**1. Install and configure Keystone**
Install the Keystone package
yum -y install openstack-keystone httpd mod_wsgi
View user/user group information, passwd file contains all keystone string lines
cat /etc/passwd | grep keystone
cat /etc/group | grep keystone
Enter MariaDB database server
mysql -uroot -p123456
Create a new "keystone" database
CREATE DATABASE keystone;
Authorize the user to use the new database
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
exit database
quit;
**2. Configure Keystone**
Modify the configuration file
vi /etc/keystone/keystone.conf
Modify content
#修改“[database]”部分实现与数据库连接
connection = mysql+pymysql://keystone:123456@controller/keystone
#修改“[token]”部分配置令牌的加密方式
provider = fernet
Initialize the Keystone database
su keystone -s /bin/sh -c "keystone-manage db_sync"
**3. Keystone component initialization**
Initialize the Fernet keystore
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
And generate two Fernet keys under the directory. These two keys are used to encrypt and decrypt user credentials.
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Initialize user identity authentication information
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url
http://controller:5000/v3 --bootstrap-internal-url http://controller:5000/v3
--bootstrappublic-url http://controller:5000/v3 --bootstrap-region-id RegionOne
Configuring Web Services (1)
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
Modify the Apache server configuration and start the Apache service
vi /etc/httpd/conf/httpd.conf
#修改“ServerName”的值为Web服务所在的域名或IP地址。
ServerName controller
Restart the Apache service
#定义端口:
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 5000
systemctl enable httpd
systemctl start httpd
**4. Simulation login verification**
Create an initialization environment variable file
vi admin-login
#添加以下内容
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Import environment variables for verification
source admin-login
You can then view existing environment variables with
export -p
Detect Keystone service
openstack project create --domain default project
view list
openstack project list
Creating a Role
openstack role create user
#查看角色列表
openstack role list