openstack stein部署手册 3. keystone

# 建立数据库用户及权限
create database keystone;
grant all privileges on keystone.* to keystone@'localhost' identified by 'Abc@123';
grant all privileges on keystone.* to keystone@'%' identified by 'Abc@123';
flush privileges;

# 安装程序包
yum install -y openstack-keystone httpd mod_wsgi 

# 变更配置文件
/etc/keystone/keystone.conf
[cache] 增加
memcache_servers = controller:11211

[database] 增加
connection = mysql+pymysql://keystone:Abc@123@controller/keystone

[token] 增加
provider = fernet

# 同步数据库
su -s /bin/bash -c "keystone-manage db_sync" keystone

# 初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# 建立bootstrap服务
keystone-manage bootstrap --bootstrap-password Abc@123 --bootstrap-admin-url http://controller:5000/v3/  --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

# 配置http服务
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl restart httpd && systemctl enable httpd

# 配置环境变量(管理员)
cat > ~/.openstack_admin << EOF
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=Abc@123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

# 建立用户、角色、服务、项目、域、端点
source  ~/.openstack_admin

openstack project create --domain default --description "Service Project" service

openstack domain create --description "Demo Domain" demo
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password Abc@123 demo
openstack role create demo
openstack role add --project demo --user demo demo

openstack domain list
openstack project list
openstack user list
openstack role list
openstack role assignment list

# 验证
unset OS_USERNAME OS_PASSWORD
openstack --os-project-name admin --os-username admin --os-password Abc@123 token issue
openstack --os-project-name demo --os-username demo --os-password Abc@123 token issue