rpm --import RPM-GPG-KEY-RDO-Icehouse yum install -y openstack-keystone openstack-utils
开始需要两个环境变量
export SERVICE_TOKEN=$(openssl rand -hex 10) echo $SERVICE_TOKEN >/root/ks_admin_token export SERVICE_TOKEN=`cat /root/ks_admin_token` export SERVICE_ENDPOINT=http://172.16.21.233:35357/v2.0 cat keystone_admin export OS_USERNAME=admin export OS_TENANT_NAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=http://192.168.1.233:35357/v2.0/ export PS1='[\u@\h \W(keystone_admin)]\$ . keystone_admin
vim /etc/keystone/keystone.conf openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN openstack-config --set /etc/keystone/keystone.conf token provider keystone.token.providers.uuid.Provider openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:[email protected]/keystone openstack-db --init --service keystone --password keystone --rootpw openstack chown -R keystone:keystone /etc/keystone /etc/init.d/openstack-keystone start chkconfig openstack-keystone on
role表默认有一条数据
migrate_version默认有一条数据
domain默认有一条数据(或者是建完user加的,不确定。。。。)
[root@controller ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | f4bee3cd979c45bd8313cc9464168190 | | name | keystone | | type | identity | +-------------+----------------------------------+
----haoning:这个会写 数据库service表
[root@controller ~]# keystone endpoint-create --service keystone --publicurl 'http://172.16.21.233:5000/v2.0' --adminurl 'http://172.16.21.233:35357/v2.0' --internalurl 'http://172.16.21.233:5000/v2.0' --region beijing +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://172.16.21.233:35357/v2.0 | | id | 62c2694bfcaf4d85a82c7115f61d8e41 | | internalurl | http://172.16.21.233:5000/v2.0 | | publicurl | http://172.16.21.233:5000/v2.0 | | region | beijing | | service_id | f4bee3cd979c45bd8313cc9464168190 | +-------------+----------------------------------+ [root@controller ~]#
这里endpoint会写入三条数据
serivce_id和上一个的id相关联
[root@controller ~]# keystone user-create --name admin --pass openstack +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 7a20c7e0d027483991675465be1eb9d0 | | name | admin | | username | admin | +----------+----------------------------------+ [root@controller ~]#
user表加了一条数据
[root@controller ~]# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 23cf4e66fe3445afbb65af9c614efb91 | | name | admin | +----------+----------------------------------+ [root@controller ~]#
role表会加一条数据,原来默认就有一条了
[root@controller ~]# keystone tenant-create --name admin +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | c5cac2c737b0401b90e07a0542fa42c4 | | name | admin | +-------------+----------------------------------+ [root@controller ~]#
project表会加一条数据
keystone user-role-add --user admin --role admin --tenant admin
assignment这个表建立了一条数据
一般建一个用户需要
keystone user-create --name userb --pass openstack keystone tenant-create --name tenantb keystone user-role-add --user userb --role Member --tenant tenantb
在user,project,assignment
表添加一条数据
keystone user-list
查看用户