- 安装keystone
- 登录mysql服务器中,创建数据库keystone,授予访问权限
#mysql
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Aa123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Aa123456';
- 安装配置组件
sudo apt install keystone apache2 libapache2-mod-wsgi
vim /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:Aa123456@controller/keystone
[token]
provider = fernet
- 初始化认证服务器
sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
- 初始化令牌
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- 引导身份认证
# keystone-manage bootstrap --bootstrap-password Aa123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
- 配置apache
vim /etc/apahce2/apahce2.conf
ServerName controller
sudo service apahce2 restart
- 设置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
- 创建用户\组\服务
openstack project create --domain default --description "Service Project" service #建立Project 服务
openstack project create --domain default --description "Demo Project" demo #建立一个DemoProject
openstack user create --domain default --password-prompt demo #建立Demo用户
openstack role create user #建立用户角色
openstack role add --project demo --user demo user #将Demo用户添加至User角色
- 验证
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
- 创建环境脚本
touch admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=Aa123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
touch demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
. admin-openrc
openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-10-20T02:28:05+0000 | | id | gAAAAABbyoSl3qP_CQJ5N5QIbNwju5RN4MG6S2J1gqdoe1CikU2ateAQrGjkbMhV1CRBtodJgXIl2PJU2k8c-QHtZuVH6XhFPx_wxiw28Q6Ab6qBK6HVfY8Rj1Ew3KWNViKD4c6YMOvzMFL07f-LM17IwSAinRDeQSdZysBFbsOagXFSo1-Zym0 | | project_id | bc776f24088840dbb29017d069f564cb | | user_id | dac95fced5fe4606b1b72d4f4cb9b0de | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-+