安裝OpenStack QUEENS版本二：keystone

安裝Keystone，在控制節點上
yum install openstack-keystone httpd mod_wsgi -y

create a database
mysql -uroot -ppassword -e "CREATE DATABASE keystone;"
mysql -uroot -ppassword -e "GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'localhost' IDENTIFIED BY 'password'"
mysql -uroot -ppassword -e "GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'%' IDENTIFIED BY 'password'"

Edit the /etc/keystone/keystone.conf file
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:password@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password password \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

Edit the /etc/httpd/conf/httpd.conf file

vim /etc/httpd/conf/httpd.conf
ServerName controller

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
systemctl status httpd.service

export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user

unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 \

--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

openstack --os-auth-url http://controller:5000/v3 \

--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue

[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# source admin-openrc[root@controller ~]# openstack token issue[root@controller ~]# openstack service list+----------------------------------+----------+----------+| ID | Name | Type |+----------------------------------+----------+----------+| 356b9ccccebc46539fd029a6d1117dc1 | keystone | identity |+----------------------------------+----------+----------+