openstack学习笔记六 多节点部署之keystone

keystone    对用户进行验证,每个组件必须得实用一个用户向keystone进行注册,只有成功了,那么这个组件才能正常工作。所以当我们在创建其他组件的时候,也包括keystone本身,都得为这个组件创建一个用户名和密码

keystone也必须知道这些组件到底在什么地方,比如在那台主机上。

User 住宾馆的人
Credentials 开启房间的钥匙
Authentication 宾馆为了拒绝不必要的人进出宾馆,专门设置的机制,只有拥有钥匙的人才能进出
Token 也是一种钥匙,有点特别
Tenant 宾馆
Service 宾馆可以提供的服务类别,比如,饮食类,娱乐类
Endpoint 具体的一种服务,比如吃烧烤,打羽毛球
Role VIP 等级,VIP越高,享有越高的权限 

[[email protected] ~]# source  keystonerc_admin
[[email protected] ~(keystone_admin)]# keystone  endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
|                id                |   region  |                    publicurl                    |                   internalurl                   |                  adminurl                  |            service_id            |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| 03bf88d48e2648149242a571684fbfce | RegionOne |            http://192.168.1.201:9696            |            http://192.168.1.201:9696            |         http://192.168.1.201:9696          | 1100243c5a694bc5857218dd0543297b |
| 1b5ccdf306484fefadc63d1eeb20de5d | RegionOne |             http://127.0.0.1:8774/v3            |             http://127.0.0.1:8774/v3            |          http://127.0.0.1:8774/v3          | 4bda82ded4db46f68428d4e00247c14c |
| 2408bc6cb5164053b86c0983fd39961a | RegionOne | http://192.168.1.201:8080/v1/AUTH_%(tenant_id)s | http://192.168.1.201:8080/v1/AUTH_%(tenant_id)s |         http://192.168.1.201:8080          | 30c62c3c0797462a8bd4ff059a71296e |
| 432e655e85614a5eb69b7de5c5aacf34 | RegionOne |    http://192.168.1.201:8776/v2/%(tenant_id)s   |    http://192.168.1.201:8776/v2/%(tenant_id)s   | http://192.168.1.201:8776/v2/%(tenant_id)s | 5d60cb24769e403cb10bb70cb1077f2b |
| 4d5c1e505b30467c9966a5e5e93feef0 | RegionOne |            http://192.168.1.201:9292            |            http://192.168.1.201:9292            |         http://192.168.1.201:9292          | 87d30bb0dd8e44ccba00127f77831e9e |
| 8683d84884d74e7c8a73513260aec774 | RegionOne |            http://192.168.1.201:8080            |            http://192.168.1.201:8080            |         http://192.168.1.201:8080          | e6ced100d94e4f3b86cccfc82e12b83a |
| 8fa0e177bac746f79e229f16954506fb | RegionOne |    http://192.168.1.201:8776/v1/%(tenant_id)s   |    http://192.168.1.201:8776/v1/%(tenant_id)s   | http://192.168.1.201:8776/v1/%(tenant_id)s | dc75a046272548db99e1cbbe93c2025c |
| 9006207b29a04700922ee55905a7f445 | RegionOne |    http://192.168.1.201:8774/v2/%(tenant_id)s   |    http://192.168.1.201:8774/v2/%(tenant_id)s   | http://192.168.1.201:8774/v2/%(tenant_id)s | 1c9e6e4d00824327bfe4e8e7175317e1 |
| a9ec253a705c4b3c9848b5bed32e9768 | RegionOne |     http://192.168.1.201:8773/services/Cloud    |     http://192.168.1.201:8773/services/Cloud    |  http://192.168.1.201:8773/services/Admin  | 81bbcf83509a42e9a867914cde84e9d4 |
| bcab3bbc3281451494428315b24b0dba | RegionOne |            http://192.168.1.201:8777            |            http://192.168.1.201:8777            |         http://192.168.1.201:8777          | 8f54fc4364de49efbeb72020bf2aa176 |
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne |          http://192.168.1.201:5000/v2.0         |          http://192.168.1.201:5000/v2.0         |      http://192.168.1.201:35357/v2.0       | 02ce8247c5924913a73422bcf5275c40 |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
[[email protected] ~(keystone_admin)]# keystone service-list     服务
+----------------------------------+------------+--------------+--------------------------------+
|                id                |    name    |     type     |          description           |
+----------------------------------+------------+--------------+--------------------------------+
| 8f54fc4364de49efbeb72020bf2aa176 | ceilometer |   metering   |   Openstack Metering Service   |
| dc75a046272548db99e1cbbe93c2025c |   cinder   |    volume    |         Cinder Service         |
| 5d60cb24769e403cb10bb70cb1077f2b |  cinderv2  |   volumev2   |       Cinder Service v2        |
| 87d30bb0dd8e44ccba00127f77831e9e |   glance   |    image     |    OpenStack Image Service     |
| 02ce8247c5924913a73422bcf5275c40 |  keystone  |   identity   |   OpenStack Identity Service   |
