OpenStack(Queens)详细安装部署(二)-认证服务(keystone)安装
OpenStack(Queens)详细安装部署(二)-认证服务(keystone)安装 原创: 扶艾 码农这些事儿 5月10日 本文为扶艾原创文章,版权所有,禁止转载!
本篇文章是本系列的第二篇文章,将继续进行OpenStack的安装 三、安装认证服务
3.1 (控制节点)创建并配置keystone数据库
连接数据库
1# mysql -u root -pfuai123
注意:fuai123是之前设置的数据库密码
创建数据库
1MariaDB [(none)]> CREATE DATABASE keystone;
设置keystone数据库的访问权限
1MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ 2IDENTIFIED BY 'fuai123'; 3MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ 4IDENTIFIED BY 'fuai123';
3.2 (控制节点)安装并配置服务 - 安装软件包
1# yum install openstack-keystone httpd mod_wsgi -y
编辑/etc/keystone/keystone.conf并设置以下内容
1[database] 2connection = mysql+pymysql://keystone:fuai123@controller/keystone 3... 4 5[token] 6provider = fernet 7...
导入keystone数据库表结构、
1# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化
1# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 2# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导认证服务
1# keystone-manage bootstrap --bootstrap-password fuai123 \ 2 --bootstrap-admin-url http://controller:35357/v3/ \ 3 --bootstrap-internal-url http://controller:5000/v3/ \ 4 --bootstrap-public-url http://controller:5000/v3/ \ 5 --bootstrap-region-id RegionOne
3.3 (控制节点)配置apache服务 - 编辑/etc/httpd/conf/httpd.conf文件配置如下内容
1ServerName controller
创建链接文件
1# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
设置服务的开机启动
1# systemctl enable httpd.service 2# systemctl start httpd.service
3.4 (控制节点)创建相关域、项目、用户和角色 - 导入管理员环境变量信息
1# export OS_USERNAME=admin 2# export OS_PASSWORD=fuai123 3# export OS_PROJECT_NAME=admin 4# export OS_USER_DOMAIN_NAME=Default 5# export OS_PROJECT_DOMAIN_NAME=Default 6# export OS_AUTH_URL=http://controller:35357/v3 7# export OS_IDENTITY_API_VERSION=3
创建域
1# openstack domain create --description "An Example Domain" example 2 3+-------------+----------------------------------+ 4| Field | Value | 5+-------------+----------------------------------+ 6| description | An Example Domain | 7| enabled | True | 8| id | 28d83de95e064d909f3c82de49e49982 | 9| name | example |
10| tags | [] | 11+-------------+----------------------------------+
创建service项目
1# openstack project create --domain default \ 2 --description "Service Project" service 3 4+-------------+----------------------------------+ 5| Field | Value | 6+-------------+----------------------------------+ 7| description | Service Project | 8| domain_id | default | 9| enabled | True |
10| id | d5442e942ee1481281d78e0a81d19601 | 11| is_domain | False | 12| name | service | 13| parent_id | default | 14| tags | [] | 15+-------------+----------------------------------+
创建demo项目
1# openstack project create --domain default \ 2 --description "Demo Project" demo 3 4+-------------+----------------------------------+ 5| Field | Value | 6+-------------+----------------------------------+ 7| description | Demo Project | 8| domain_id | default | 9| enabled | True |
10| id | 3f3f3e87192d4b5bb32b2a9db39a4be0 | 11| is_domain | False | 12| name | demo | 13| parent_id | default | 14| tags | [] | 15+-------------+----------------------------------+
注意:这里要设置demo用户的密码,为了统一我设置的fuai123
1# openstack user create --domain default \ 2 --password-prompt demo 3 4User Password: 5Repeat User Password: 6+---------------------+----------------------------------+ 7| Field | Value | 8+---------------------+----------------------------------+ 9| domain_id | default |
