OpenStack Pike Minimal安装：二、身份认证

1.在controller节点上安装keystone

[email protected] ~]# yum install openstack-keystone httpd mod_wsgi -y

2.配置

[[email protected] ~]# vim /etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[token]
provider = fernet

3.填充数据库

[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#日志文件所处位置
[[email protected] ~]# ll /var/log/keystone/keystone.log
-rw-rw---- 1 root keystone 16062 Sep  4 01:05 /var/log/keystone/keystone.log
#查看数据库
[[email protected] ~]# mysql -h controller -ukeystone -pkeystone -e "use keystone;show tables;"

4.初始化Fernet key

[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5.初始化服务

# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

6.配置httpd

[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
#修改ServerName为主机名
ServerName controller

[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

[[email protected] ~]# systemctl enable httpd.service
[[email protected] ~]# systemctl start httpd.service

7.创建登陆脚本

[[email protected] ~]# cat admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[[email protected] ~]# cat demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

8.创建domain, projects, users, and roles

#先使用脚本登陆admin
[[email protected] ~]# . admin-openstack.sh

①创建service project

openstack project create --domain default --description "Service Project" service

②创建demo project

openstack project create --domain default --description "Demo Project" demo

③创建demo user

openstack user create --domain default --password-prompt demo

④创建 user role

openstack role create user

⑤将user role添加到demo project和user

openstack role add --project demo --user demo user

9.验证操作

①注销登陆

[[email protected] ~]# unset OS_AUTH_URL OS_PASSWORD

②验证admin用户

openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

③验证demo用户

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

④使用脚本查看

[[email protected] ~]# . admin-openstack.sh
[[email protected] ~]# openstack token issue

原文地址：http://blog.51cto.com/lullaby/2169980

时间： 2024-11-09 00:32:23

OpenStack Pike Minimal安装：二、身份认证的相关文章

OpenStack Pike Minimal安装：一、环境准备

1.关闭防火墙和selinux 2.配置hosts [[email protected] ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 20.0.20.21 controller 20.0.20.22 compu

OpenStack Pike Minimal安装：三、镜像管理

1.创建服务凭据 #先使用脚本登陆admin [[email protected] ~]# . admin-openstack.sh ①创建glance user openstack user create --domain default --password-prompt glance ②关联 openstack role add --project service --user glance admin ③创建glance service openstack service create

OpenStack Pike Minimal安装：四、计算服务

Ⅰ.在controller节点上配置nova 1.创建nova服务凭据 #先使用脚本登陆admin [[email protected] ~]# . admin-openstack.sh ①创建nova user openstack user create --domain default --password-prompt nova ②关联 openstack role add --project service --user nova admin ③创建nova service openst

OpenStack Pike Minimal安装：六、管理界面

Ⅰ.配置dashboard 1.在controller上安装dashboard [[email protected] ~]# yum install openstack-dashboard -y 2.配置 ①修改local_settings文件 [[email protected] ~]# vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "controller" OPENSTACK_KEYSTONE_URL =

OpenStack pike版安装openstack服务(4) 续安装openstack服务(3)    

Compute service overview 计算服务概述 OpenStack用于对主机的计算和管理云计算系统.OpenStack的计算是一个基础设施即服务(IaaS)系统的一个重要组成部分.主要模块是用python实现的. OpenStack计算与OpenStack身份验证交互用来完成认证:OpenStack镜像服务用于磁盘和服务器镜像:用户和管理接口为OpenStack Dashboard.镜像访问受到项目和用户的限制,每个项目的配额是有限的(例如,实例的数量).OpenStack计算可

OpenStack pike版安装openstack服务(3) 续基本环境部署(2)

安装openstack服务所有openstack服务的安装指南链接:https://docs.openstack.org/pike/install/ 最小化部署,需要按照下面指定的顺序安装以下服务: Identity service – keystone installation for Pike Image service – glance installation for Pike Compute service – nova installation for Pike Networkin

OpenStack pike版安装openstack服务(5) 续安装openstack服务(4)

网络服务简介 OpenStack网络(neutron)允许您创建和将其他OpenStack服务管理的接口设备附加到网络中.插件可以适应不同的网络设备和软件,为OpenStack的架构和部署提供灵活性. 它包括以下组件: neutron-server:接受并将API请求路由到相应的OpenStack网络插件以进行操作. OpenStack Networking plug-ins and agent:即插即用端口,创建网络或者子网,提供IP地址.这些插件和代理根据特定云使用的供应商和技术而有所不同.

作业二身份认证

今天校园里到处是快递小哥,同学们也经常帮别人取快递,快递小哥不会很细致的核实身份,就允许代领,存在很多不安全因素. 设计一款基于手机的app,用于快递小哥验证身份,顾客领取快递.具体认证方法不限,简单易行. 给出:app包含哪些部分(可加图示),每部分的功能:模仿kerberos的写法,描述交互过程,并加说明. 此题5分,下周一(5月23日24点)前提交.

TCP WRAPPERS、denyhosts软件的安装和配置、PAM身份认证模块应用

一.TCP WRAPPERS 1.TCP WRAPPERS的作用是什么? 保护服务器的一些服务,可以限制客户端访问这些服务. TCP WRAPPERS支持那些服务?判断一个服务是否支持TCP WRAPPERS的保护有那些方法? 查看该服务是否加载libwrap,查看该服务是不是基于xinetd服务. ssh ,vsftpd,telnet,http(不支持wrap模块)ipop3 2.检查服务是否支持被TCP WRAPPERS保护 3.防护规则存放在 /etc/hosts.allow /etc/h