| 1100243c5a694bc5857218dd0543297b |  neutron   |   network    |   Neutron Networking Service   |
| 1c9e6e4d00824327bfe4e8e7175317e1 |    nova    |   compute    |   Openstack Compute Service    |
| 81bbcf83509a42e9a867914cde84e9d4 |  nova_ec2  |     ec2      |          EC2 Service           |
| 4bda82ded4db46f68428d4e00247c14c |   novav3   |  computev3   |  Openstack Compute Service v3  |
| 30c62c3c0797462a8bd4ff059a71296e |   swift    | object-store | Openstack Object-Store Service |
| e6ced100d94e4f3b86cccfc82e12b83a |  swift_s3  |      s3      |      Openstack S3 Service      |
+----------------------------------+------------+--------------+--------------------------------+
[[email protected] ~(keystone_admin)]# keystone  role-list            角色
+----------------------------------+---------------+
|                id                |      name     |
+----------------------------------+---------------+
| 7455105a501842e097e7825257eb5be4 | ResellerAdmin |
| 5d2a5d2f80d442e09b9c3d514ded412e | SwiftOperator |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 794f590d02344bafb280f37ff29433ae |     admin     |
+----------------------------------+---------------+
[[email protected] ~(keystone_admin)]#  keystone  role-create  --name  test1 
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 467d36315d9c4e529e9400c606f8d7a2 |
|   name   |              test1               |
+----------+----------------------------------+
[[email protected] ~(keystone_admin)]#  keystone  role-delete  test1
[[email protected] ~(keystone_admin)]# keystone  user-list    用户
+----------------------------------+------------+---------+----------------------+
|                id                |    name    | enabled |        email         |
+----------------------------------+------------+---------+----------------------+
| 1627cc3d61c04f9db9608e9703a01371 |   admin    |   True  |    [email protected]    |
| 04247710cdf34914a7f5b315ab166731 | ceilometer |   True  | [email protected] |
| cb5e12e30a4a4c1dae57255c184b8b30 |   cinder   |   True  |   [email protected]   |
| 632fb20205ea4c40988d7d65b2844ff6 |   glance   |   True  |   [email protected]   |
| 23c4fb48a5a247d68e50c6b74fb6f035 |    http    |   True  |                      |
| 80069f5c8edc454b8038e7f116df4ff5 |  neutron   |   True  |  [email protected]   |
| adbcaaf58d09495988b57be8e82b4e6b |    nova    |   True  |    [email protected]    |
| 4f488ff4859e4973afefea6e7872ed83 |   swift    |   True  |   [email protected]    |
+----------------------------------+------------+---------+----------------------+
[[email protected] ~(keystone_admin)]#  keystone  user-create  --name hequan  --pass hequan  --email  [email protected]
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |       [email protected]        |
| enabled  |               True               |
|    id    | 9d12907283b64b02a80f1e98074a9c84 |
|   name   |              hequan              |
| username |              hequan              |
+----------+----------------------------------+
[[email protected] ~(keystone_admin)]#  keystone  user-get     hequan              ##查看信息
[[email protected] ~(keystone_admin)]#  keystone  user-delete    hequan
[[email protected] ~(keystone_admin)]#  keystone  user-password-update    --pass  hequan1 hequan   ##密码更新
[[email protected] ~(keystone_admin)]#   keystone  user-role-add  --user hequan  --role  _member_  --tenant=http  #划分角色和租户
[[email protected] ~(keystone_admin)]# keystone tenant-list                租户
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| 43986fb013804aa0a04ca277e4d0e69c |  admin   |   True  |
| 1af10fa8077e4b52b3427786bb15e968 |   http   |   True  |
| 842da711a1b740ddbf006a9f0a7ee116 | services |   True  |       ##内置服务默认都属于services
+----------------------------------+----------+---------+
[[email protected] ~(keystone_admin)]# keystone tenant-create --name  123    ###创建租户123
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | c2a2e3aadf614bb08b1fc943157b668e |
|     name    |               123                |
+-------------+----------------------------------+
[[email protected] ~(keystone_admin)]# keystone tenant-delete   123

配置安装keystone

  1. 首先创建数据库
  2. 使用token登陆keystone
  3. 创建服务   endpoint
  4. 创建用户
  5. 关闭token登陆,使用admin登陆

