OpenStack(Queens)详细安装部署(二)-认证服务(keystone)安装
本文为扶艾原创文章,版权所有,禁止转载!
本篇文章是本系列的第二篇文章,将继续进行OpenStack的安装
三、安装认证服务
3.1 (控制节点)创建并配置keystone数据库
- 连接数据库
# mysql -u root -pfuai123注意:fuai123是之前设置的数据库密码
- 创建数据库
MariaDB [(none)]> CREATE DATABASE keystone;- 设置keystone数据库的访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'fuai123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'fuai123';3.2 (控制节点)安装并配置服务
- 安装软件包
# yum install openstack-keystone httpd mod_wsgi -y- 编辑/etc/keystone/keystone.conf并设置以下内容
[database]
connection = mysql+pymysql://keystone:fuai123@controller/keystone
...
[token]
provider = fernet
...- 导入keystone数据库表结构
# su -s /bin/sh -c "keystone-manage db_sync" keystone- 初始化
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone- 引导认证服务
# keystone-manage bootstrap --bootstrap-password fuai123 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne3.3 (控制节点)配置apache服务
- 编辑/etc/httpd/conf/httpd.conf文件配置如下内容
ServerName controller- 创建链接文件
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/- 设置服务的开机启动
# systemctl enable httpd.service
# systemctl start httpd.service3.4 (控制节点)创建相关域、项目、用户和角色
- 导入管理员环境变量信息
# export OS_USERNAME=admin
# export OS_PASSWORD=fuai123
# export OS_PROJECT_NAME=admin
# export OS_USER_DOMAIN_NAME=Default
# export OS_PROJECT_DOMAIN_NAME=Default
# export OS_AUTH_URL=http://controller:35357/v3
# export OS_IDENTITY_API_VERSION=3- 创建域
# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 28d83de95e064d909f3c82de49e49982 |
| name | example |
| tags | [] |
+-------------+----------------------------------+- 创建service项目
# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | d5442e942ee1481281d78e0a81d19601 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+- 创建demo项目
# openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 3f3f3e87192d4b5bb32b2a9db39a4be0 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+- 创建demo用户
注意:这里要设置demo用户的密码,为了统一我设置的fuai123
# openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | daf47114440741d3b213a5eb58a58006 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+- 创建用户角色
# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 10a36ef5803045dda2df3ed3480ce2bd |
| name | user |
+-----------+----------------------------------+- 给demo用户添加user角色
# openstack role add --project demo --user demo user3.5 (控制节点)验证操作
- 解除环境变量的设置
# unset OS_AUTH_URL OS_PASSWORD- 使用admin用户请求token
注意:这里需要输入admin的密码,我得是fuai123
# openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-25T12:09:55+0000 |
| id | gAAAAABa4GID_fKwaNHti1QiDmjG4Ox0113RmaZ7DpMytBBB6gEsMoPTrHArevpYK1-gqv3UOPPSb6emHe29YfxxsXZBqfiq3C4IijCm5e-XetfgXarAsfgvlzAsao6jFkmLKbhMklzBZOA7ZH0t_TZJi_SuD5lkVsQv5wdWlPbQlgA4VvS0vmA |
| project_id | c4e73f33137b49dcb1ff949f3d95de36 |
| user_id | 88c329ab63b34c57a8996c5237cb1ba3 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+- 使用demo用户请求token
# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-25T12:12:28+0000 |
| id | gAAAAABa4GKcKjwpbL2NqgpDXk1lrkmwEjbj_gLfDf3DmR2xmI9TfA4W85ZSX8ql-Jjol8o3wmbWT2CL4--Ekhi3eciwtRYdLZke3Pf0jCRsZBpFeWSQQSb5yLpl5haQ78thAyBusUfkZTB7i1oOwjyl6_16OyJYpMm74l9IpWI6pqaIy4AKjLE |
| project_id | 3f3f3e87192d4b5bb32b2a9db39a4be0 |
| user_id | daf47114440741d3b213a5eb58a58006 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.6 (控制节点)创建环境变量脚本
- 创建admin-openrc文件增加如下内容
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=fuai123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2- 创建demo-openrc文件增加如下内容
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=fuai123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2- 验证下脚本的效果
# . admin-openrc
# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-25T12:18:13+0000 |
| id | gAAAAABa4GP1AoWBOcAHW9w1nr2CNlBs3HqK1-bzXsDekLtiHiEtkWbpxPMiloUv2x3uhZ2kM7XJtP9V4Ugy9BMev9cvV1qy1GZh_U-EElJlLEf4IgBf4SiCGGd2BjQiq0cCT55y2cXK8pmRKZKIlzFUwoBCHpc75yqnEJk6Rz3Upsk7HYT3c0k |
| project_id | c4e73f33137b49dcb1ff949f3d95de36 |
| user_id | 88c329ab63b34c57a8996c5237cb1ba3 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+至此,OpenStack认证服务已经安装验证完成,下面将进行镜像等组件的安装,具体请参见文章《OpenStack(Queens)详细安装部署(三)》
更多精彩内容,OpenStack干货请扫描下方二维码,关注我们微信公众号“扶艾”!
