在前面的章节里面,我们配置了基本环境,也安装keystone服务,并且创建了keystone的数据库,在这一篇里面,我们说怎么配置keystone。

首先编辑keystone服务,需要修改如下数据

编辑 /etc/keystone/keystone.conf

[database]

# ...

connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
[token]

# ...

provider = fernet

将keystone服务同步到数据库

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

验证同步是否成功,如果成功,应该有如下输出

[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"

+------------------------+

| Tables_in_keystone |

+------------------------+

| access_token |

| assignment |

| config_register |

| consumer |

| credential |

| endpoint |

| endpoint_group |

| federated_user

| federation_protocol |

| group |

| id_mapping |

| identity_provider |

| idp_remote_ids |

| implied_role |

| local_user |

| mapping |

| migrate_version |

| nonlocal_user |

| password |

| policy |

| policy_association |

| project |

| project_endpoint |

| project_endpoint_group |

| region |

| request_token |

| revocation_event |

| role |

| sensitive_config |

| service |

| service_provider |

| token |

| trust |

| trust_role |

| user |

| user_group_membership |

| user_option |

| whitelisted_config |

初始化Fernet key 资源库

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

[root@linux-node1 ~]#

验证初始化是否成功,如果fernet-keys & credential-keys 下面多了两个文件,则为正确

[root@linux-node1 ~]# cd /etc/keystone/ 
[root@linux-node1 keystone]# tree fernet-keys/ fernet-keys/

├──

└──

 directories,  files

[root@linux-node1 keystone]# tree credential-keys/ credential-keys/

├──

└──

 directories,  files

启动keystone服务

keystone-manage bootstrap --bootstrap-password admin \

  --bootstrap-admin-url http://192.168.56.11:35357/v3/ \

  --bootstrap-internal-url http://192.168.56.11:5000/v3/ \

  --bootstrap-public-url http://192.168.56.11:5000/v3/ \

  --bootstrap-region-id RegionOne

因为keystone需要用httpd服务来运行,这里配置一下httpd.conf

[root@linux-node1 keystone]# vim /etc/httpd/conf/httpd.conf

#line 96:

ServerName 192.168.56.11:

创建链接

[root@linux-node1 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

将httpd启动并设置为开机启动

[root@linux-node1 httpd]# systemctl start httpd

[root@linux-node1 httpd]# systemctl enable httpd

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

将前面遗漏的rabbitmq和database也设置为开机启动

[root@linux-node1 httpd]# systemctl enable rabbitmq-server mariadb

配置admin用户环境变量

[root@linux-node1 ~]# cat admin-openstack.sh

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://192.168.56.11:35357/v3

export OS_IDENTITY_API_VERSION=

安装openstack客户端

[root@linux-node1 ~]# yum install python-openstackclient openstack-selinux -y

在本文档中,给每个服务用一个只包含唯一user的service project,现在创建这个 service project

#首先需引入环境变量

[root@linux-node1 ~]# source admin-openstack.sh
openstack project create --domain default \

  --description "Service Project" service
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | id | 773e022475654ab0a4fbbfd66dec62bd | | is_domain | False | name | service | | parent_id | default | +-------------+----------------------------------+ [root@linux-node1 ~]#

一般的任务应该有一个未授权的项目和user,现在我们创建这个demo(non-admin)用户和项目

openstack project create --domain default \
  --description "Demo Project" demo

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Demo Project |

| domain_id | default |

| enabled | True

| id | 1d5b969df6da43e69e4a956297404f5c |

| is_domain | False |

| name | demo |

| parent_id | default |

+-------------+----------------------------------+ 

Create the demo user:

openstack user create --domain default \
  --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field | Value |

+---------------------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | 291f02337e514343a09a92932a86fd22 |

| name | demo

|  options | {} |

| password_expires_at | None |

+-----------+----------------------------------+

创建user角色

[root@linux-node1 ~]# openstack role create user

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | None |

| id | 8996a91ed1214d82b107ca0e9aa94b15 |

| name | user |

+-----------+----------------------------------+

将user角色赋予demo project 和user

[root@linux-node1 ~]# openstack role add --project demo --user demo user

[root@linux-node1 ~]#

验证刚才所做的操作

首先unset环境变量 OS_AUTH_URL and OS_PASSWORD

[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD

用admin用户生成token

openstack --os-auth-url http://192.168.56.11:35357/v3 \

  --os-project-domain-name Default --os-user-domain-name Default \

  --os-project-name admin --os-username admin token issue

Password:

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value

|

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| expires    | --11T07::+ |

| id         | gAAAAABaVwTLT729scUG7kebG-S6MuXD2Ta9caG-

IowiOBR5D4yQhs3xFdZTBEFbc-XKSzdpnJxT-

J6DeQPy0uIZOExYFReTs_938NpQ5CWl_AzwNn5ZTAKrzj41d7_rQX6GYHLWDv4HGJG8_lTp_Ba9N0nsY

oDJ13r3pMJ28qgk1KT56T8L9Ys |

| project_id | fb6761ab3d3d43569d5fdfafcdfa5e28 |

| user_id    | d010fba89633421a800698b0e5300d50 |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

[root@linux-node1 ~]#

用demo用户生成token

openstack --os-auth-url http://192.168.56.11:5000/v3 \

  --os-project-domain-name Default --os-user-domain-name Default \

  --os-project-name demo --os-username demo token issue

Password:

