openstack 安装keystone

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/ywmack/article/details/81540240

openstack Q版

服务器系统centos7

控制端IP：192.168.50.31

计算端IP：192.168.50.32

Keystone

下面所有操作全在控制端

数据库操作

# 登录数据库
mysql -u root -p
# 创建表
CREATE DATABASE keystone;
# 授权
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

安装配置
# YUM安装keystone 及相关软件
yum -y install openstack-keystone httpd mod_wsgi

#修改配置文件keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet

# 同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化keystone基础信息

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password openstackadmin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

配置httpd

# 修改配置文件httpd.conf
vim /etc/httpd/conf/httpd.conf
ServerName controller

# 配置文件创建连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

# 配置服务
systemctl enable httpd.service
systemctl start httpd.service

keystone 初始帐户角色和项目

# 临时环境变量配置管理帐户
export OS_USERNAME=admin
export OS_PASSWORD=openstackadmin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

# 创建域、项目、用户和角色
# 创建新的域 example 默认default已经存在
openstack domain create --description "An Example Domain" example

# 创建service项目
openstack project create --domain default --description "Service Project" service

# 创建demo项目
openstack project create --domain default --description "Demo Project" demo

# 创建demo用户 
openstack user create --domain default --password-prompt demo
#会提示输入密码 和再次输入密码

#创建demo角色：
openstack role create user

# 添加``demo`` 角色到 demo 项目和用户上：
openstack role add --project demo --user demo user


# 验证操作
# 重置变量
unset OS_AUTH_URL OS_PASSWORD

#访问测试
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
会提示输入admin密码（输入openstackadmin）
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
会提示输入demo密码 （输入demo）

创建登录脚本并测试使用

#创建脚本 admin-openrc
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=JZopenstack123!
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#创建脚本  demo-openrc
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


# 测试使用
. admin-openrc
openstack token issue

. demo-openrc
openstack token issue