OpenStack authentication service (Keystone)

Language 2023-09-06 20:06:57 views: null
**1. Install and configure Keystone**
Install the Keystone package
yum -y install openstack-keystone httpd mod_wsgi
View user/user group information, passwd file contains all keystone string lines
cat /etc/passwd | grep keystone
cat /etc/group | grep keystone
Enter MariaDB database server
mysql -uroot -p123456
Create a new "keystone" database
CREATE DATABASE keystone;
Authorize the user to use the new database
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
exit database
quit;
**2. Configure Keystone**
Modify the configuration file
vi /etc/keystone/keystone.conf

Modify content

#修改“[database]”部分实现与数据库连接 
connection = mysql+pymysql://keystone:123456@controller/keystone 
#修改“[token]”部分配置令牌的加密方式 
provider = fernet

Initialize the Keystone database

su keystone -s /bin/sh -c "keystone-manage db_sync"
**3. Keystone component initialization**
Initialize the Fernet keystore
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
And generate two Fernet keys under the directory. These two keys are used to encrypt and decrypt user credentials.
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Initialize user identity authentication information
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url
http://controller:5000/v3 --bootstrap-internal-url http://controller:5000/v3
--bootstrappublic-url http://controller:5000/v3 --bootstrap-region-id RegionOne
Configuring Web Services (1)
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
Modify the Apache server configuration and start the Apache service
vi /etc/httpd/conf/httpd.conf

#修改“ServerName”的值为Web服务所在的域名或IP地址。
ServerName controller
Restart the Apache service
#定义端口:
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 5000

systemctl enable httpd
systemctl start httpd
**4. Simulation login verification**
Create an initialization environment variable file
vi admin-login

#添加以下内容
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Import environment variables for verification
source admin-login
You can then view existing environment variables with
export -p

Detect Keystone service

openstack project create --domain default project

view list

openstack project list

Creating a Role

openstack role create user

#查看角色列表
openstack role list

Guess you like

Origin blog.csdn.net/xiaoyu070321/article/details/131345571
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com