OpenStack 安装:keystone服务

在前面的章节里面,我们配置了基本环境,也安装keystone服务,并且创建了keystone的数据库,在这一篇里面,我们说怎么配置keystone。

首先编辑keystone服务,需要修改如下数据

[[email protected] ~]# grep ‘^[a-Z]‘ /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:[email protected]/keystone 

provider = fernet

将keystone服务同步到数据库

[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

验证同步是否成功,如果成功,应该有如下输出

[[email protected] ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |

初始化Fernet key 资源库

[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected]-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone- group keystone
[[email protected]-node1 ~]#

验证初始化是否成功,如果fernet-keys & credential-keys 下面多了两个文件,则为正确

[[email protected] ~]# cd /etc/keystone/ [[email protected] keystone]# tree fernet-keys/ fernet-keys/
├── 0
└── 1
0 directories, 2 files
[[email protected]-node1 keystone]# tree credential-keys/ credential-keys/
├── 0
└── 1
0 directories, 2 files

启动keystone服务

[[email protected] keystone]# keystone-manage bootstrap --bootstrap-password admin > --bootstrap-admin-url http://192.168.56.11:35357/v3/ \
> --bootstrap-internal-url http://192.168.56.11:5000/v3/ \
> --bootstrap-public-url http://192.168.56.11:5000/v3/ \
> --bootstrap-region-id RegionOne
[[email protected]-node1 keystone]#

因为keystone需要用httpd服务来运行,这里配置一下httpd.conf

[[email protected] keystone]# vim /etc/httpd/conf/httpd.conf
#line 96:
ServerName 192.168.56.11:80

创建链接

[[email protected] keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

将httpd启动并设置为开机启动

[[email protected]node1 httpd]# systemctl start httpd
[[email protected]-node1 httpd]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

将前面遗漏的rabbitmq和database也设置为开机启动

[[email protected] httpd]# systemctl enable rabbitmq-server mariadb

配置admin用户环境变量

[[email protected] ~]# cat admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3

安装openstack客户端

[[email protected] ~]# yum install python-openstackclient openstack-selinux -y

在本文档中,给每个服务用一个只包含唯一user的service project,现在创建这个 service project

#首先需引入环境变量
[[email protected]-node1 ~]# source admin-openstack.sh
[[email protected]-node1 ~]# openstack project create --domain default \ > --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True
| id | 773e022475654ab0a4fbbfd66dec62bd |
| is_domain | False
| name | service |
| parent_id | default |
+-------------+----------------------------------+
[[email protected]-node1 ~]#

一般的任务应该有一个未授权的项目和user,现在我们创建这个demo(non-admin)用户和项目

[[email protected] ~]# openstack project create --domain default \ > --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True
| id | 1d5b969df6da43e69e4a956297404f5c |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
[[email protected]-node1 ~]#
Create the demo user:
[[email protected]-node1 ~]# openstack user create --domain default > --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 291f02337e514343a09a92932a86fd22 |
| name | demo
|  options | {} |
| password_expires_at | None |
+-----------+----------------------------------+

创建user角色

[[email protected] ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 8996a91ed1214d82b107ca0e9aa94b15 |
| name | user |
+-----------+----------------------------------+

将user角色赋予demo project 和user

[[email protected] ~]# openstack role add --project demo --user demo user
[[email protected]-node1 ~]#

验证刚才所做的操作

首先unset环境变量 OS_AUTH_URL and OS_PASSWORD

[[email protected] ~]# unset OS_AUTH_URL OS_PASSWORD

用admin用户生成token

[[email protected] ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default >   --os-project-name admin --os-username admin token issue
Password:
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value
|
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| expires    | 2018-01-11T07:31:39+0000 |
| id         | gAAAAABaVwTLT729scUG7kebG-S6MuXD2Ta9caG-
IowiOBR5D4yQhs3xFdZTBEFbc-XKSzdpnJxT-
J6DeQPy0uIZOExYFReTs_938NpQ5CWl_AzwNn5ZTAKrzj41d7_rQX6GYHLWDv4HGJG8_lTp_Ba9N0nsY
oDJ13r3pMJ28qgk1KT56T8L9Ys |
| project_id | fb6761ab3d3d43569d5fdfafcdfa5e28 |
| user_id    | d010fba89633421a800698b0e5300d50 |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
[[email protected]-node1 ~]#

用demo用户生成token

[[email protected] ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default >   --os-project-name demo --os-username demo token issue
Password:
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| expires    | 2018-01-11T07:34:04+0000 |
| id         | gAAAAABaVwVcKzYPlTB9sg-
x21HDgCyCBqujQO4dqDaawlOSBixQFiSnFgRCiNx48MsLrLsGmX1o6HqcBOo84xPBy1UQIfUQlNhszd5
a_FpkHjY9AK61QTWV-AKBCzGUNJzyT7PNzs82ANF1K5dOltTsDVx40pmYMc0C6zXjIjHZsU2yuVLPOmY
|
| project_id | 1d5b969df6da43e69e4a956297404f5c |
| user_id    | 291f02337e514343a09a92932a86fd22 |
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+