10| enabled | True | 11| id | daf47114440741d3b213a5eb58a58006 | 12| name | demo | 13| options | {} | 14| password_expires_at | None | 15+---------------------+----------------------------------+
创建用户角色
1# openstack role create user 2 3+-----------+----------------------------------+ 4| Field | Value | 5+-----------+----------------------------------+ 6| domain_id | None | 7| id | 10a36ef5803045dda2df3ed3480ce2bd | 8| name | user | 9+-----------+----------------------------------+
给demo用户添加user角色
1# openstack role add --project demo --user demo user
3.5 (控制节点)验证操作
解除环境变量的设置
1# unset OS_AUTH_URL OS_PASSWORD
使用admin用户请求token
注意:这里需要输入admin的密码,我得是fuai123
1# openstack --os-auth-url http://controller:35357/v3 \ 2 --os-project-domain-name Default --os-user-domain-name Default \ 3 --os-project-name admin --os-username admin token issue 4 5Password: 6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 7| Field | Value | 8+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 9| expires | 2018-04-25T12:09:55+0000 |
10| id | gAAAAABa4GID_fKwaNHti1QiDmjG4Ox0113RmaZ7DpMytBBB6gEsMoPTrHArevpYK1-gqv3UOPPSb6emHe29YfxxsXZBqfiq3C4IijCm5e-XetfgXarAsfgvlzAsao6jFkmLKbhMklzBZOA7ZH0t_TZJi_SuD5lkVsQv5wdWlPbQlgA4VvS0vmA | 11| project_id | c4e73f33137b49dcb1ff949f3d95de36 | 12| user_id | 88c329ab63b34c57a8996c5237cb1ba3 | 13+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
使用demo用户请求token
1# openstack --os-auth-url http://controller:5000/v3 \ 2 --os-project-domain-name Default --os-user-domain-name Default \ 3 --os-project-name demo --os-username demo token issue 4 5Password: 6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 7| Field | Value | 8+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 9| expires | 2018-04-25T12:12:28+0000 |
10| id | gAAAAABa4GKcKjwpbL2NqgpDXk1lrkmwEjbj_gLfDf3DmR2xmI9TfA4W85ZSX8ql-Jjol8o3wmbWT2CL4--Ekhi3eciwtRYdLZke3Pf0jCRsZBpFeWSQQSb5yLpl5haQ78thAyBusUfkZTB7i1oOwjyl6_16OyJYpMm74l9IpWI6pqaIy4AKjLE | 11| project_id | 3f3f3e87192d4b5bb32b2a9db39a4be0 | 12| user_id | daf47114440741d3b213a5eb58a58006 | 13+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.6 (控制节点)创建环境变量脚本
创建admin-openrc文件增加如下内容
1export OS_PROJECT_DOMAIN_NAME=Default 2export OS_USER_DOMAIN_NAME=Default 3export OS_PROJECT_NAME=admin 4export OS_USERNAME=admin 5export OS_PASSWORD=fuai123 6export OS_AUTH_URL=http://controller:5000/v3 7export OS_IDENTITY_API_VERSION=3 8export OS_IMAGE_API_VERSION=2
创建demo-openrc文件增加如下内容
1export OS_PROJECT_DOMAIN_NAME=Default 2export OS_USER_DOMAIN_NAME=Default 3export OS_PROJECT_NAME=demo 4export OS_USERNAME=demo 5export OS_PASSWORD=fuai123 6export OS_AUTH_URL=http://controller:5000/v3 7export OS_IDENTITY_API_VERSION=3 8export OS_IMAGE_API_VERSION=2
验证下脚本的效果
1# . admin-openrc 2# openstack token issue 3 4+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 5| Field | Value | 6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 7| expires | 2018-04-25T12:18:13+0000 | 8| id | gAAAAABa4GP1AoWBOcAHW9w1nr2CNlBs3HqK1-bzXsDekLtiHiEtkWbpxPMiloUv2x3uhZ2kM7XJtP9V4Ugy9BMev9cvV1qy1GZh_U-EElJlLEf4IgBf4SiCGGd2BjQiq0cCT55y2cXK8pmRKZKIlzFUwoBCHpc75yqnEJk6Rz3Upsk7HYT3c0k | 9| project_id | c4e73f33137b49dcb1ff949f3d95de36 |
10| user_id | 88c329ab63b34c57a8996c5237cb1ba3 | 11+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
至此,OpenStack认证服务已经安装验证完成,下面将进行镜像等组件的安装,具体请参见文章《OpenStack(Queens)详细安装部署(三)》
更多精彩内容,OpenStack干货请扫描下方二维码,关注我们微信公众号“扶艾”!
微信扫一扫
关注该公众号
