Openstack Keystone和Swift的集成操作
因为机器有限,此次此时仅仅使用swift的ALLINONE安装模式.Keystone的安装和swift安装都在同一机器上运行。
此次的记录并未记录swiftALLINONE的安装方法,仅仅记录keystone如何与swiftallinONe方式进行集成完成鉴权
系统:Ubuntu10.04
/**拷贝项目到本地**/--需要安装gitsudoapt-getinstallgit
gitclonehttps://github.com/openstack/keystone.git
gitclonehttps://github.com/openstack/python-keystoneclient.git
/**下载所需工具包**/
sudoapt-getinstallpython-devlibxml2-devlibxslt1-devlibsasl2-devlibsqlite3-devlibssl-devlibldap2-dev[同时下载镜像慢会报错,最好分开下载]
sudoapt-getinstallsqlitebrowser
/**创建用户或者使用root用户进行操作/
sudosu
/**进入keystone文件夹下**/
cdkeystone
/**安装VirtualEnv**/
sudopythontools/install_venv.py[无异常就生成成功,操作最好以root]
(这步操作也同时下载了pip-requires和test-requires所需的包)
/**切换到新创建的虚拟环境中**/
source.vent/bin/activate
[停用虚拟环境]deactivate
/**安装KeyStone**/
如需在虚拟环境外也可使用keystone命令行
sudopiptools/pip-requires
sudopiptools/test-requires
sudopythonsetup.pydevelop
/**测试keystone引用**/
sudopython
>>>importkeystone
>>>
/**将示例用来启动keystone的配置文件还原**/[当前还在keystone文件目录下,目录下有etc]
cpetc/keystone.conf.sampleetc/keystone.conf
*******************这里我选择的是SQLite存储方式,可以更换为其他数据库或者是基于文件的存储。记住更改内面引用的user**********
/**测试以前的swift是否能够跑通(鉴权方式并非keystone的时候)**/
swift-initmainstart
curl-v-H'X-Storage-User:test:tester'-H'X-Storage-Pass:testing'http://127.0.0.1:8080/auth/v1.0
(能够返回200或者204的话,说明运行通畅,可以先暂时停掉swift了,因为后续要修改proxy-server.conf)
/**开启keystone**/
cd~/keystone
bin/keystone-all
/**运行数据库初始化**/
sudobin/keystone-managedb_sync
/**根据配置文件的token的来创建租户,用户,角色**/
(使用的是python-keystoneclient.git项目)
exportSERVICE_TOKEN="在keystone安装目录下etc/keystone.conf中的Token值"
exportSERVICE_ENDPOINT="http://localhost:35357/v2.0"
/**创建租户**/[ROOT]
keystonetenant-create--name=service
信息:id=d871847839fa4fbabd08950221917028
/**创建用户**/[ROOT]
keystoneuser-create--name=admin--pass=admin--email=si.li@boventech.com
信息:id=1071f434270e4f7aa36f433be788d17b
/**创建ROLE**/
keystonerole-create--name=admin
信息:id=07c69b2da1e041c1800238f0120db2a9
keystonerole-create--name=Member
信息:id=460e5db0aeb54d9e9c6c446f778e64f6
/**AddRolestoUsersINTenants**/
keystoneuser-role-add--user[这里放用户ID]--role[这里放角色ID]--tenant_id[这里放tenantID]
/**配置KeyStone的Service**/
keystoneservice-create--name=keystone--type=identity--description="KeystoneIdentityService"
+-------------+----------------------------------+
|Property|Value|
+-------------+----------------------------------+
|description|KeystoneIdentityService|
|id|b6b28e55990f428bacd2ca45f64799ce|
|name|keystone|
|type|identity|
//+-------------+----------------------------------+
//配置KeystoneService的endpoint
keystoneendpoint-create--regionRegionOne
--service_idb6b28e55990f428bacd2ca45f64799ce
--publicurl'http://localhost:5000/v2.0'
--adminurl'http://localhost:35357/v2.0'
--internalurl'http://localhost:5000/v2.0'
/**配置Swift的Service**/
keystoneservice-create--name=swift--type="object-store"--description="SwiftService"
+-------------+----------------------------------+
|Property|Value|
+-------------+----------------------------------+
|description|SwiftService|
|id|004608f103714d81aa3e01b79913789b|
|name|swift|
|type|object-store|
+-------------+----------------------------------+
//创建管理Swift的User
keystoneuser-create--name=swift--pass=admin--tenant_idd871847839fa4fbabd08950221917028--email=si.li@boventech.com
信息:id=8651d459557c474389bca64a9346f70a
//将名称为"admin"的角色权限配置给用户名为"swift"的用户到"service"的租户管理中
keystoneuser-role-add--tenant_id{tenant_id}--user{user_id}--role{rule_id}
//为SwiftService配置endpoint
keystoneendpoint-create--regionRegionOne
--service_id004608f103714d81aa3e01b79913789b
--publicurl'http://localhost:8080/v1/AUTH_{tenantID}'
--adminurl'http://localhost:8080/'
--internalurl'http://localhost:8080/v1/AUTH_{tenantID}'
/**创建完毕后检查Sqlite3内存储的信息是否已经加进去了**/
sqlite3keystone.db
SQLiteversion3.6.22
Enter".help"forinstructions
EnterSQLstatementsterminatedwitha";"
sqlite>.tables
sqlite>select*fromservice;
sqlite>select*fromuser;
sqlite>select*from....;
或者打开图形界面
sudosqlitebrowser
*************************************配置swift/proxy-server.conf*********************
[DEFAULT]
bind_port=8080
user=sili
[pipeline:main]
pipeline=catch_errorshealthcheckcacheauthtokenkeystoneproxy-server
[app:proxy-server]
use=egg:swift#proxy
account_autocreate=true
[filter:keystone]
paste.filter_factory=keystone.middleware.swift_auth:filter_factory
operator_roles=admin,Member
[filter:authtoken]
paste.filter_factory=keystone.middleware.auth_token:filter_factory
#Delayingtheauthdecisionisrequiredtosupporttoken-less
#usageforanonymousreferrers('.r:*').
delay_auth_decision=0
service_port=5000
service_host=127.0.0.1
auth_port=35357
auth_host=127.0.0.1
auth_uri=http://127.0.0.1:5000/
auth_token=ADMIN
admin_token=ADMIN
auth_protocol=http
[filter:cache]
use=egg:swift#memcache
setlog_name=cache
[filter:catch_errors]
use=egg:swift#catch_errors
[filter:healthcheck]
use=egg:swift#healthcheck
**************************************************************************************
//开启swift
swift-initproxystart
swift-initallstart
//测试
/**测试keystone在节点上是否完好**/
curl-d'{"auth":{"tenantName":"service","passwordCredentials":{"username":"swift","password":"admin"}}}'-H"Content-type:application/json"http://localhost:5000/v2.0/tokens|python-mjson.tool
/**测试swift集成**/
swift-Ahttp://localhost:5000/v2.0-Uservice:swift-Kadminstat-V2