编辑demo用户的环境变量

[[email protected] ~]# cat demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

导入demo环境变量,用openstack token issue可以直接为demo用户生成token

[[email protected] ~]# source demo-openstack.sh
[[email protected]-node1 ~]# openstack token issue
+------------
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------+
| Field      | Value
|
+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+
| expires | 2018-01-11T07:37:38+0000 |
| id | gAAAAABaVwYysLrhxRdCprzhvU6r1S_kG3qo6bLNxjpq2IX_Ezwg1dAjnqPGXHMD5nYzqVyGViZQtJ5p W8IJDv0JN6Y9nT1hDbD-P- BRrhw0ki6eaSgoR0PiofIK1DmT3EV_RkPWT0Gd_CnEjbJFM6UcNts6E8tVsXku3vJZPG2GmIXcwLlqza M|
| project_id | 1d5b969df6da43e69e4a956297404f5c |
| user_id | 291f02337e514343a09a92932a86fd22 |
+------------ +------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------+
[[email protected]-node1 ~]#

同理也可导入admin环境变量,用openstack token issue为admin用户生成环境变量

keystone服务的安装配置介绍到这里

原文地址:https://www.cnblogs.com/nurruden/p/8270059.html

时间: 2024-10-20 20:05:17

OpenStack 安装:keystone服务的相关文章

CentOS 7部署OpenStack(2)—安装keystone服务

1.创建数据库 [[email protected] ~]# mysql -u root -p -e "CREATE DATABASEkeystone;" Enter password: [[email protected] ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';" Enter passw

OpenStack 认证服务 KeyStone 服务注册(五)

创建服务实体和API端点 创建服务 openstack service create --name keystone --description "OpenStack Identity" identity 创建endpoint OpenStack使用三个API端点变种代表每种服务:admin,internal和public.默认情况下,管理API端点允许修改用户和租户而公共和内部APIs不允许这些操作.在生产环境中,处于安全原因,变种为了服务不同类型的用户可能驻留在单独的网络上.对实例

OpenStack 学习笔记(三):OpenStack keystone服务搭建

--先决条件 1.)创建数据库 MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> GRANT ALL

OpenStack核心组件-keystone

1. Keystone介绍 keystone是OpenStack的组件之一,用于为OpenStack家族中的其它组件成员提供统一的认证服务,包括身份验证.令牌的发放和校验.服务列表.用户权限的定义等等.云环境中所有的服务之间的授权和认证都需要经过 keystone. 因此 keystone 是云平台中第一个即需要安装的服务. 作为 OpenStack 的基础支持服务,Keystone 做下面这几件事情: ?   管理用户及其权限 ?    维护 OpenStack Services 的 Endp

Openstack 安装部署指南翻译系列 之 Keystone服务安装(Identity)

OpenStack系统由分开安装的几个关键服务组成.这些服务可根据其他云需求一起工作,包括计算(Compute),身份(Identity),网络(Networking),镜像(Image),块存储(Block Storage),对象存储(Object Storage),计量(Telemetry),编排(Orchestration)和数据库(Database)服务.可以单独安装任何这些项目,并将其配置为独立的或连接的实体. 本节介绍如何在控制器节点上安装和配置OpenStack Identity服

openstack O版 安装keystone、memcached 、httpd服务

安装keystone.memcached .httpd服务[[email protected] ~]# yum -y install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached openstack-utils[[email protected] ~]# systemctl enable memcached.service[[email protected] ~]# syst

二、openstack安装之keystone安装篇

一.keystone简介 Keystone(OpenStack Identity Service)是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Identity API.Keystone类似一个服务总线, 或者说是整个Openstack框架的注册表, 其他服务通过keystone来注册其服务的Endpoint(服务访问的URL),任何服务之间相互的调用, 需要经过Keystone的身份验证, 来获得目标服务的Endpoint来找到目标服务. 二

OpenStack基础学习及keystone服务配置

一.openstack基础学习 OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目. OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作.OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单.可大规模扩展.丰富.标准统一的云计算管理平台.OpenStack通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供API以进行集成. 二.环

OpenStack监控测量服务Ceilometer安装及 API说明

1.Ceilometer是做什么的 Ceilometer是OpenStack中的一个子项目,它像一个漏斗一样,能把OpenStack内部发生 的几乎所有的事件都收集起来,然后为计费和监控以及其它服务提供数据支撑.Ceilometer的核心架构图 2.OpenStack监控测量服务Ceilometer安装 2.1 到github下载最新的ceilometer代码 2.2安装mongodb, 由于ceilometer采用mongodb作为默认数据持久化数据库,所以需要先安装mongodb apt-g