openstack學習-KeyStone安裝(二)
1、安裝keystone
# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
2、設置Memcache開啓啓動並啓動Memcached
[root@linux-node1 ~]# systemctl enable memcached.service [root@linux-node1 ~]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 192.168.56.11,::1" [root@linux-node1 ~]# systemctl start memcached.service
3、Keystone配置
一、配置KeyStone數據庫
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
二、設置Token和Memcached
[token]
provider = fernet
三、同步數據庫
[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone [root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"
四、初始化fernet keys
[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
五、初始化keystone
[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \ --bootstrap-admin-url http://192.168.56.11:35357/v3/ \ --bootstrap-internal-url http://192.168.56.11:35357/v3/ \ --bootstrap-public-url http://192.168.56.11:5000/v3/ \ --bootstrap-region-id RegionOne
六、驗證Keystone修改的配置
[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone provider = fernet
七、修改httpd配置
[root@linux-node1 ~]vi/etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:80
八、建立軟鏈接
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
4、啓動Keystone
[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service
5、設置環境變量
[root@linux-node1 ~]# export OS_USERNAME=admin [root@linux-node1 ~]# export OS_PASSWORD=admin [root@linux-node1 ~]# export OS_PROJECT_NAME=admin [root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default [root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default [root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3 [root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
6、建立項目和demo用戶
# openstack project create --domain default --description "Demo Project" demo --建立一個demo的項目 # openstack user create --domain default --password demo demo --建立一個用戶爲demo 密碼爲demo的用戶 # openstack role create user --建立一個角色爲user # openstack role add --project demo --user demo user --把demo的用戶加入到demo的項目中並賦予user角色
7、建立Service項目
openstack project create --domain default --description "Service Project" service --建立一個服務的項目爲service
8、用戶建立
一、建立glance用戶
# openstack user create --domain default --password glance glance --建立一個glance用戶,密碼爲glance # openstack role add --project service --user glance admin --把glance用戶加入到service這個服務項目中,並授予admin角色
二、建立nova用戶
# openstack user create --domain default --password nova nova --建立一個nova用戶,密碼爲nova
# openstack role add --project service --user nova admin --把nova用戶加入到service這個服務項目中,並授予admin角色
三、建立placement用戶
# openstack user create --domain default --password placement placement --建立一個placement用戶,密碼爲placement
# openstack role add --project service --user placement admin --把placement用戶加入到service這個服務項目中,並授予admin角色
四、建立Neutron用戶
# openstack user create --domain default --password neutron neutron --建立一個neutron用戶,密碼爲neutron
# openstack role add --project service --user neutron admin--把neutron用戶加入到service這個服務項目中,並授予admin角色
五、建立cinder用戶(本次用不到)
# openstack user create --domain default --password cinder cinder # openstack role add --project service --user cinder admin
9、驗證Keystone
[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD ##清除環境變量 [root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue Password: … [root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue Password:
10、環境變量腳本
[root@linux-node1 ~]# vim /root/admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.56.11:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
[root@linux-node1 ~]# vim /root/demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://192.168.56.11:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
11、驗證
