openstack私有云布署实践【8.1 身份认证keystone的API创建（科兴环境）】

zoukankan html css js c++ java

openstack私有云布署实践【8.1 身份认证keystone的API创建（科兴环境）】

其中一台controller上面加入环境变量，我选kxcontroller1，关注的是endpoint的名称不一样，其它创建的参数与测试环境一致

export OS_TOKEN=venicchina

export OS_URL=http://kxcontroller:35357/v3

export OS_IDENTITY_API_VERSION=3

其中一台controller开始创

openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Identity |

| enabled | True |

| id | 4ddaae90388b4ebc9d252ec2252d8d10 |

| name | keystone |

| type | identity |

+-------------+----------------------------------+

openstack endpoint create --region RegionTwo identity public http://kxcontroller:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id | 30fff543e7dc4b7d9a0fb13791b78bf4 |

| interface | public |

| region | RegionTwo |

| region_id | RegionTwo |

| service_id | 8c8c0927262a45ad9066cfe70d46892c |

| service_name | keystone |

| service_type | identity |

| url | http://kxcontroller:5000/v2.0 |

+--------------+----------------------------------+

openstack endpoint create --region RegionTwo identity internal http://kxcontroller:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id | 57cfa543e7dc4b712c0ab137911bc4fe |

| interface | internal |

| region | RegionTwo |

| region_id | RegionTwo |

| service_id | 6f8de927262ac12f6066cfe70d99ac51 |

| service_name | keystone |

| service_type | identity |

| url | http://kxcontroller:5000/v2.0 |

+--------------+----------------------------------+

openstack endpoint create --region RegionTwo identity admin http://kxcontroller:35357/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id | 78c3dfa3e7dc44c98ab1b1379122ecb1 |

| interface | admin |

| region | RegionTwo |

| region_id | RegionTwo |

| service_id | 34ab3d27262ac449cba6cfe704dbc11f |

| service_name | keystone |

| service_type | identity |

| url | http://controller:35357/v2.0 |

+--------------+----------------------------------+

创建其它

openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Admin Project |

| domain_id | default |

| enabled | True |

| id | 343d245e850143a096806dfaefa9afdc |

| is_domain | False |

| name | admin |

| parent_id | None |

+-------------+----------------------------------+

创建admin用户的访问密码

openstack user create --domain default --password-prompt admin

User Password:

Repeat User Password:

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | ac3377633149401296f6c0d92d79dc16 |

| name | admin |

+-----------+----------------------------------+

openstack role create admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id | cd2cb9a39e874ea69e5d4b896eb16128 |

| name | admin |

+-------+----------------------------------+

openstack role add --project admin --user admin admin

openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Service Project |

| domain_id | default |

| enabled | True |

| id | 894cdfa366d34e9d835d3de01e752262 |

| is_domain | False |

| name | service |

| parent_id | None |

+-------------+----------------------------------+

openstack project create --domain default --description "Demo Project" demo

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Demo Project |

| domain_id | default |

| enabled | True |

| id | ed0b60bf607743088218b0a533d5943f |

| is_domain | False |

| name | demo |

| parent_id | None |

+-------------+----------------------------------+

设置demo密码

openstack user create --domain default --password-prompt demo

User Password:

Repeat User Password:

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | 58126687cbcc4888bfa9ab73a2256f27 |

| name | demo |

+-----------+----------------------------------+

openstack role create user

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id | 997ce8d05fc143ac97d83fdfb5998552 |

| name | user |

+-------+----------------------------------+

openstack role add --project demo --user demo user

开始验证

第一步

vi /usr/share/keystone/keystone-dist-paste.ini

-------

在 [pipeline:public_api],[pipeline:admin_api], and [pipeline:api_v3]这三个配置项中，删除admin_token_auth

-----

第二步

取消刚才预设的环境变量

unset OS_TOKEN OS_URL

第三步，执行验证

openstack --os-auth-url http://kxcontroller:35357/v3 \

--os-project-domain-id default --os-user-domain-id default \

--os-project-name admin --os-username admin --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field | Value |

+------------+----------------------------------+

| expires | 2015-03-24T18:55:01Z |

| id | ff5ed908984c4a4190f584d826d75fed |

| project_id | cf12a15c5ea84b019aec3dc45580896b |

| user_id | 4d411f2291f34941b30eef9bd797505a |

+------------+----------------------------------+

openstack --os-auth-url http://kxcontroller:5000/v3 \

--os-project-domain-id default --os-user-domain-id default \

--os-project-name demo --os-username demo --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field | Value |

+------------+----------------------------------+

| expires | 2014-10-10T12:51:33Z |

| id | 1b87ceae9e08411ba4a16e4dada04802 |

| project_id | 4aa51bb942be4dd0ac0555d7591f80a6 |

| user_id | 7004dfa0dda84d63aef81cf7f100af01 |

+------------+----------------------------------+

创建2台kxcontroller的登录脚本

cd /root/

vi admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD='你刚才设置的admin密码'

export OS_AUTH_URL=http://kxcontroller:35357/v3

export OS_IDENTITY_API_VERSION=3

vi demo-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=demo

export OS_TENANT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD='你刚才设置的demo密码'

export OS_AUTH_URL=http://kxcontroller:5000/v3

export OS_IDENTITY_API_VERSION=3

基于环境变量快捷登录，验证

source admin-openrc.sh

openstack token issue

本文版权归作者和博客园共有，欢迎转载，但未经作者同意必须保留此段声明，且在文章页面明显位置给出原文链接，负责保留追究法律责任的权利。

查看全文

相关阅读:
电子辅助的个体化严密控制策略比常规方法更有效地帮助早期RA实现全面控制病情[EULAR2015_THU0122]
超声和免疫学指标的特征能否反映RA临床缓解的表型？[EULAR2015_THU0121]
依那西普减量维持过程中RA病人自报病情复发可能预示未来放射学进展[EULAR2015_SAT0147]
RETRO研究: 持续缓解的RA患者的减量维持方案[EULAR2015_SAT0056]
OPTIRRA研究: TNF拮抗剂维持期优化减量方案[EULAR2015_SAT0150]
与时俱进的治疗策略不断提高RA无药缓解机会[EULAR2015_SAT0058]
雷公藤多甙治疗类风湿关节炎遭质疑
 我的博客今天2岁203天了，我领取了先锋博主徽章
 MyEclipse中最常用的快捷键大全
 MyEclipse无法打开jsp文件（打开是空白的），但是可以打开java文件

原文地址：https://www.cnblogs.com/veniceslove/p/6285833.html