认证服务安装与部署
在控制节点上安装Keystone认证服务:
controll# yum install -y openstack-keystone python-openstackclient
1.创建该服务数据库和数据库管理账户:
controll#
mysql -u root -p
password: openstack
mariadb>create database keystone;
maraidb>grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';
maraidb>grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone';
maraidb>exit
2.配置keystone(配置数据库链接以及令牌类型)
controll# vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@controll/keystone
[token]
provider = fernet
3.同步数据库(在数据库中生成keystone相关的table)
controll# su -s /bin/sh -c "keystone-manage db_sync" keystone
4.初始化密钥存储库:
controll# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
controll# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5.创建认证登陆页面,创建admin用户(管理用户)及密码:
controll#keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controll:35357/v3 --bootstrap-internal-url http://controll:5000/v3 --bootstrap-public-url http://controll:5000/v3 --bootstrap-region-id RegionOne
6.将keystone启动文件链接到http配置目录下:
controll# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
7.重新启动http服务(当httpd启动时,就会同时启动keystone)
controll# systemctl restart httpd.service
control# systemctl status httpd.service
8.配置admin用户CLI登录时的环境变量
controll#
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controll:35357/v3
export OS_IDENTITY_API_VERSION=3
9.使用Openstack创建一个service项目和一个demo项目:
controll# openstack project create --domain default --description "Service Project" service
controll# openstack project create --domain default --description "Demo Project" demo
10.创建demo用户:
controll# openstack user create --domain default --password-prompt demo
输入demo用户密码:
password:demo
创建user角色:
controll# openstack role create user
赋予demo用户user角色:
controll# openstack role add --project demo --user demo user
验证admin用户:
controll# unset OS_AUTH_URL OS_PASSWORD
controll# openstack --os-auth-url http://controll:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
输入admin用户密码admin,即输出token。
11.验证demo用户:
controll# openstack --os-auth-url http://controll:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
输入demo用户密码demo,正确就会有输出。
在使用CLI登录OpenStack时,要进行环境变量配置,将以下内容直接粘贴到CLI后,即可使用openstack相关命令。
controll#
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controll:35357/v3
export OS_IDENTITY_API_VERSION=3