1)mysql添加数据库,建立用户
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '123456';
2)安装软件包并修改/etc/keystone/keystone.conf配置文件
yum install openstack-keystone httpd mod_wsgi -y
vi /etc/keystone/keystone.conf
#在 [database]部分, 配置数据库访问权限:
[database]
# ...
connection = mysql+pymysql://keystone:123456@controller/keystone
#在[token] 部分, 配置Fernet token provider
[token]
# ...
provider = fernet
也可以使用openstack配置工具
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:123456@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet
3)同步认证服务数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
4)初始化Fernet key库:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keyston
5)、引导身份认证服务:
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
6)、配置apache http服务
vim /etc/httpd/conf/httpd.conf修改ServerName controller
ServerName controller
#添加链接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#启动服务
systemctl enable httpd.service && systemctl start httpd.service
7)、配置administrative 账户
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
8)、创建项目和用户
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
#测试创建的用户验证是否通过
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
9)、建立admin-openrc环境变量文件
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#建立demo-openrc环境变量文件
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
openstack(train版)快速安装部署-keystone服务(二)
猜你喜欢
转载自blog.csdn.net/qq_37594711/article/details/107923239
今日推荐
周排行