可导入admin环境变量,用openstack token issue为admin用户生成环境变量

    keystone服务的安装配置介绍到这里
  • 相关阅读:
    Python基础之:数字字符串和列表
    【Flutter 实战】自定义动画-涟漪和雷达扫描
    【Flutter 实战】动画序列、共享动画、路由动画
    kubernetes备份恢复之velero
    Go语言中使用K8s API及一些常用API整理
    Go SDK 操作Docker
    Kubernetes中各组件简介(一)
    HTTPS协议原理解析
    树莓派无屏上手指南
    如何优雅的进行版本回退
  • 原文地址:https://www.cnblogs.com/nurruden/p/8270059.html
Copyright © 2011-2022 走看看