基本环境

192.168.1.204       h4.hequan.com     h4                     ##  keystone

systemctl   stop    NetworkManager
systemctl   disable  NetworkManager

[[email protected] ~]# yum install centos-release-openstack-liberty
[[email protected] ~]# yum install  openstack-keystone openstack-utils  openstack-selinux  -y
[[email protected] ~]# openstack-db --init --service  keystone  --rootpw  123456    --password  keystone
keystone default DB is not mysql. Would you like to reset to mysql now? (y/n): y
mysql-server is not installed.  Would you like to install it now? (y/n): y
mysqld is not running.  Would you like to start it now? (y/n): y
Verified connectivity to MySQL.
Creating ‘keystone‘ database.
Initializing the keystone database, please wait...
Complete!
[[email protected] ~]# mysql -uroot -p123456
MariaDB [(none)]> show databases;

[[email protected] keystone]# openssl   rand -hex 10
73fa731f6fa567630fdd

[[email protected] keystone]# pwd
/etc/keystone
[[email protected] keystone]# vim keystone.conf
 
admin_token = 73fa731f6fa567630fdd
rabbit_host = localhost
rabbit_port = 5672
rabbit_hosts = $rabbit_host:$rabbit_port
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /
connection = mysql://keystone:[email protected]/keystone         ###用到上面写的用户名和密码

启动服务

[[email protected] keystone]# systemctl   list-unit-files  | grep keyston
openstack-keystone.service             disabled

[[email protected] keystone]# systemctl  start  openstack-keystone.service
[[email protected] keystone]# systemctl  enable  openstack-keystone.service

现在没有用户,只有token

cat keystone_token               ##创建文件
export   SERVICE_TOKEN=73fa731f6fa567630fdd
export   SERVICE_ENDPOINT=http://192.168.1.204:35357/ v2.0
export PS1=‘[\[email protected]\h \W(keystone_token)]\$ ‘

source keystone_token

ps aux | grep keystone

keystone  3343  1.5  1.6 321844 68704 ?        Ss   20:10   0:05 /usr/bin/python2 /usr/bin/keystone-all 

netstat -lntup | grep 35357
tcp        0      0 0.0.0.0:35357           0.0.0.0:*               LISTEN      3343/python2 

keystone service-list

[[email protected] ~]# keystone service-create --name keystone --type identity  --description="keystone"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |             keystone             |
|   enabled   |               True               |
|      id     | e0c6163cb7dd42098225f13a3fa4220e |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+
[[email protected] ~]# keystone  endpoint-create  --service-id  e0c6163cb7dd42098225f13a3fa4220e  --publicurl  ‘‘  --internalurl  ‘‘  --adminurl  ‘‘
可以找一个模板去抄

[[email protected] ~(keystone_admin)]# keystone  endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
|                id                |   region  |                    publicurl                    |                   internalurl                   |                  adminurl                  |            service_id            |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+ 
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne |          http://192.168.1.201:5000/v2.0         |          http://192.168.1.201:5000/v2.0         |      http://192.168.1.201:35357/v2.0       | 02ce8247c5924913a73422bcf5275c40 |
[[email protected] ~(keystone_admin)]# keystone service-list
| 02ce8247c5924913a73422bcf5275c40 |  keystone  |   identity   |   OpenStack Identity Service   |

[[email protected] ~]# keystone  endpoint-create  --service-id  e0c6163cb7dd42098225f13a3fa4220e  --publicurl  ‘http://192.168.1.201:5000/v2.0‘  --internalurl  ‘‘  --adminurl  ‘‘   --publicurl  ‘http://192.168.1.204:5000/v2.0‘  --internalurl  ‘http://192.168.1.204:5000/v2.0‘  --adminurl  ‘http://192.168.1.204:35357/v2.0‘ 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  | http://192.168.1.204:35357/v2.0  |
|      id     | 810e5faef22f44aebd17f55d1808e3c5 |
| internalurl |  http://192.168.1.204:5000/v2.0  |
|  publicurl  |  http://192.168.1.204:5000/v2.0  |
|    region   |            regionOne             |
|  service_id | e0c6163cb7dd42098225f13a3fa4220e |
+-------------+----------------------------------+

创建管理员

[[email protected] ~]# keystone tenant-create  --name  admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | 3a331dd90062458b8fcc259ce84be0e5 |
|     name    |              admin               |
+-------------+----------------------------------+
[[email protected] ~]# keystone role-create --name admin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | c63ed09a433144108a23a592632e2e08 |
|   name   |              admin               |
+----------+----------------------------------+

[[email protected] ~]# keystone  user-create --name admin --pass 123456
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 172b6a61991e4fbeafe9039688eb2afc |
|   name   |              admin               |
| username |              admin               |
+----------+----------------------------------+

[[email protected] ~]# keystone  user-role-add  --user admin --tenant admin --role admin
[[email protected] ~]# cp keystone_token keystone_token_admin
[[email protected] ~(keystone_admin)]# cat keystone_token_admin
unset   SERVICE_TOKEN
unset   SERVICE_ENDPOINT
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://192.168.1.204:35357/v2.0
export PS1=‘[\[email protected]\h \W(keystone_admin)]\$ ‘

