openstack-2-Keystone

一 Keystone 服务介绍

二 安装配置

测试下
[root@linux-node3 ~]# mysql -h 10.0.0.17 -u keystone –pkeystone
MariaDB [(none)]> show databases;
±-------------------+
| Database |
±-------------------+
| information_schema |
±-------------------+
1 row in set (0.00 sec)

这里忘记创建数据库了，用root身份创建个
MariaDB [(none)]> CREATE DATABASE keystone;

这里要添加yum源
[OpenStack-Newtron]
name=OpenStack-Newtron
baseurl=http://vault.centos.org/7.6.1810/cloud/x86_64/openstack-pike/
gpgcheck=0
enabled=1

[root@linux-node3 ~]# yum install openstack-keystone httpd mod_wsgi
[root@linux-node3 yum.repos.d]# vim /etc/keystone/keystone.conf
[database] -----643 配置数据库
connection = mysql+pymysql://keystone:keystone@10.0.0.17/keystone -----661行 配置数据库
provider = fernet ----2758行

同步数据库,并且验证
[root@linux-node3 ~]# su -s /bin/sh -c “keystone-manage db_sync” keystone
初始化Fernet keys：
[root@linux-node3 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node3 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

初始化
[root@linux-node3 keystone]# keystone-manage bootstrap --bootstrap-password admin \

–bootstrap-admin-url http://10.0.0.17:35357/v3/
–bootstrap-internal-url http://10.0.0.17:5000/v3/
–bootstrap-public-url http://10.0.0.17:5000/v3/
–bootstrap-region-id RegionOne

[root@linux-node3 keystone]# vim /etc/httpd/conf/httpd.conf
ServerName 10.0.0.17:80 —96行

[root@linux-node3 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@linux-node3 conf.d]# systemctl start httpd

[root@linux-node3 conf.d]# systemctl enable httpd
[root@linux-node3 conf.d]# systemctl enable rabbitmq-server mariadb

5000端口和35357 —keyston
35357 用来做管理 5000做公共服务的

设个环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.0.0.17:35357/v3/
export OS_IDENTITY_API_VERSION=3

node4装的包

创建service项目：为了演示用的
[root@linux-node3 ~]# openstack project create --domain default \

–description “Service Project” service
–description “Service Project” service

创建demo项目
[root@linux-node3 ~]# openstack project create --domain default \

–description “Demo Project” demo

创建demo 用户：
[root@linux-node3 ~]# openstack user create --domain default \

–password-prompt demo

创建角色
[root@linux-node3 ~]# openstack role create user

添加 user角色到demo 项目和用户：
[root@linux-node3 ~]# openstack role add --project demo --user demo user

重置环境变量：
[root@linux-node3 ~]# unset OS_AUTH_URL OS_PASSWORD

作为 admin 用户，请求认证令牌：
[root@linux-node3 ~]# openstack --os-auth-url http://10.0.0.17:35357/v3 \

–os-project-domain-name default --os-user-domain-name default
–os-project-name admin --os-username admin token issue —回车以后输入admin密码

作为demo用户，请求认证令牌：
[root@linux-node3 ~]# openstack --os-auth-url http://10.0.0.17:35357/v3 \

–os-project-domain-name default --os-user-domain-name default
–os-project-name admin --os-username admin token issue —输入密码demo

创建环境变量的脚本
[root@linux-node3 ~]# vim admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://10.0.0.17:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@linux-node3 ~]# vim demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://10.0.0.17:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

测试下
[root@linux-node3 ~]# source admin-openstack.sh
[root@linux-node3 ~]# openstack token issue

日志位置：
[root@linux-node3 ~]# tail -f /var/log/keystone/keystone.log