OpenStack基礎學習及keystone服務配置
1、openstack基礎學習
OpenStack是一個由NASA(美國國家航空航天局)和Rackspace合做研發併發起的,以Apache許可證受權的自由軟件和開放源代碼項目。 OpenStack是一個開源的雲計算管理平臺項目,由幾個主要的組件組合起來完成具體工做。OpenStack支持幾乎全部類型的雲環境,項目目標是提供實施簡單、可大規模擴展、豐富、標準統一的雲計算管理平臺。OpenStack經過各類互補的服務提供了基礎設施即服務(IaaS)的解決方案,每一個服務提供API以進行集成。
2、環境準備
一、虛擬機準備
IP地址 主機名 操做系統 192.168.56.11 linux-node1 CentOS7 192.168.56.12 linux-node2 CentOS7
其中,linux-node1看成控制節點node
linux-node2看成計算節點python
二、基礎軟件包安裝
基礎軟件包須要安裝在全部的OpenStack節點上進行安裝,包括控制節點和計算節點mysql
(1)安裝EPEL倉庫
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
(2)安裝OpenStack倉庫
yum install -y centos-release-openstack-mitaka
安裝完成後,會在/etc/yum.repos.d目錄下生成一個CentOS-OpenStack-mitaka.repo [root@linux-node1 yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-OpenStack-mitaka.repo CentOS-Vault.repo CentOS-Ceph-Hammer.repo CentOS-fasttrack.repo CentOS-QEMU-EV.repo epel.repo CentOS-CR.repo CentOS-Media.repo CentOS-Sources.repo epel-testing.repo [root@linux-node1 yum.repos.d]#
(3)安裝OpenStack客戶端
yum install -y python-openstackclient
(4)安裝Openstack SELinux管理包
yum install -y openstack-selinux
三、MySQL數據庫部署
除了Horizon,OpenStack其餘組件都須要鏈接數據庫。linux
(1)安裝數據庫
[root@linux-node1 ~]# yum install -y mariadb mariadb-server python2-PyMySQL
查看mariadb的配置文件,能夠看到配置目錄爲/etc/my.cnf.dweb
[root@linux-node1 ~]# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # include all files from the config directory !includedir /etc/my.cnf.d
(2)建立openstack.cnf配置文件
建立並編輯 /etc/my.cnf.d/openstack.cnf,而後完成以下動做:sql
#設置 bind-address值爲控制節點的管理網絡IP地址以使得其它節點能夠經過管理網絡訪問數據庫; [mysqld] bind-address = 192.168.56.11 default-storage-engine = innodb #默認存儲引擎 innodb_file_per_table #獨享表空間 max_connections = 4096 #最大鏈接數 collation-server = utf8_general_ci #數據庫字符集 character-set-server = utf8 #數據庫安裝時指定的字符集
(3)啓動數據庫
啓動數據庫服務,並將其配置爲開機自啓:數據庫
systemctl enable mariadb.service systemctl start mariadb.service
爲了保證數據庫服務的安全性,運行mysql_secure_installation腳本。特別須要說明的是,爲數據庫的root用戶設置一個適當的密碼。apache
[root@linux-node1 my.cnf.d]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@linux-node1 my.cnf.d]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.56.11:3306 0.0.0.0:* LISTEN 2764/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1324/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2479/master tcp6 0 0 :::22 :::* LISTEN 1324/sshd tcp6 0 0 ::1:25 :::*
(4)建立數據庫並受權
一次性建立完所須要的數據庫,在實際生產中,能夠寫個腳本一鍵執行。vim
MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'localhost' identified by 'glance'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'%' identified by 'glance'; MariaDB [(none)]> create database nova; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database nova_api; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'%' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec)
四、消息代理RabbitMQ
(1)安裝RabbitMQ
除了Horizon和KeyStone,其餘組件都須要鏈接RabbitMQcentos
OpenStack 使用 message queue 協調操做和各服務的狀態信息。消息隊列服務通常運行在控制節點上。
[root@linux-node1 ~]# yum install -y rabbitmq-server
用到RabbitMQ最多的是Nova,Nova會啓動不少服務,服務之間的通訊也是經過消息隊列進行通訊的。
(2)啓動消息隊列服務並將其配置爲開機自動啓動
[root@linux-node1 src]# systemctl enable rabbitmq-server [root@linux-node1 src]# systemctl start rabbitmq-server
rabbitmq監聽端口是5672
(3)添加openstack用戶
[root@linux-node1 src]# rabbitmqctl add_user openstack openstack Creating user "openstack" ...
