openstack学习-KeyStone安装(二)
一、安装keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
二、设置Memcache开启启动并启动Memcached
[root@linux-node1 ~]# systemctl enable memcached.service [root@linux-node1 ~]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 192.168.56.11,::1" [root@linux-node1 ~]# systemctl start memcached.service
三、Keystone配置
1、配置KeyStone数据库
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
2、设置Token和Memcached
[token]
provider = fernet
3、同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone [root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
4、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.56.11:35357/v3/ --bootstrap-internal-url http://192.168.56.11:35357/v3/ --bootstrap-public-url http://192.168.56.11:5000/v3/ --bootstrap-region-id RegionOne
6、验证Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone provider = fernet
7、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:80
8、创建软连接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
四、启动Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
五、设置环境变量
[root@linux-node1 ~]# export OS_USERNAME=admin [root@linux-node1 ~]# export OS_PASSWORD=admin [root@linux-node1 ~]# export OS_PROJECT_NAME=admin [root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default [root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default [root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3 [root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
六、创建项目和demo用户
# openstack project create --domain default --description "Demo Project" demo --创建一个demo的项目 # openstack user create --domain default --password demo demo --创建一个用户为demo 密码为demo的用户 # openstack role create user --创建一个角色为user # openstack role add --project demo --user demo user --把demo的用户加入到demo的项目中并赋予user角色
七、创建Service项目
openstack project create --domain default --description "Service Project" service --创建一个服务的项目为service
八、用户创建
1、创建glance用户
# openstack user create --domain default --password glance glance --创建一个glance用户,密码为glance # openstack role add --project service --user glance admin --把glance用户加入到service这个服务项目中,并授予admin角色
2、创建nova用户
# openstack user create --domain default --password nova nova --创建一个nova用户,密码为nova
# openstack role add --project service --user nova admin --把nova用户加入到service这个服务项目中,并授予admin角色
3、创建placement用户
# openstack user create --domain default --password placement placement --创建一个placement用户,密码为placement
# openstack role add --project service --user placement admin --把placement用户加入到service这个服务项目中,并授予admin角色
4、创建Neutron用户
# openstack user create --domain default --password neutron neutron --创建一个neutron用户,密码为neutron
# openstack role add --project service --user neutron admin--把neutron用户加入到service这个服务项目中,并授予admin角色
5、创建cinder用户(本次用不到)
# openstack user create --domain default --password cinder cinder # openstack role add --project service --user cinder admin
九、验证Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除环境变量 [root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue Password: … [root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue Password:
十、环境变量脚本
[root@linux-node1 ~]# vim /root/admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.56.11:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
[root@linux-node1 ~]# vim /root/demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://192.168.56.11:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
十一、验证
[root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# [root@linux-node1 ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-11-22T15:37:36+0000 | | id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI | | project_id | 41501647e47f4eb3880b17ef9776e2c1 | | user_id | 320ded70f6ea46c0bd640f7b7802d7de | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@linux-node1 ~]# [root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-11-22T15:38:06+0000 | | id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ | | project_id | 61a918afeae24861ae08d0944737890c | | user_id | f3922f1b44e3483995e23aaf855161c0 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack user list You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17) [root@linux-node1 ~]# [root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# [root@linux-node1 ~]# openstack user list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | 2bb9ce88ae5649b58a2879e53bf60017 | glance | | 320ded70f6ea46c0bd640f7b7802d7de | admin | | 36d1834f4a524e4383068e193b042a0b | neutron | | 7fedca53c5bc42cebc396b5b690968d4 | nova | | f120f4c6fa074e76a2367b7b103b6c6f | placement | | f3922f1b44e3483995e23aaf855161c0 | demo | +----------------------------------+-----------+ [root@linux-node1 ~]# [root@linux-node1 ~]# [root@linux-node1 ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | aef5b0e9aca441c5aaaff560b15e2a46 | user | | c4229971a0834e629dcb69dc7a0b10cd | admin | +----------------------------------+-------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 41501647e47f4eb3880b17ef9776e2c1 | admin | | 61a918afeae24861ae08d0944737890c | demo | | 6d0619edd470440abea5805ff47b4f1a | service | +----------------------------------+---------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack service list +----------------------------------+-----------+-----------+ | ID | Name | Type | +----------------------------------+-----------+-----------+ | 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity | +----------------------------------+-----------+-----------+ [root@linux-node1 ~]# [root@linux-node1 ~]# [root@linux-node1 ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ | | cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ | | f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
如果用户和密码写错了,就需要删除了重新创建,可以查看帮组信息 openstack user --help
openstack user delete 用户的id
同理role、project、service、endpoint都是同样操作