openstack学习-KeyStone安装(二)
一、安装keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
二、设置Memcache开启启动并启动Memcached
[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT=""
USER="memcached"
MAXCONN=""
CACHESIZE=""
OPTIONS="-l 192.168.56.11,::1"
[root@linux-node1 ~]# systemctl start memcached.service
三、Keystone配置
1、配置KeyStone数据库
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
2、设置Token和Memcached
[token]
provider = fernet
3、同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
4、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://192.168.56.11:35357/v3/ \
--bootstrap-internal-url http://192.168.56.11:35357/v3/ \
--bootstrap-public-url http://192.168.56.11:5000/v3/ \
--bootstrap-region-id RegionOne
6、验证Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet
7、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:
8、创建软连接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
四、启动Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
五、设置环境变量
[root@linux-node1 ~]# export OS_USERNAME=admin
[root@linux-node1 ~]# export OS_PASSWORD=admin
[root@linux-node1 ~]# export OS_PROJECT_NAME=admin
[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=
六、创建项目和demo用户
# openstack project create --domain default --description "Demo Project" demo --创建一个demo的项目
# openstack user create --domain default --password demo demo --创建一个用户为demo 密码为demo的用户
# openstack role create user --创建一个角色为user
# openstack role add --project demo --user demo user --把demo的用户加入到demo的项目中并赋予user角色
七、创建Service项目
openstack project create --domain default --description "Service Project" service --创建一个服务的项目为service
八、用户创建
1、创建glance用户
# openstack user create --domain default --password glance glance --创建一个glance用户,密码为glance
# openstack role add --project service --user glance admin --把glance用户加入到service这个服务项目中,并授予admin角色
2、创建nova用户
# openstack user create --domain default --password nova nova --创建一个nova用户,密码为nova
# openstack role add --project service --user nova admin --把nova用户加入到service这个服务项目中,并授予admin角色
3、创建placement用户
# openstack user create --domain default --password placement placement --创建一个placement用户,密码为placement
# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中,并授予admin角色
4、创建Neutron用户
# openstack user create --domain default --password neutron neutron --创建一个neutron用户,密码为neutron
# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中,并授予admin角色
5、创建cinder用户(本次用不到)
# openstack user create --domain default --password cinder cinder
# openstack role add --project service --user cinder admin
九、验证Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除环境变量
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
十、环境变量脚本
[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
十一、验证
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI |
| project_id | 41501647e47f4eb3880b17ef9776e2c1 |
| user_id | 320ded70f6ea46c0bd640f7b7802d7de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ |
| project_id | 61a918afeae24861ae08d0944737890c |
| user_id | f3922f1b44e3483995e23aaf855161c0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users. (HTTP ) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17)
[root@linux-node1 ~]#
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 2bb9ce88ae5649b58a2879e53bf60017 | glance |
| 320ded70f6ea46c0bd640f7b7802d7de | admin |
| 36d1834f4a524e4383068e193b042a0b | neutron |
| 7fedca53c5bc42cebc396b5b690968d4 | nova |
| f120f4c6fa074e76a2367b7b103b6c6f | placement |
| f3922f1b44e3483995e23aaf855161c0 | demo |
+----------------------------------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| aef5b0e9aca441c5aaaff560b15e2a46 | user |
| c4229971a0834e629dcb69dc7a0b10cd | admin |
+----------------------------------+-------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 41501647e47f4eb3880b17ef9776e2c1 | admin |
| 61a918afeae24861ae08d0944737890c | demo |
| 6d0619edd470440abea5805ff47b4f1a | service |
+----------------------------------+---------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity |
+----------------------------------+-----------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ |
| cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ |
| f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
如果用户和密码写错了,就需要删除了重新创建,可以查看帮组信息 openstack user --help
openstack user delete 用户的id
同理role、project、service、endpoint都是同样操作
openstack学习-KeyStone安装(二)的更多相关文章
- openstack学习-glance安装(三)
glance在openstack负责镜像相关管理的,对外提供标准的api提供服务,glance有两个服务,一个是glance-api接受云系统镜像的创建.删除.读取请求.glance-registry ...