(4)給openstack用戶配置讀寫權限
[root@linux-node1 src]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
(5)打開rabbitmq管理插件
rabbitmq提供不少插件
[root@linux-node1 src]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@linux-node1 |/ [ ] amqp_client 3.6.5 [ ] cowboy 1.0.3 [ ] cowlib 1.0.1 [ ] mochiweb 2.13.1 [ ] rabbitmq_amqp1_0 3.6.5 [ ] rabbitmq_auth_backend_ldap 3.6.5 [ ] rabbitmq_auth_mechanism_ssl 3.6.5 [ ] rabbitmq_consistent_hash_exchange 3.6.5 [ ] rabbitmq_event_exchange 3.6.5 [ ] rabbitmq_federation 3.6.5 [ ] rabbitmq_federation_management 3.6.5 [ ] rabbitmq_jms_topic_exchange 3.6.5 [ ] rabbitmq_management 3.6.5 [ ] rabbitmq_management_agent 3.6.5 [ ] rabbitmq_management_visualiser 3.6.5 [ ] rabbitmq_mqtt 3.6.5 [ ] rabbitmq_recent_history_exchange 1.2.1 [ ] rabbitmq_sharding 0.1.0 [ ] rabbitmq_shovel 3.6.5 [ ] rabbitmq_shovel_management 3.6.5 [ ] rabbitmq_stomp 3.6.5 [ ] rabbitmq_top 3.6.5 [ ] rabbitmq_tracing 3.6.5 [ ] rabbitmq_trust_store 3.6.5 [ ] rabbitmq_web_dispatch 3.6.5 [ ] rabbitmq_web_stomp 3.6.5 [ ] rabbitmq_web_stomp_examples 3.6.5 [ ] sockjs 0.3.4 [ ] webmachine 1.10.3
打開management插件,就能夠經過web界面管理rebbitmq
[root@linux-node1 src]# rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
rabbitmq-management啓動後會監聽15672端口
訪問http://192.168.56.11:15672,用戶名和密碼都是guest,進去後就能夠進行管理了
五、網絡時間協議(NTP)
在生產環境中,全部的OpenStack節點的時間必須一致。
因此必須安裝ntp進行時間同步。
yum -y install ntp systemctl enable ntpd systemctl start ntpd
六、OpenStack服務安裝
(2)Glance部署
[root@linux-node1 ~]# yum install -y openstack-glance
(3)Nova控制節點安裝
在控制節點linux-node1上安裝除nova-compute以外的其餘必備的服務
[root@linux-node1 ~]# yum install -y openstack-nova-api openstack-nova-cert \ openstack-nova-conductor openstack-nova-console \ openstack-nova-novncproxy openstack-nova-scheduler
(4)Nova計算節點安裝
在計算節點linux-node2上安裝
[root@linux-node2 ~]# yum install -y openstack-nova-compute sysfsutils
(5)Neutron控制節點部署
Neutron控制節點部署在linux-node1
[root@linux-node1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
(6)Neutron在計算節點中的部署
Neutron在計算節點中的部署 linux-node2
[root@linux-node2 ~]# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables
3、OpenStack驗證服務keystone
一、安裝keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached #使用帶有mod_wsgi的Apache HTTP服務器來服務認證服務請求,端口爲5000和35357。缺省狀況下,Kestone服務仍然監聽這些端口 #memcached緩存,memcached能夠設置key的超時時間,到時能夠自動清理 #python-memcached python鏈接memcached的模塊
二、編輯文件keystone.conf 並完成配置
使用openssl生成一個token,用於定義初始管理令牌的值
[root@linux-node1 ~]# openssl rand -hex 10 fb373c742a49db0bd7af
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf [DEFAULT] admin_token = fb373c742a49db0bd7af [database] connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone [token] provider = fernet driver = memcache [memcache] servers = 192.168.56.11:11211
三、初始化身份認證服務的數據庫:
su -s /bin/sh -c "keystone-manage db_sync" keystone
驗證數據庫的初始化
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;" +------------------------+ | Tables_in_keystone | +------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | domain | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | whitelisted_config | +------------------------+
四、初始化Fernet keys
初始化key,建立證書
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
在keystone的目錄下存放key
[root@linux-node1 fernet-keys]# pwd /etc/keystone/fernet-keys [root@linux-node1 fernet-keys]# ls 0 1