[root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# [root@linux-node1 ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-11-22T15:37:36+0000 | | id | gAAAAABb9r8wqBesfIryKdPAzcskX7G1X3g6pA75zpWxQgp8YnDSCoVBgN9GQ9PJak9UnIX_KLCEUH2IuMQ2fqZBkbwrCxNnjDuMJo5LeGczOhlgUG3hsDV3jpJrtu1j9Q8po4cL9Kx48D8nKlpXG4OhJ4s0VCx2g3ZiTmevQKzgLdGsN32ejKI | | project_id | 41501647e47f4eb3880b17ef9776e2c1 | | user_id | 320ded70f6ea46c0bd640f7b7802d7de | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@linux-node1 ~]# [root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-11-22T15:38:06+0000 | | id | gAAAAABb9r9OsescK3fKptK0tF3FX6YRcFY1XPOEwDCVEV7yjgiGCoShLJYvewatNVtoJr3ebp4IjAy0lg7Bjd4zic-nVjUIzvaU2fIBYWbw1au2EMcwfFQIR5mSJ_0f3Th5Ts12SQKTHMZdD7NTTJjVu_Ym3yzNm8agDkmB6Gdi-oKLveH5oVQ | | project_id | 61a918afeae24861ae08d0944737890c | | user_id | f3922f1b44e3483995e23aaf855161c0 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack user list You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-0aee9c60-f277-4abe-905d-72ef59609b17) [root@linux-node1 ~]# [root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# [root@linux-node1 ~]# openstack user list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | 2bb9ce88ae5649b58a2879e53bf60017 | glance | | 320ded70f6ea46c0bd640f7b7802d7de | admin | | 36d1834f4a524e4383068e193b042a0b | neutron | | 7fedca53c5bc42cebc396b5b690968d4 | nova | | f120f4c6fa074e76a2367b7b103b6c6f | placement | | f3922f1b44e3483995e23aaf855161c0 | demo | +----------------------------------+-----------+ [root@linux-node1 ~]# [root@linux-node1 ~]# [root@linux-node1 ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | aef5b0e9aca441c5aaaff560b15e2a46 | user | | c4229971a0834e629dcb69dc7a0b10cd | admin | +----------------------------------+-------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 41501647e47f4eb3880b17ef9776e2c1 | admin | | 61a918afeae24861ae08d0944737890c | demo | | 6d0619edd470440abea5805ff47b4f1a | service | +----------------------------------+---------+ [root@linux-node1 ~]# [root@linux-node1 ~]# openstack service list +----------------------------------+-----------+-----------+ | ID | Name | Type | +----------------------------------+-----------+-----------+ | 7a75ea530f2d4af59e3ab423bd47a11b | keystone | identity | +----------------------------------+-----------+-----------+ [root@linux-node1 ~]# [root@linux-node1 ~]# [root@linux-node1 ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | 6024f4be849d465e8201b1ab645a9b22 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v3/ | | cf6060b1424746d4bd0982229fe0a9c8 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v3/ | | f70a576ffe2e4a008c0c05461ba7c3f5 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:35357/v3/ | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
若是用戶和密碼寫錯了,就須要刪除了從新建立,能夠查看幫組信息 openstack user --helpnode
openstack user delete 用戶的idpython
同理role、project、service、endpoint都是一樣操做mysql
相關文章
- 1. 二、openstack安裝之Keystone篇
- 2. OpenStack stein安裝(二)keystone
- 3. Openstack安裝(1)--keystone安裝
- 4. 安裝OpenStack QUEENS版本二:keystone
- 5. 2、openstack安裝之Keystone篇
- 6. OpenStack Keystone架構二
- 7. OpenStack Ocata 安裝(二)安裝身份驗證(Keystone)服務
- 8. OpenStack 認證服務 KeyStone [二]
- 9. OpenStack之安裝和配置Keystone
- 10. Openstack(Kilo)安裝系列之Keystone(五)
- 更多相關文章...
- • Docker 安裝 Nginx - Docker教程
- • Docker 安裝 Node.js - Docker教程
- • Kotlin學習(二)基本類型
- • Composer 安裝與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 在windows下的虛擬機中,安裝華爲電腦的deepin操作系統
- 2. 強烈推薦款下載不限速解析神器
- 3. 【區塊鏈技術】孫宇晨:區塊鏈技術帶來金融服務的信任變革
- 4. 搜索引起的鏈接分析-計算網頁的重要性
- 5. TiDB x 微衆銀行 | 耗時降低 58%,分佈式架構助力實現普惠金融
- 6. 《數字孿生體技術白皮書》重磅發佈(附完整版下載)
- 7. 雙十一「避坑」指南:區塊鏈電子合同爲電商交易保駕護航!
- 8. 區塊鏈產業,怎樣「鏈」住未來?
- 9. OpenglRipper使用教程
- 10. springcloud請求一次好用一次不好用zuul Name or service not known
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 二、openstack安裝之Keystone篇
- 2. OpenStack stein安裝(二)keystone
- 3. Openstack安裝(1)--keystone安裝
- 4. 安裝OpenStack QUEENS版本二:keystone
- 5. 2、openstack安裝之Keystone篇
- 6. OpenStack Keystone架構二
- 7. OpenStack Ocata 安裝(二)安裝身份驗證(Keystone)服務
- 8. OpenStack 認證服務 KeyStone [二]
- 9. OpenStack之安裝和配置Keystone
- 10. Openstack(Kilo)安裝系列之Keystone(五)