使用keystone認證swift
對於如何安裝swift,這裏很少作介紹,建議看一下SAIO的腳本,裏面對於安裝過程寫的很清晰,徹底能夠拿來修改下,就變成多機器多節點了。swift
不過SAIO的默認配置和官方最新文檔的配置proxy-server.conf有點小差異,須要改爲官方文檔的配置,好比SAIO還會引用keystone的auth_token模塊,起始這個模塊已經從keystone移除了,如今這個功能能夠在keystoneclient中找到.api
本文默認你已經安裝好swift和keystone,而且swift在tempauth模式下能夠正常使用,不少文章都只介紹了swift的配置,而忽略了keystone的配置,本文首先介紹下keystone的配置。curl
首先是keystone的配置: ide
新建一個用戶swift,下面是個人環境截圖:url
[horizon@localhost keystone]$ keystone user-list
+----------------------------------+----------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
| 8109586519f9496f9a4f4ad14cc70e34 | admin | True | admin@example.com |
| 54b5d928f1da40f4891362d07ef3d0f2 | alt_demo | True | alt_demo@example.com |
| 0536b10b24154cb0900f40786ef320cb | cinder | True | cinder@example.com |
| 83c07a07e68c49ab8ce4447036b72b34 | demo | True | demo@example.com |
| 59218b72dc21489d8f2653297c13f504 | glance | True | glance@example.com |
| c9bf0952371c4e5b891e76c1360913f5 | nova | True | nova@example.com |
| 45d970ebb9a343ae933302533f5676a7 | swift | True | swift@example.com |
+----------------------------------+----------+---------+----------------------+
而後新建一個role:spa
[horizon@localhost keystone]$
[horizon@localhost keystone]$ keystone role-list
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| dbcd5afc0b564f37bf117681e584a57d | Member |
| ad8b4ddee35e4ff3ad6e14293203e30f | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 610a7c30f80c43ed91244765171a6d8b | admin |
| 7d4d9c5fbe094aadb04bbfceeb5afd3d | anotherrole |
| 00169cfc0aeb47a38cbeac486e280660 | service |
| 6f86bb048a27438b9cba5c408d9f65e6 | swiftoperator |
+----------------------------------+---------------+
創建相應的service3d
[horizon@localhost keystone]$ keystone service-list
+----------------------------------+----------+--------------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+---------------------------+
| 5d1fdfc553724a698d3aaa81c19a7e66 | cinder | volumev2 | Cinder Volume Service V2 |
| f299e7369ada41d78965f7d700a4d10f | cinder | volume | Cinder Volume Service |
| bbbc0e86ac424654922b4b884615c505 | ec2 | ec2 | EC2 Compatibility Layer |
| 6992fd70e974429781fd28f598cceae1 | glance | image | Glance Image Service |
| 2d4a0f83448a48f291e4abd66bf16b78 | keystone | identity | Keystone Identity Service |
| 95e0fb619eee4c6f9ff6e464181e03e7 | nova | computev3 | Nova Compute Service V3 |
| f533298b088e4106a0752631d7a2e6a5 | nova | compute | Nova Compute Service |
| 1780506202594c63a0e7815bd91f1f48 | s3 | s3 | S3 |
| 2a700e7ceb824ffcba8bff4212887cc2 | swift | object-store | swift Service |
+----------------------------------+----------+--------------+---------------------------+
將名稱爲"admin"的角色權限配置給用戶名爲"swift"的用戶到"service"的租戶管理中
keystone user-role-add --tenant_id {tenant_id} --user {user_id} --role {rule_id}code
爲Swift Service 配置endpoint
keystone endpoint-create --region RegionOne
--service_id 004608f103714d81aa3e01b79913789b
--publicurl 'http://localhost:8080/v1/AUTH_{tenantID}'
--adminurl 'http://localhost:8080/'
--internalurl 'http://localhost:8080/v1/AUTH_{tenantID}'server
tenant-list:[horizon@localhost keystone]$ keystone tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| 9548337f796d4a4fab7e7600b8afdd24 | admin | True |
| b227fc9afa2b43ed8e5cbd739cfeed7c | alt_demo | True |
| 84fda0378b734bf58c34288a6ab37450 | demo | True |
| bdd2c3a6fee44e6c8e6e45c59102345d | invisible_to_admin | True |
| e423733ea60048f3845be881d72015d4 | service | True |
+----------------------------------+--------------------+---------+
爲swift賦予相應的roleblog
keystone user-role-add --user 45d970ebb9a343ae933302533f5676a7 --role 00169cfc0aeb47a38cbeac486e280660 --tenant_id e423733ea60048f3845be881d72015d4
而後建立endpoint,這步是重點,MS官方文檔裏面沒有提到,不少文章也沒提到這一步:
keystone endpoint-create --region RegionOne --service_id 2a700e7ceb824ffcba8bff4212887cc2 --publicurl 'http://swift_server:8888/v1/AUTH_e423733ea60048f3845be881d72015d4' --adminurl 'http://swift_server:8888/' --internalurl 'http://swift_server:8888/v1/AUTH_e423733ea60048f3845be881d72015d4'
+-------------+-------------------------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------------------------+
| adminurl | http://swift_server:8888/ |
| id | 573c83753ea74983979aec1a4576d0bc |
| internalurl | http://swift_server:8888/v1/AUTH_e423733ea60048f3845be881d72015d4 |
| publicurl | http://swift_server:8888/v1/AUTH_e423733ea60048f3845be881d72015d4 |
| region | RegionOne |
| service_id | 2a700e7ceb824ffcba8bff4212887cc2 |
+-------------+-------------------------------------------------------------------+
接下來的就是修改swift的proxy_server.conf文件,這個官方文檔很詳細了,不必再詳細介紹了,官方文檔還有glance+swift的配置,也很簡單,修改下glance-api.conf的配置便可,官方說明很詳細。
- 1. Swift-------keystone認證 獲得認證令牌和存儲服務URL
- 2. OpenStack----keystone 認證服務
- 3. OpenStack 認證服務 KeyStone [二]
- 4. openstack keystone外部認證
- 5. 深刻理解Keystone 認證
- 6. 基於keystone認證的Swift的安裝與配置
- 7. OpenStack之keystone(身份認證服務)
- 8. OpenStack組件——Keystone身份認證
- 9. keystone認證服務安裝與配置
- 10. openstack認證服務Keystone 介紹(二)
- 更多相關文章...
- • TortoiseSVN 使用教程 - SVN 教程
- • Docker 容器使用 - Docker教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
-
每一个你不满意的现在,都有一个你没有努力的曾经。