五、啓動memcache
[root@linux-node1 ~]# systemctl enable memcached Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [root@linux-node1 ~]# systemctl start memcached
查看memcached的配置文件
[root@linux-node1 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS=""
六、配置 Apache HTTP 服務器
(1)編輯httpd.conf文件
編輯/etc/httpd/conf/httpd.conf文件,配置ServerName選項爲控制節點:
ServerName 192.168.56.11:80
(2)建立keystone配置文件
建立/etc/httpd/conf.d/wsgi-keystone.conf並寫入以下內容:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
三、啓動apache
啓動apache並設置開機自動啓動
systemctl enable httpd.service systemctl start httpd.service
七、建立域、項目、用戶和角色
使用OS_TOKEN建立
OSTOKEN爲剛纔寫入keystone.conf配置文件中的ADMINTOKEN
[root@linux-node1 ~]# export OS_TOKEN=fb373c742a49db0bd7af [root@linux-node1 ~]# export OS_URL=http://192.168.56.11:35357/v3 #35357是keystone的admin端口 [root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
(1)建立域default
身份認證服務爲每一個OpenStack服務提供認證服務。
[root@linux-node1 ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | d113572e8fe84cec9a3b1fded9104df2 | | name | default | +-------------+----------------------------------+
(2)爲進行管理操做,建立管理的項目、用戶和角色:
建立admin項目
[root@linux-node1 ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 53f72af1420a4d098d48f2c82d7e9ec7 | | is_domain | False | | name | admin | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
建立admin用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 9b37ce41341347f68e8d84849ac62365 | | name | admin | +-----------+----------------------------------+
建立admin的角色
[root@linux-node1 ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 1f97f158bc6b4e638b1414000ae77f03 | | name | admin | +-----------+----------------------------------+
添加admin角色到admin項目和用戶上:
[root@linux-node1 ~]# openstack role add --project admin --user admin admin
(3)建立demo項目和用戶
常規任務應該使用無特權的項目和用戶。這裏建立demo項目和用戶
建立demo項目
[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 81e76ab533b14b448b1c6394bc5e4d86 | | is_domain | False | | name | demo | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
建立demo用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 6762a6adffd140b1906bbe69dbf42518 | | name | demo | +-----------+----------------------------------+
建立user角色
[root@linux-node1 ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 118d541af78d4424bd5f106a6b725920 | | name | user | +-----------+----------------------------------+
添加user角色到demo項目和組
[root@linux-node1 ~]# openstack role add --project demo --user demo user
(4)建立service項目
各個服務須要訪問keystone,訪問keystone須要作認證,須要建立用戶,用戶屬於某個項目;每一個服務包含獨有用戶的service項目
[root@linux-node1 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | e219752e19c34656898ed443fa63d6f0 | | is_domain | False | | name | service | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
每一個用戶都須要用戶名和密碼來鏈接keystone,所以在這裏一次性建立所須要的用戶
建立glance用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 492126a5ad204a6896335843429e1a62 | | name | glance | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user glance admin #把glance添加到service項目並授予admin角色
建立nova用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | b80c0e958b1b46dda783d892fa8e5004 | | name | nova | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user nova admin
