Identity Services (Identity Service): Keystone. Provides authentication, service rules and service tokens for OpenStack other services, management Domains, Projects, Users, Groups, Roles. From Essex version integrated into the project.
We will keystone deployed to the controller;
1. We need to connect to the database; you need to install python2-PyMySQL;
[root@sxb2 ~]# yum install python2-PyMySQL -y
2. Configure a mysql; restart the service;
[root@sxb2 ~]# vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 192.168.88.102 本机的地址 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
3. Install and configure assembly; set to boot from the start, and this starts;
yum install rabbitmq-server
[root@sxb2 ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@sxb2 ~]# systemctl start rabbitmq-server.service
4. Create a OpenStack user; and authorization;
[root@sxb2 ~]# rabbitmqctl add_user openstack 123 Creating user "openstack" [root@sxb2 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/"
5. Installation memcache, configuration component;
yum install memcached python-memcached [root@sxb2 ~]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1,192.168.88.102" 加上自己的IP地址
6. Start memcache, and arranged to boot from the start;
[root@sxb2 ~]# systemctl enable memcached.service Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [root@sxb2 ~]# systemctl start memcached.service
Our preparation is complete; then we begin to install a minimal version Stein
1. We must first complete the configuration of user authentication services; create mysql keystone libraries, and authorized;
mysql> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123'; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123' -> ; Query OK, 0 rows affected, 1 warning (0.00 sec)
2. Install the software; configuration files;
[sxb2 the root @ ~] # yum the install openstack- Keystone the httpd mod_wsgi [sxb2 the root @ ~] # Vim / etc / Keystone / keystone.conf [Database] Connection = MySQL + pymysql: // Keystone: [email protected]/keystone It should be changed to just authorized mysql password, IP [token] Provider = Fernet
3. Update the database;
su -s /bin/sh -c "keystone-manage db_sync" keystone
4. Initialize Fernet keystore;
[root@sxb2 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@sxb2 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group
5. Identity boot service configuration; admin, internal, public;
[root@sxb2 ~]# keystone-manage bootstrap --bootstrap-password 123 --bootstrap-admin-url http://192.168.88.102:5000/v3/ --bootstrap-internal-url http://192.168.88.102:5000/v3/ --bootstrap-public-url http://192.168.88.102:5000/v3/ --bootstrap-region-id RegionOne
6. Configure the httpd service;
[sxb2 the root @ ~] # Vim / etc / the httpd / the conf / the httpd.conf ServerName sxb2. 102 .com into their IP
7. Create a symbolic link to the httpd service;
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
8. Start, and arranged to boot from the start;
[root@sxb2 ~]# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@sxb2 ~]# systemctl start httpd.service
We created two users in advance
[root@sxb2 ~]# vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123 export OS_AUTH_URL=http://192.168.88.102:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
[root@sxb2 ~]# vim demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=myproject export OS_USERNAME=myuser export OS_PASSWORD=123 export OS_AUTH_URL=http://192.168.88.102:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
The next phase of our domain, project, and user roles
1. We want to create a new domain; first make sure that it must be the admin user;
[root@sxb2 ~]# . admin-openrc [root@sxb2 ~]# openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 2f4f7bf3bb6545f9b4e5f6bbac653d6d | | name | example | | tags | [] | +-------------+----------------------------------+
2. Create a service project in the domain;
[root@sxb2 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | d6b9b42ec4de4a1fbd0574f2b23f883f | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+
3. Create a myproject project;
[root@sxb2 ~]# openstack project create --domain default --description "Demo Project" myproject +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | a6dc8ef37cb543599c98083af439b8a0 | | is_domain | False | | name | myproject | | parent_id | default | | tags | [] | +-------------+----------------------------------+
4. Create myuser user, and password;
[root@sxb2 ~]# openstack user create --domain default --password-prompt myuser User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | d9128e749b944e5e86422e917d910145 | | name | myuser | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
5. Create myrole role;
[root@sxb2 ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | c3e9e6bb3f634807967ef128433334df |
| name | myrole |
+-------------+----------------------------------+
6. myuser added to the myproject project and role-myrole to manage the project;
openstack role add --project myproject --user myuser myrole
Here our keystone components to configure complete, the next verify
1. Cancel the environment variables, admin for authentication;
[root@sxb2 ~]# unset OS_AUTH_URL OS_PASSWORD [root@sxb2 ~]# openstack --os-auth-url http://192.168.88.102:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue Password: +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | + ------------ + ------------------------------------ -------------------------------------------------- -------------------------------------------------- ------------------------------------------------- + | expires | 2019 - 08 -10T13: 42 : 33 + 0000 | | id | gAAAAABdTru5XE9SIQFDp1POA_UXdgNkusBk3Sj4PFqFc7w9WBseyMI0uutM7M6WOrcYkZofJayT8Sbo0WXV7LojJmPBzJhaxtHV9bztHeS0M8rjc-8AfQoSZ9xkMng0pq4j_oA72RdfWOLTC13WY48d18W2ytUqaqCLXhrd39d3FiIV0xqt2dQ | | project_id | 0efc3e774118464eb39800063ad7a64b | | user_id | d17347f078034a83900df5d0b6f4a644 | +------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2.myuser for authentication;
[root@sxb2 ~]# openstack --os-auth-url http://192.168.88.102:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue Password: No password entered, or found via --os-password or OS_PASSWORD [root@sxb2 ~]# openstack --os-auth-url http://192.168.88.102:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue Password: +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | + ------------ + ------------------------------------ -------------------------------------------------- -------------------------------------------------- ------------------------------------------------- + | expires | 2019 - 08 -10T13: 47 : 03 + 0000 | | id | gAAAAABdTrzHyiYveXthqNw_rkcGCS_lqYgE4rLB9YvOkcuDzdbwDnUZMTswP9ZrZu3ORRBj9QygPfFuW2e2XLY7Ua6Buq16BVVbut_R5QUU3359bzy2gkb63ixyJLfKwAEaLGl6ViJ_0qMb4WiHAdA80_Fyg5VWCAPQZ1aDt0oalDfvHCMLtJo | | project_id | a6dc8ef37cb543599c98083af439b8a0 | | user_id | d9128e749b944e5e86422e917d910145 | + ------------ + ------------------------------------ -------------------------------------------------- -------------------------------------------------- --------------------------------------------
In the next chapter we glance configuration;