本章节安装配置keystone身份认证服务
创建数据库
[root@controller ~]# mysql -uroot -p123456
# 创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
# 授予数据库访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ \
-> IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ \
-> IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
Query OK, 0 rows affected (0.00 sec)
# 用合适的密码替换KEYSTONE_DBPASS。 2.安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
3.编辑/etc/keystone/keystone.conf文件
[root@controller ~]# cd /etc/keystone/ [root@controller keystone]# cp keystone.conf keystone.conf.bak [root@controller keystone]# egrep -v "^#|^$" keystone.conf.bak > keystone.conf [root@controller keystone]# vim keystone.conf 添加如下内容
[database] ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token] ... provider = fernet
4.导入数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
5.初始化Fernet key存储库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6.引导身份认证
# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
7.配置http服务器
[root@controller ~]# sed -i ‘s/#ServerName www.example.com:80/ServerName controller/g‘ /etc/httpd/conf/httpd.conf [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
8.启动http服务
[root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service [root@controller ~]# netstat -lntp |grep http tcp6 0 0 :::5000 :::* LISTEN 22888/httpd tcp6 0 0 :::80 :::* LISTEN 22888/httpd tcp6 0 0 :::35357 :::* LISTEN 22888/httpd
9.配置管理用户
[root@controller ~]# export OS_USERNAME=admin [root@controller ~]# export OS_PASSWORD=admin [root@controller ~]# export OS_PROJECT_NAME=admin [root@controller ~]# export OS_USER_DOMAIN_NAME=Default [root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default [root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3 [root@controller ~]# export OS_IDENTITY_API_VERSION=3
10.创建用户、域、角色
[root@controller ~]# openstack project create --domain default --description "Service Project" service
1
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
1
[root@controller ~]# openstack user create --domain default --password-prompt demo
1
[root@controller ~]# openstack role create user
1
[root@controller ~]# openstack role add --project demo --user demo user
1
11.验证
# unset OS_AUTH_URL OS_PASSWORD # openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue # 密码admin # openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue # 密码123456
本文出自 “linux运维” 博客,请务必保留此出处http://lijiawang.blog.51cto.com/10156897/1890742
原文:http://lijiawang.blog.51cto.com/10156897/1890742