First, install some basic routines Opnstack service installed:
1, database creation
2, the installation package corresponding to the service and modify the configuration file
3, create a corresponding service and register api
First, the database
Official documents https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html
1, create a database and user keystone
mysql -uroot -p123456 MariaDB [(none)]> CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
2, whether connected to the test control terminal
mysql -ukeystone -pkeystone123 -hopenstack-mysql.heng.net
Second, the installation package corresponding to the service and modify the configuration file
1, the operation of the control terminal mounting package keystone
OpenStack Keystone httpd-install yum mod_wsgi # mod_wsgi for httpd service call python
2, modify the keystone profile
we /etc/keystone/keystone.conf
[database] search the database section Connection = MySQL + pymysql: // Keystone: [email protected]/keystone [token] # ... Provider = Fernet remove comments
3, generates a database table keystone
su -s /bin/sh -c "keystone-manage db_sync" keystone
4 generates validation file fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5, edit apache configuration file
we /etc/httpd/conf/httpd.conf
ServerName 192.168.12.17:80
6, create a soft link /usr/share/keystone/wsgi-keystone.conf, this is calling the python apache configuration file, listening 5000 port
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ systemctl start httpd.service systemctl enable httpd.service
Third, create a corresponding service and register api
1, Openstack Now that there is no account number and password, keystone unable to provide certification services, is to get a token, it is possible to directly define a certified service token, bypass authentication
openssl rand -hex 10 3fdcd4af381781fda580
we /etc/keystone/keystone.conf
admin_token = 3fdcd4af381781fda580
After modifying the database synchronization once again written to the database
su -s /bin/sh -c "keystone-manage db_sync" keystone
2, to see if there is an error log
keystone log file:
ll /var/log/keystone/keystone.log
3, define environment variables
export OS_TOKEN=3fdcd4af381781fda580 export OS_URL=http://192.168.12.17:5000/v3 export OS_IDENTITY_API_VERSION=3
echo $ OS_TOKEN confirm whether the setting is successful
4. Create a default domain
openstack domain create --description "Default Domain" default
5, create a project admin
openstack project create --domain default --description "Admin Project" admin
6, create an admin user and set a password for the admin:
[root@controller1 ~]#openstack user create --domain default --password-prompt admin User Password: Repeat User Password:
7, create an admin role and user authorization to amdin
openstack role create admin openstack role add --project admin --user admin admin
8, create a demo project and user
openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password-prompt demo User Password: Repeat User Password: openstack role create user openstack role add --project demo --user demo user
9, create a service project
openstack project create --domain default --description "Service Project" service
10, create an authentication service
--name Keystone --description the Create Service OpenStack "OpenStack the Identity" the Identity [root @ controller1 ~] # #openstack Service List view the current service
11, registered to the authentication service api
openstack endpoint create --region RegionOne identity admin http://openstack-vip.heng.net:5000/v3 openstack endpoint create --region RegionOne identity public http://openstack-vip.heng.net:5000/v3 openstack endpoint create --region RegionOne identity internal http://openstack-vip.heng.net:5000/v3
12, test keystone whether user authentication can be done to open a new terminal
[root@controller1 ~]#export OS_IDENTITY_API_VERSION=3 [root@controller1 ~]#openstack --os-auth-url http://openstack-vip.heng.net:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
# Enter this command without entering a password to display the results, it means success
13, after the user authentication can already do not need to manually specify the token to manage the file has been less than the token, and delete
we /etc/keystone/keystone.conf
14, script defines two environment variables, variables defined by these two scripts, call the corresponding api
we scripts / admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://openstack-vip.heng.net:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
we scripts / demo-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://openstack-vip.heng.net:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
15, using a script, this result represents the keystone appear successful installation service
source demo-stein.sh openstack token issue