openstack学习-KeyStone安装(二)
一、安装keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
二、设置Memcache开启启动并启动Memcached
[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT=""
USER="memcached"
MAXCONN=""
CACHESIZE=""
OPTIONS="-l 192.168.56.11,::1"
[root@linux-node1 ~]# systemctl start memcached.service
三、Keystone配置
1、配置KeyStone数据库
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
2、设置Token和Memcached
[token]
provider = fernet
3、同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
4、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://192.168.56.11:35357/v3/ \
--bootstrap-internal-url http://192.168.56.11:35357/v3/ \
--bootstrap-public-url http://192.168.56.11:5000/v3/ \
--bootstrap-region-id RegionOne
6、验证Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet
7、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:
8、创建软连接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
四、启动Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
五、设置环境变量
[root@linux-node1 ~]# export OS_USERNAME=admin
[root@linux-node1 ~]# export OS_PASSWORD=admin
[root@linux-node1 ~]# export OS_PROJECT_NAME=admin
[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=
六、创建项目和demo用户
# openstack project create --domain default --description "Demo Project" demo --创建一个demo的项目
# openstack user create --domain default --password demo demo --创建一个用户为demo 密码为demo的用户
# openstack role create user --创建一个角色为user
# openstack role add --project demo --user demo user --把demo的用户加入到demo的项目中并赋予user角色
七、创建Service项目
openstack project create --domain default --description "Service Project" service --创建一个服务的项目为service
八、用户创建
1、创建glance用户
# openstack user create --domain default --password glance glance --创建一个glance用户,密码为glance
# openstack role add --project service --user glance admin --把glance用户加入到service这个服务项目中,并授予admin角色
2、创建nova用户
# openstack user create --domain default --password nova nova --创建一个nova用户,密码为nova
# openstack role add --project service --user nova admin --把nova用户加入到service这个服务项目中,并授予admin角色
3、创建placement用户
# openstack user create --domain default --password placement placement --创建一个placement用户,密码为placement
# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中,并授予admin角色
4、创建Neutron用户
# openstack user create --domain default --password neutron neutron --创建一个neutron用户,密码为neutron
# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中,并授予admin角色
5、创建cinder用户(本次用不到)
# openstack user create --domain default --password cinder cinder
# openstack role add --project service --user cinder admin
九、验证Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除环境变量
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
十、环境变量脚本
[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=
export OS_IMAGE_API_VERSION=
十一、验证
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI |
| project_id | 41501647e47f4eb3880b17ef9776e2c1 |
| user_id | 320ded70f6ea46c0bd640f7b7802d7de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --22T15::+ |
| id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ |
| project_id | 61a918afeae24861ae08d0944737890c |
| user_id | f3922f1b44e3483995e23aaf855161c0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users. (HTTP ) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17)
[root@linux-node1 ~]#
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 2bb9ce88ae5649b58a2879e53bf60017 | glance |
| 320ded70f6ea46c0bd640f7b7802d7de | admin |
| 36d1834f4a524e4383068e193b042a0b | neutron |
| 7fedca53c5bc42cebc396b5b690968d4 | nova |
| f120f4c6fa074e76a2367b7b103b6c6f | placement |
| f3922f1b44e3483995e23aaf855161c0 | demo |
+----------------------------------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| aef5b0e9aca441c5aaaff560b15e2a46 | user |
| c4229971a0834e629dcb69dc7a0b10cd | admin |
+----------------------------------+-------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 41501647e47f4eb3880b17ef9776e2c1 | admin |
| 61a918afeae24861ae08d0944737890c | demo |
| 6d0619edd470440abea5805ff47b4f1a | service |
+----------------------------------+---------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity |
+----------------------------------+-----------+-----------+
[root@linux-node1 ~]#
[root@linux-node1 ~]#
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ |
| cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ |
| f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
如果用户和密码写错了,就需要删除了重新创建,可以查看帮组信息 openstack user --help
openstack user delete 用户的id
同理role、project、service、endpoint都是同样操作
openstack学习-KeyStone安装(二)的更多相关文章
- openstack学习-glance安装(三)
glance在openstack负责镜像相关管理的,对外提供标准的api提供服务,glance有两个服务,一个是glance-api接受云系统镜像的创建.删除.读取请求.glance-registry ...
