openstack学习-KeyStone安装(二)
一、安装keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
二、设置Memcache开启启动并启动Memcached
[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT=""
USER="memcached"
MAXCONN=""
CACHESIZE=""
OPTIONS="-l 192.168.56.11,::1"
[root@linux-node1 ~]# systemctl start memcached.service
三、Keystone配置
1、配置KeyStone数据库
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
2、设置Token和Memcached
[token]
provider = fernet
3、同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
4、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://192.168.56.11:35357/v3/ \
--bootstrap-internal-url http://192.168.56.11:35357/v3/ \
--bootstrap-public-url http://192.168.56.11:5000/v3/ \
--bootstrap-region-id RegionOne
6、验证Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet
7、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:
8、创建软连接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
四、启动Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
五、设置环境变量
[root@linux-node1 ~]# export OS_USERNAME=admin
[root@linux-node1 ~]# export OS_PASSWORD=admin
[root@linux-node1 ~]# export OS_PROJECT_NAME=admin
[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=
六、创建项目和demo用户
# openstack project create --domain default --description "Demo Project" demo --创建一个demo的项目
# openstack user create --domain default --password demo demo --创建一个用户为demo 密码为demo的用户
# openstack role create user --创建一个角色为user
# openstack role add --project demo --user demo user --把demo的用户加入到demo的项目中并赋予user角色
七、创建Service项目
openstack project create --domain default --description "Service Project" service --创建一个服务的项目为service
八、用户创建
1、创建glance用户
# openstack user create --domain default --password glance glance --创建一个glance用户,密码为glance
# openstack role add --project service --user glance admin --把glance用户加入到service这个服务项目中,并授予admin角色
2、创建nova用户
# openstack user create --domain default --password nova nova --创建一个nova用户,密码为nova
# openstack role add --project service --user nova admin --把nova用户加入到service这个服务项目中,并授予admin角色
3、创建placement用户
# openstack user create --domain default --password placement placement --创建一个placement用户,密码为placement
# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中,并授予admin角色
4、创建Neutron用户
# openstack user create --domain default --password neutron neutron --创建一个neutron用户,密码为neutron
# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中,并授予admin角色
5、创建cinder用户(本次用不到)
# openstack user create --domain default --password cinder cinder
# openstack role add --project service --user cinder admin
九、验证Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除环境变量
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
十、环境变量脚本
[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
十一、验证
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI |
| project_id | 41501647e47f4eb3880b17ef9776e2c1 |
| user_id | 320ded70f6ea46c0bd640f7b7802d7de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ |
| project_id | 61a918afeae24861ae08d0944737890c |
| user_id | f3922f1b44e3483995e23aaf855161c0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users. (HTTP ) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17)
[root@linux-node1 ~]#
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 2bb9ce88ae5649b58a2879e53bf60017 | glance |
| 320ded70f6ea46c0bd640f7b7802d7de | admin |
| 36d1834f4a524e4383068e193b042a0b | neutron |
| 7fedca53c5bc42cebc396b5b690968d4 | nova |
| f120f4c6fa074e76a2367b7b103b6c6f | placement |
| f3922f1b44e3483995e23aaf855161c0 | demo |
+----------------------------------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| aef5b0e9aca441c5aaaff560b15e2a46 | user |
| c4229971a0834e629dcb69dc7a0b10cd | admin |
+----------------------------------+-------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 41501647e47f4eb3880b17ef9776e2c1 | admin |
| 61a918afeae24861ae08d0944737890c | demo |
| 6d0619edd470440abea5805ff47b4f1a | service |
+----------------------------------+---------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity |
+----------------------------------+-----------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ |
| cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ |
| f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
如果用户和密码写错了,就需要删除了重新创建,可以查看帮组信息 openstack user --help
openstack user delete 用户的id
同理role、project、service、endpoint都是同样操作
openstack学习-KeyStone安装(二)的更多相关文章
- openstack学习-glance安装(三)
glance在openstack负责镜像相关管理的,对外提供标准的api提供服务,glance有两个服务,一个是glance-api接受云系统镜像的创建.删除.读取请求.glance-registry ...
- openstack学习-Horizon安装(八)
一.安装Horizon [root@linux-node2 ~]# yum install -y openstack-dashboard 二.Horizon配置 [root@linux-node2 ~ ...
- OpenStack Keystone安装部署流程
之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...
- OpenStack基础组件安装keystone身份认证服务
域名解析 vim /etc/hosts 192.168.245.172 controller01 192.168.245.171 controller02 192.168.245.173 contro ...
- 4 云计算系列之Openstack简介与keystone安装
preface KVM 是openstack虚拟化的基础, 再介绍了kvm虚拟化技术之后,我们介绍下openstack和如何搭建. Openstack组件 openstack架构图如下所示 那么我们就 ...
- 照着官网来安装openstack pike之keystone安装
openstack基础环境安装完成后,现在开启安装keystone服务(在控制节点上执行下面所有操作) 1.为keystone创建数据库 mysql -u root -p MariaDB [(none ...
- 003-官网安装openstack之-keystone身份认证服务
以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...
- Openstack Ocata 负载均衡安装(二)
Openstack OCATA 负载节点(二) 安装haproxy: apt install haproxy 配置haproxy: vim /etc/haproxy/haproxy.cfg globa ...
- Hadoop学习------Hadoop安装方式之(二):伪分布部署
要想发挥Hadoop分布式.并行处理的优势,还须以分布式模式来部署运行Hadoop.单机模式是指Hadoop在单个节点上以单个进程的方式运行,伪分布模式是指在单个节点上运行NameNode.DataN ...
随机推荐
- 消除 transition 闪屏
.css { -webkit-transform-style: preserve-3d; -webkit-backface-visibility: hidden; -webkit-perspectiv ...
- Winform程序双向绑定
程序比较简单,一看就明白,主要需要实现INotifyPropertyChanged using System; using System.Collections.Generic; using Syst ...
- js 碰撞 + 重力 运动
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...
- JavaScript动态修改CSS
链接:https://www.cnblogs.com/aademeng/articles/6279060.html 在很多情况下,都需要对网页上元素的样式进行动态的修改.在JavaScript中提供几 ...
- Django学习手册 - 模板语言(前端获取后台数据)
先在views视图内,定义列表数据,以及字典数据.运用render函数传递两个列表数据至前端. from django.shortcuts import render list_info = [ {& ...
- 论文笔记系列-Efficient Neural Architecture Search via Parameter Sharing
Summary 本文提出超越神经架构搜索(NAS)的高效神经架构搜索(ENAS),这是一种经济的自动化模型设计方法,通过强制所有子模型共享权重从而提升了NAS的效率,克服了NAS算力成本巨大且耗时的缺 ...
- POI导出Excel(xls、xlsx均可以,也支持图片)——(三)
Jar包
- window系列
1.关闭浏览器单个网页 ctrl+W 2.远程桌面连接 mstsc
- mysql基本命令[转]
1.连接Mysql 格式: mysql -h主机地址 -u用户名 -p用户密码 1.连接到本机上的MYSQL.首先打开DOS窗口,然后进入目录mysql\bin,再键入命令mysql -u root ...
- Linux mmc framework2:基本组件之queue
1.前言 本文主要介绍card下queue组件的主要流程,在介绍的过程中,将详细说明和queue相关的流程,涉及到其它组件的详细流程再在相关文章中说明. 2.主要数据结构和API 2.1 struct ...