建立neutron用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 937c94f2d2554dc190d24d95bdd403f3 | | name | neutron | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user neutron admin
八、建立服務實體和API端點
在Openstack環境中,認證服務管理服務目錄。服務使用這個目錄來決定環境中可用的服務。
(1)建立服務實體
[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | f7b1c26dfb904b989dcfe3395fe713d2 | | name | keystone | | type | identity | +-------------+----------------------------------+
(2)建立身份認證服務
OpenStack使用三個API endpoint變種表明每種服務:admin,internal和public
建立認證服務的endpoint:
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity public http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a951006c07004a43988e96e4abbf8508 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7ef6020325e540ad9bc945f8d2662fec | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://192.168.56.11:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 72766f8216a247aaa2a9b8b3653773d8 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:35357/v3 | +--------------+----------------------------------+
九、驗證keystone可否進行權限管理
使用上面建立的admin用戶和密碼,去鏈接keystone,看可否獲取token
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name admin --os-username admin token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:47:54.303027Z | | id | gAAAAABYEdtboSYe9F0Njoa2kRZCy2cNbqOpaDmvluRTaCdDmkQWWmRRrxO19lMGO0UZbdxXEf8kDmEpUSrRCTRX | | | ajdKkDQDtolJK2y5azPe5SzphyHC7APdlRKhMfe6ce9eESv5O0g1VjzLJAQibc_i9R98sLN3QANonY0H1urx- | | | gppQBC0RXU | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
能夠獲取到值,說明keystone安裝配置成功,keystone能夠幹活了。從結果中咱們還能夠看到token的失效時間。
測試demo用戶
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name demo --os-username demo token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:50:37.112377Z | | id | gAAAAABYEdv-iLmz3HgAsFppyQH_YBAuB-1jzDMZ1gf51omg6LLchrxf3R2gaGTHEXRQH3XLYEL- | | | EokfLGqd6zAmlGH-8S7x40DZtcpDp4vxDGfhBlL3RgUl_CHCJ8EA1lcIr8_xxIF96V4UjluHErzPcXVP83q6QTq7 | | | RGZIgPZX323YVf4j6j4 | | project_id | 81e76ab533b14b448b1c6394bc5e4d86 | | user_id | 6762a6adffd140b1906bbe69dbf42518 | +------------+------------------------------------------------------------------------------------------
九、建立OpenStack客戶端環境腳本
爲了提升客戶端客戶端操做的效率,OpenStack支持簡單的客戶端環境變量腳本即OpenRC文件。
建立腳本
[root@linux-node1 ~]# cat admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.56.11:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
執行腳本後,請求認證token
[root@linux-node1 ~]# openstack token issue +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:57:19.242157Z | | id | gAAAAABYEd2PEZRtxO9VKvl-DISZFfhsbYIufeOhB7GwN5j-Gva_sGpkkert4RkkKl-xRqbDnX5DCGtOEOrzGyiY | | | mDMUYzslUgtMT3edHeAdl97vrra6F_XVZ5GXRGIENC66HPNIvfmTnCBcELD8gfSgWwTsHkeuXhuZM7Cjo_Xhpt9b | | | LxvAG9g | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
建立demo環境變量腳本
[root@linux-node1 ~]# cat demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
相關文章
- 1. OpenStack Keystone架構一:Keystone基礎
- 2. ##3.Keystone 驗證服務--openstack
- 3. OpenStack----keystone 認證服務
- 4. OpenStack 認證服務 KeyStone [二]
- 5. openstack學習-KeyStone安裝(二)
- 6. OpenStack基礎學習
- 7. FTP服務基礎及安全配置
- 8. OpenStack之keystone(身份認證服務)
- 9. openstack認證服務Keystone 介紹(二)
- 10. Openstack Queens 環境搭建(三)Keystone服務
- 更多相關文章...
- • Hibernate事務的配置 - Hibernate教程
- • Spring Bean的配置及常用屬性 - Spring教程
- • Kotlin學習(二)基本類型
- • Kotlin學習(一)基本語法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章