openstack学习-KeyStone安装(二)
一、安装keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
二、设置Memcache开启启动并启动Memcached
[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT=""
USER="memcached"
MAXCONN=""
CACHESIZE=""
OPTIONS="-l 192.168.56.11,::1"
[root@linux-node1 ~]# systemctl start memcached.service
三、Keystone配置
1、配置KeyStone数据库
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
2、设置Token和Memcached
[token]
provider = fernet
3、同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
4、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://192.168.56.11:35357/v3/ \
--bootstrap-internal-url http://192.168.56.11:35357/v3/ \
--bootstrap-public-url http://192.168.56.11:5000/v3/ \
--bootstrap-region-id RegionOne
6、验证Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet
7、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:
8、创建软连接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
四、启动Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
五、设置环境变量
[root@linux-node1 ~]# export OS_USERNAME=admin
[root@linux-node1 ~]# export OS_PASSWORD=admin
[root@linux-node1 ~]# export OS_PROJECT_NAME=admin
[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=
六、创建项目和demo用户
# openstack project create --domain default --description "Demo Project" demo --创建一个demo的项目
# openstack user create --domain default --password demo demo --创建一个用户为demo 密码为demo的用户
# openstack role create user --创建一个角色为user
# openstack role add --project demo --user demo user --把demo的用户加入到demo的项目中并赋予user角色
七、创建Service项目
openstack project create --domain default --description "Service Project" service --创建一个服务的项目为service
八、用户创建
1、创建glance用户
# openstack user create --domain default --password glance glance --创建一个glance用户,密码为glance
# openstack role add --project service --user glance admin --把glance用户加入到service这个服务项目中,并授予admin角色
2、创建nova用户
# openstack user create --domain default --password nova nova --创建一个nova用户,密码为nova
# openstack role add --project service --user nova admin --把nova用户加入到service这个服务项目中,并授予admin角色
3、创建placement用户
# openstack user create --domain default --password placement placement --创建一个placement用户,密码为placement
# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中,并授予admin角色
4、创建Neutron用户
# openstack user create --domain default --password neutron neutron --创建一个neutron用户,密码为neutron
# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中,并授予admin角色
5、创建cinder用户(本次用不到)
# openstack user create --domain default --password cinder cinder
# openstack role add --project service --user cinder admin
九、验证Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除环境变量
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
十、环境变量脚本
[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
十一、验证
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI |
| project_id | 41501647e47f4eb3880b17ef9776e2c1 |
| user_id | 320ded70f6ea46c0bd640f7b7802d7de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ |
| project_id | 61a918afeae24861ae08d0944737890c |
| user_id | f3922f1b44e3483995e23aaf855161c0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users. (HTTP ) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17)
[root@linux-node1 ~]#
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 2bb9ce88ae5649b58a2879e53bf60017 | glance |
| 320ded70f6ea46c0bd640f7b7802d7de | admin |
| 36d1834f4a524e4383068e193b042a0b | neutron |
| 7fedca53c5bc42cebc396b5b690968d4 | nova |
| f120f4c6fa074e76a2367b7b103b6c6f | placement |
| f3922f1b44e3483995e23aaf855161c0 | demo |
+----------------------------------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| aef5b0e9aca441c5aaaff560b15e2a46 | user |
| c4229971a0834e629dcb69dc7a0b10cd | admin |
+----------------------------------+-------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 41501647e47f4eb3880b17ef9776e2c1 | admin |
| 61a918afeae24861ae08d0944737890c | demo |
| 6d0619edd470440abea5805ff47b4f1a | service |
+----------------------------------+---------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity |
+----------------------------------+-----------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ |
| cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ |
| f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
如果用户和密码写错了,就需要删除了重新创建,可以查看帮组信息 openstack user --help
openstack user delete 用户的id
同理role、project、service、endpoint都是同样操作
openstack学习-KeyStone安装(二)的更多相关文章
- openstack学习-glance安装(三)
glance在openstack负责镜像相关管理的,对外提供标准的api提供服务,glance有两个服务,一个是glance-api接受云系统镜像的创建.删除.读取请求.glance-registry ...
- openstack学习-Horizon安装(八)
一.安装Horizon [root@linux-node2 ~]# yum install -y openstack-dashboard 二.Horizon配置 [root@linux-node2 ~ ...
- OpenStack Keystone安装部署流程
之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...
- OpenStack基础组件安装keystone身份认证服务
域名解析 vim /etc/hosts 192.168.245.172 controller01 192.168.245.171 controller02 192.168.245.173 contro ...
- 4 云计算系列之Openstack简介与keystone安装
preface KVM 是openstack虚拟化的基础, 再介绍了kvm虚拟化技术之后,我们介绍下openstack和如何搭建. Openstack组件 openstack架构图如下所示 那么我们就 ...
- 照着官网来安装openstack pike之keystone安装
openstack基础环境安装完成后,现在开启安装keystone服务(在控制节点上执行下面所有操作) 1.为keystone创建数据库 mysql -u root -p MariaDB [(none ...
- 003-官网安装openstack之-keystone身份认证服务
以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...
- Openstack Ocata 负载均衡安装(二)
Openstack OCATA 负载节点(二) 安装haproxy: apt install haproxy 配置haproxy: vim /etc/haproxy/haproxy.cfg globa ...
- Hadoop学习------Hadoop安装方式之(二):伪分布部署
要想发挥Hadoop分布式.并行处理的优势,还须以分布式模式来部署运行Hadoop.单机模式是指Hadoop在单个节点上以单个进程的方式运行,伪分布模式是指在单个节点上运行NameNode.DataN ...
随机推荐
- python -- 题目不看别人的自己写然后比较
题目一 ''' 编写Python脚本,分析xx.log文件,按域名统计访问次数倒序输出 xx.log文件内容如下: https://www.sogo.com/ale.html https://www. ...
- VS复制文件到输出目录
1.选中项目文件 2. 3.编译时就会自动创建目录,并复制文件
- loadrunner函数解密之web_reg_save_param
loadrunner工具的使用,最关键的在于3个地方: A:脚本的编写 B:场景设计 C:性能测试结果分析 其 中难度比较大的第一步是:编写脚本,有很多人对于loadrunner里面的各种函数使用的并 ...
- Android数据存储五种方式
1 使用SharedPreferences存储数据:常用于做本地缓存 2 文件存储数据:(1)data/data/<package name>/files目录内 (2)SDCard内 ...
- POST 上传 JSON 数据
// // ViewController.m // 03-post上传json // // Created by jerry on 15/10/10. // Copyright (c) 2015年 j ...
- SpringBoot整合Jdbc
(1).添加相关依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId ...
- caffe添加自己编写的Python层
由于Python的灵活性,我们在caffe中添加自己定义的层时使用python层会更加方便,开发速速也会比C++更快,现在我就在这儿简单说一下如何在caffe中添加自定义的python层(使用的原网络 ...
- kmalloc vmalloc kzalloc malloc 和 get_free_page()【转】
转自:http://blog.csdn.net/hbhhww/article/details/7236695 kmalloc vmalloc kzalloc get_free_page()是内核空间申 ...
- kafka系列九、kafka事务原理、事务API和使用场景
一.事务场景 最简单的需求是producer发的多条消息组成一个事务这些消息需要对consumer同时可见或者同时不可见 . producer可能会给多个topic,多个partition发消息,这些 ...
- mysql字符串 转 int-double CAST与CONVERT 函数的用法
MySQL 的CAST()和CONVERT()函数可用来获取一个类型的值,并产生另一个类型的值.两者具体的语法如下: CAST(value as type); CONVERT(value, type) ...