- openstack学习-Horizon安装(八)
一.安装Horizon [root@linux-node2 ~]# yum install -y openstack-dashboard 二.Horizon配置 [root@linux-node2 ~ ...
- OpenStack Keystone安装部署流程
之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...
- OpenStack基础组件安装keystone身份认证服务
域名解析 vim /etc/hosts 192.168.245.172 controller01 192.168.245.171 controller02 192.168.245.173 contro ...
- 4 云计算系列之Openstack简介与keystone安装
preface KVM 是openstack虚拟化的基础, 再介绍了kvm虚拟化技术之后,我们介绍下openstack和如何搭建. Openstack组件 openstack架构图如下所示 那么我们就 ...
- 照着官网来安装openstack pike之keystone安装
openstack基础环境安装完成后,现在开启安装keystone服务(在控制节点上执行下面所有操作) 1.为keystone创建数据库 mysql -u root -p MariaDB [(none ...
- 003-官网安装openstack之-keystone身份认证服务
以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...
- Openstack Ocata 负载均衡安装(二)
Openstack OCATA 负载节点(二) 安装haproxy: apt install haproxy 配置haproxy: vim /etc/haproxy/haproxy.cfg globa ...
- Hadoop学习------Hadoop安装方式之(二):伪分布部署
要想发挥Hadoop分布式.并行处理的优势,还须以分布式模式来部署运行Hadoop.单机模式是指Hadoop在单个节点上以单个进程的方式运行,伪分布模式是指在单个节点上运行NameNode.DataN ...
随机推荐
- C# 实现Bresenham算法(vs2010)
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; usin ...
- 出栈顺序 与 卡特兰数(Catalan)的关系
一,问题描述 给定一个以字符串形式表示的入栈序列,请求出一共有多少种可能的出栈顺序?如何输出所有可能的出栈序列? 比如入栈序列为:1 2 3 ,则出栈序列一共有五种,分别如下:1 2 3.1 3 2 ...
- JavaScript实战总结
javascript中数组的22种方法:http://www.cnblogs.com/xiaohuochai/p/5682621.html 1.js闭包 2.eval函数 eval(“字符串”) 将 ...
- Java EE之 Hibernate 5.x版本中SchemaExport的用法
//hibernate 5.0.1 Final ServiceRegistry serviceRegistry = new StandardServiceRegistryBuilder().confi ...
- [CQOI2011]放棋子 (DP,数论)
[CQOI2011]放棋子 \(solution:\) 看到这道题我们首先就应该想到有可能是DP和数论,因为题目已经很有特性了(首先题面是放棋子)(然后这一题方案数很多要取模)(而且这一题的数据范围很 ...
- web前端最全各类资源
链接:http://www.sohu.com/a/157593700_132276
- Dubbo服务降级
当服务器压力剧增的情况下,根据实际业务情况及流量,对一些服务和页面有策略的不处理或简单处理,从而释放服务器资源以保证核心业务正常运作或高效运作. 可以通过服务降级功能临时屏蔽某个出错的非关键服务并定义 ...
- python实现监控windows服务控制开关服务
转载自 :http://www.jb51.net/article/49106.htm #!/usr/bin/env python #-*- encoding:utf-8 -*- "" ...
- python动态函数名的研究
所谓动态函数名,就是使用时完全不知道是叫什么名字,可以由用户输入那种. 一般人习惯性会想到eval或exec, 但是众所周知,这样的写法不安全而且容易引起问题,而且不pythonic.而且使用时必须把 ...
- redis拾趣(客户端连接,keys命令,数据备份,缓存有效期等)
1.客户端连接 为了安全保护,redis支持绑定IP跟端口,这个通过conf配置文件中的bind跟port来设置. 绑定后登录client控制台时就需要写明ip(或者hostname)跟端口了,如: ...