[[email protected] ~(keystone_admin)]# keystone user-list         ##可以看到就表示成功了
+----------------------------------+-------+---------+-------+
|                id                |  name | enabled | email |
+----------------------------------+-------+---------+-------+
| 172b6a61991e4fbeafe9039688eb2afc | admin |   True  |       |
+----------------------------------+-------+---------+-------+

关闭token验证

  12 #admin_token = 73fa731f6fa567630fdd                                               
  13

至此安装完成。

时间: 2024-12-17 15:09:31

openstack学习笔记六 多节点部署之keystone的相关文章

openstack学习笔记五 多节点部署之 rabbitmq信息中枢与元数据

元数据 rabbitmq信息中枢 rabbitmq信息中枢 所有组件通信的时候 实用 AMQP 高级消息队列 qpid rabbitmq    端口5672       sll加密 5671 192.168.1.201       h1.hequan.com     h1 192.168.1.202       h2.hequan.com     h2 192.168.1.203       h3.hequan.com     h3 在h3上操作  配置YUM源   把openstack软件包上

OpenStack 学习笔记(六):OpenStack neutron服务搭建

--先决条件 1.)创建数据库 MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)

python之raw_input()(学习笔记六)

python之raw_input()(学习笔记六) 我们经常使用raw_input()读取用户的输入,如下例子所示: >>> name = raw_input('please input your name:'),截图如下: 下面简单说下,raw_input()与if搭配使用,脚本如下: #!/usr/bin/env python # -*- coding:utf-8 -*- birth = raw_input('birth:') if birth < 2000: print '0

swift学习笔记(六)析构过程和使用闭包对属性进行默认值赋值

一.通过闭包和函数实现属性的默认值 当某个存储属性的默认值需要定制时,可以通过闭包或全局函数来为其提供定制的默认值. 注:全局函数结构体和枚举使用关键字static标注    函数则使用class关键字标注 当对一个属性使用闭包函数进行赋值时,每当此属性所述的类型被创建实例时,对应的闭包或函数会被调用,而他们的返回值会被作为属性的默认值. ESC: Class SomeCLass{ let someProperty:SomeType={ //给someProperty赋一个默认值 //返回一个与

java之jvm学习笔记六-十二(实践写自己的安全管理器)(jar包的代码认证和签名) (实践对jar包的代码签名) (策略文件)(策略和保护域) (访问控制器) (访问控制器的栈校验机制) (jvm基本结构)

java之jvm学习笔记六(实践写自己的安全管理器) 安全管理器SecurityManager里设计的内容实在是非常的庞大,它的核心方法就是checkPerssiom这个方法里又调用 AccessController的checkPerssiom方法,访问控制器AccessController的栈检查机制又遍历整个 PerssiomCollection来判断具体拥有什么权限一旦发现栈中一个权限不允许的时候抛出异常否则简单的返回,这个过程实际上比我的描述要复杂 得多,这里我只是简单的一句带过,因为这

OpenStack 学习笔记

1 安装 2 管理 3 监控 书籍推荐:OpenStack Cloud Computing Cookbook OpenStack 学习笔记

初探swift语言的学习笔记六(ARC-自动引用计数,内存管理)

Swift使用自动引用计数(ARC)来管理应用程序的内存使用.这表示内存管理已经是Swift的一部分,在大多数情况下,你并不需要考虑内存的管理.当实例并不再被需要时,ARC会自动释放这些实例所使用的内存. 另外需要注意的: 引用计数仅仅作用于类实例上.结构和枚举是值类型,而非引用类型,所以不能被引用存储和传递. swift的ARC工作过程 每当创建一个类的实例,ARC分配一个内存块来存储这个实例的信息,包含了类型信息和实例的属性值信息. 另外当实例不再被使用时,ARC会释放实例所占用的内存,这些

Linux System Programming 学习笔记(六) 进程调度

1. 进程调度 the process scheduler is the component of a kernel that selects which process to run next. 进程调度器需要使 处理器使用率最大化,并且提供 使多个进程并发执行的虚拟 Deciding which processes run, when, and for how long is the process scheduler's fundamental responsibility. 时间片:th

Citrix XenMobile学习笔记之七:XenMobile部署方式

XenMobile有3个版本,分别有不同的部署方式,既可以单独部署,也可以混合部署. XenMobile MDM版部署方式 部署方式一:在传统的DMZ区部署 部署方式二:在DMZ区后面部署(直通DMZ区) 部署方式三:负载均衡的MDM服务器部署 部署方式四:XNC的MDM部署 XenMobile App版部署方式 部署方式一:POC方式部署 部署方式二:和ShareFile集成部署 部署方式三:MDM和MAM集成部署 部署方式四:高可用部署 XenMobile Enterprise版部署方式 部