OpenStack-认证服务

OpenStack-认证服务

0、专属图床

点此快速打开文章图床_OpenStack-认证服务

1、控制节点(controller)

1.1 安装和配置

1.1.1 创库授权 keystone

mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘;

用合适的密码替换 KEYSTONE_DBPASS

1.1.2 安装配置 keystone

1.1.2.1 安装其软件包
yum install openstack-keystone httpd mod_wsgi -y &>/dev/null
echo $?
1.1.2.2 修改配置文件
  1. 备份初始配置文件,然后重定向写入配置文件
cp /etc/keystone/keystone.conf{,.bak}
egrep -v ‘^$|#‘ /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
  1. 编辑文件 /etc/keystone/keystone.conf 并完成如下动作:
vim /etc/keystone/keystone.conf
1.1.2.3 初始化数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql keystone -e ‘show tables;‘|wc -l
1.1.2.4 初始化Fernet key
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
1.1.2.5 启动相关服务
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

用合适的密码替换 ADMIN_PASS

1.1.3 配置 Apache HTTP 服务

1.1.3.1 修改配置文件
cp /etc/httpd/conf/httpd.conf{,.bak}
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
tail -1 /etc/httpd/conf/httpd.conf
1.1.3.2 创建相关链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
ll /etc/httpd/conf.d/
1.1.3.3 启动和自启动
systemctl start httpd
systemctl enable httpd
1.1.3.4 配置 admin 账户
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

用合适的密码替换 ADMIN_PASS

1.1.3.5 让其永久生效
cat >>/root/.bashrc <<EOF
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF

grep ‘export OS‘ /root/.bashrc

用合适的密码替换 ADMIN_PASS

1.1.3.6 验证 keystone
openstack user list

1.2 创建域、项目、用户和角色

1.2.1 创建 service 项目

本指南使用一个你添加到你的环境中每个服务包含独有用户的 service 项目

openstack project create --domain default --description "Service Project" service

查询项目

openstack project list

验证操作

openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue

1.2.2 其它请看官方文档

【官方文档】点我快速打开文章

『MineGi有话说』:快来扫一扫下面链接的二维码,加入我们吧!