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| expires    | --11T07::+ |

| id         | gAAAAABaVwVcKzYPlTB9sg-

x21HDgCyCBqujQO4dqDaawlOSBixQFiSnFgRCiNx48MsLrLsGmX1o6HqcBOo84xPBy1UQIfUQlNhszd5

a_FpkHjY9AK61QTWV-AKBCzGUNJzyT7PNzs82ANF1K5dOltTsDVx40pmYMc0C6zXjIjHZsU2yuVLPOmY

|

| project_id | 1d5b969df6da43e69e4a956297404f5c |

| user_id    | 291f02337e514343a09a92932a86fd22 |

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

编辑demo用户的环境变量

[root@linux-node1 ~]# cat demo-openstack.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://192.168.56.11:5000/v3

export OS_IDENTITY_API_VERSION=

export OS_IMAGE_API_VERSION=

导入demo环境变量,用openstack token issue可以直接为demo用户生成token

[root@linux-node1 ~]# source demo-openstack.sh

[root@linux-node1 ~]# openstack token issue

+------------

+-------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------+

| Field      | Value

|

+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+

| expires | --11T07::+ |

| id | gAAAAABaVwYysLrhxRdCprzhvU6r1S_kG3qo6bLNxjpq2IX_Ezwg1dAjnqPGXHMD5nYzqVyGViZQtJ5p W8IJDv0JN6Y9nT1hDbD-P- BRrhw0ki6eaSgoR0PiofIK1DmT3EV_RkPWT0Gd_CnEjbJFM6UcNts6E8tVsXku3vJZPG2GmIXcwLlqza M|

| project_id | 1d5b969df6da43e69e4a956297404f5c |

| user_id | 291f02337e514343a09a92932a86fd22 |

+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+

[root@linux-node1 ~]#

同理也可导入admin环境变量,用openstack token issue为admin用户生成环境变量

keystone服务的安装配置介绍到这里

OpenStack 安装:keystone服务的更多相关文章

  1. OpenStack 安装 Keystone

    OpenStack 安装 Keystone 本篇主要记录一下 如何安装 openstack的 第一个组件 keystone 认证授权组件 openstack 版本 我选的是queens 版本 1.Op ...

  2. CentOS 7部署OpenStack(二)—安装keystone服务

    1.创建数据库 [root@controller ~]# mysql -u root -p [root@controller ~]# CREATE DATABASE keystone; [root@c ...

  3. OpenStack:安装Keystone

    >安装Keystone1. 安装# apt-get install keystone2. 创建dbcreate database keystone;grant all privileges on ...

  4. OpenStack 认证服务 KeyStone 服务注册(五)

    创建服务实体和API端点 创建服务 openstack service create --name keystone --description "OpenStack Identity&qu ...

  5. OpenStack 认证服务 KeyStone 服务注册(六)

    一)检查keystone是否安装配置成功 1.1删除环境变量的配置 unset OS_AUTH_URL redhat 1.2 请求令牌认证 admin用户,请求认证令牌 openstack --os- ...

  6. openstack (3)---------部署memcached缓存服务,keystone服务

    一.memcached概念 Memcached 是一个开源的.高性能的分布式内存对象缓存系统.通过在内存中缓存数据和对象来减少读取数据库的次数,从而提高网站访问速度,加速动态WEB应用.减轻数据库负载 ...

  7. 003-官网安装openstack之-keystone身份认证服务

    以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...

  8. OpenStack核心组件-keystone

    1. Keystone介绍 keystone是OpenStack的组件之一,用于为OpenStack家族中的其它组件成员提供统一的认证服务,包括身份验证.令牌的发放和校验.服务列表.用户权限的定义等等 ...

  9. openstack部署keystone

    环境: 免密钥,域名解析 cat /etc/hosts 192.168.42.120 controller 192.168.42.121 compute 192.168.42.122 storage ...

随机推荐

  1. spring boot 之 spring task(定时任务)

    cron:通过表达式来配置任务执行时间cron表达式详解 一个cron表达式有至少6个(也可能7个)有空格分隔的时间元素.按顺序依次为: 秒(0~59)分钟(0~59)3 小时(0~23)4  天(0 ...

  2. switch语句判断学生成绩

    下面通过判断学生成绩来展示switch语句的使用. Q:判断学生成绩的等级,90-100分为A级,80-89为B级,70-79为C级,60-69为D级,60以下不及格. package main im ...

  3. POJ1821 Fence

    题意 Language:Default Fence Time Limit: 1000MS Memory Limit: 30000K Total Submissions: 6478 Accepted: ...

  4. dmi-ipmi

    api,cli,gui,tui,dmi(smbios),ipmi,bios,efi,uefi SMBIOS(System Management BIOS)是主板或系统制造者以标准格式显示产品管理信息所 ...

  5. JDK各个版本的区别

    jdk1.5的新特性: 1. 泛型    ArrayList list=new ArrayList()------>ArrayList<Integer>list=new ArrayL ...

  6. Delphi XE5 Android 调用 Google ZXing

    { Google ZXing Call demo Delphi Version: Delphi XE5 Version 19.0.13476.4176 By: flcop(zylove619@hotm ...

  7. MySql开启远程账户登陆总结

    1.更改 "mysql" 数据库里的 "user" 表里的 "host" 项,从"127.0.0.1"改成"% ...

  8. python3学习笔记七(字典)

    参照http://www.runoob.com/python3/python3-dictionary.html 字典 字典是另一种可变容器模型,且可以存储任意类型对象. dict1 = {key1:v ...

  9. Hibernate复习

    第一天 Hibernate是一个持久层的ORM框架.两个配置文件, 类名.hbm.xml类的属性和表的列对应 hibernate.cfg.xml核心配置文件 Hibernate相关API: Confi ...

  10. solr6.4.1 搜索引擎(1)启动eclipse启动

    solr是一个java写的搜索引擎,所以支持java方式的eclipse调试. 本篇文章使用solr版本为6.4.1 一. 环境 solr 下载地址 http://archive.apache.org ...