- openstack学习-Horizon安装(八)
一.安装Horizon [root@linux-node2 ~]# yum install -y openstack-dashboard 二.Horizon配置 [root@linux-node2 ~ ...
- OpenStack Keystone安装部署流程
之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...
- OpenStack基础组件安装keystone身份认证服务
域名解析 vim /etc/hosts 192.168.245.172 controller01 192.168.245.171 controller02 192.168.245.173 contro ...
- 4 云计算系列之Openstack简介与keystone安装
preface KVM 是openstack虚拟化的基础, 再介绍了kvm虚拟化技术之后,我们介绍下openstack和如何搭建. Openstack组件 openstack架构图如下所示 那么我们就 ...
- 照着官网来安装openstack pike之keystone安装
openstack基础环境安装完成后,现在开启安装keystone服务(在控制节点上执行下面所有操作) 1.为keystone创建数据库 mysql -u root -p MariaDB [(none ...
- 003-官网安装openstack之-keystone身份认证服务
以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...
- Openstack Ocata 负载均衡安装(二)
Openstack OCATA 负载节点(二) 安装haproxy: apt install haproxy 配置haproxy: vim /etc/haproxy/haproxy.cfg globa ...
- Hadoop学习------Hadoop安装方式之(二):伪分布部署
要想发挥Hadoop分布式.并行处理的优势,还须以分布式模式来部署运行Hadoop.单机模式是指Hadoop在单个节点上以单个进程的方式运行,伪分布模式是指在单个节点上运行NameNode.DataN ...
随机推荐
- 转- --python 3 编码
对Python3编码的整理!!! py编码终极版 说起python编码,真是句句心酸.算起来,反复折腾两个来月了.万幸的是,终于梳理清楚了.作为一个共产主义者,一定要分享给大家.如果你还在因为编码而头 ...
- Python基础(函数部分)-day04
写在前面 上课第四天,打卡: 加勒比海盗今天上映:端午节公司发的粽子很有范! 一.函数的基本概念 - 函数是什么? 函数,就是一个'锤子',一个具有特定功能的'锤子',使用者可以在适当的时候使用这个 ...
- Python基础(正则、序列化、常用模块和面向对象)-day06
写在前面 上课第六天,打卡: 天地不仁,以万物为刍狗: 一.正则 - 正则就是用一些具有特殊含义的符号组合到一起(称为正则表达式)来描述字符或者字符串的方法: - 在线正则工具:http://tool ...
- Failed to write core dump. Minidumps are not enabled by default on client versions of Windows
使用JProfiler监控JAVA程序内存,JVM报错: A fatal error has been detected by the Java Runtime Environment: EXCEPT ...
- Python写日志
import logging import ResultFolder logger = logging.getLogger() logger.setLevel(logging.DEBUG) def C ...
- C# 读取Excel和DBF文件
//获excel中多个sheet中的数据 /// <summary> /// 读取导入Excel文件内容 /// </summary> /// <param name=& ...
- 同步sync 异步async
线程中 同步任务是串行队列,也就是按顺序执行. 同步任务:不会开辟新的线程,它是在当前线程执行的. dispatch 调度 GCD里面的函数都是以dispatch开头的. 同步任务 步骤: 1. ...
- Box-Muller 与 ziggurat
1. Ziggurat 算法与 Box-muller 算法的效率比较 2. Box-Muller a. 一般形式 因函数调用较多,速度慢,当u接近0时存在数值稳定性问题 先假设. 用Box-Mulle ...
- 【逆向知识】动态调试技巧-C++代码逆向
1.C++类代码的特点 寄存器ECX传参时一般用作this指针(对象地址)或是计数器. 有ecx传参的call,是成员函数,构造函数,析构函数 能访问成员变量的函数都会有ecx传参 静态函数.全局函数 ...
- 文件&报表状态ID
def_filestatus Uploading=4 WaitingParse=6 Parsing=10 Completed=14 ParseError=1006 UploadError=1004 d ...