openstack安装笔记 keystone(一)

阅读更多
安装keystone
rpm --import RPM-GPG-KEY-RDO-Icehouse 
yum install -y openstack-keystone openstack-utils

开始需要两个环境变量
export SERVICE_TOKEN=$(openssl rand -hex 10)
echo $SERVICE_TOKEN >/root/ks_admin_token
export  SERVICE_TOKEN=`cat /root/ks_admin_token`
export SERVICE_ENDPOINT=http://172.16.21.233:35357/v2.0

cat keystone_admin 
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://192.168.1.233:35357/v2.0/
export PS1='[\u@\h \W(keystone_admin)]\$ 

. keystone_admin


vim /etc/keystone/keystone.conf

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
openstack-config --set /etc/keystone/keystone.conf token provider keystone.token.providers.uuid.Provider
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:[email protected]/keystone
openstack-db --init --service keystone --password keystone --rootpw openstack

chown -R keystone:keystone /etc/keystone
/etc/init.d/openstack-keystone start
chkconfig openstack-keystone on


role表默认有一条数据
migrate_version默认有一条数据
domain默认有一条数据(或者是建完user加的,不确定。。。。)

[root@controller ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |    Keystone Identity Service     |
|      id     | f4bee3cd979c45bd8313cc9464168190 |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+

----haoning:这个会写 数据库service表
[root@controller ~]# keystone endpoint-create --service  keystone   --publicurl 'http://172.16.21.233:5000/v2.0' --adminurl 'http://172.16.21.233:35357/v2.0' --internalurl 'http://172.16.21.233:5000/v2.0' --region beijing
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  | http://172.16.21.233:35357/v2.0  |
|      id     | 62c2694bfcaf4d85a82c7115f61d8e41 |
| internalurl |  http://172.16.21.233:5000/v2.0  |
|  publicurl  |  http://172.16.21.233:5000/v2.0  |
|    region   |             beijing              |
|  service_id | f4bee3cd979c45bd8313cc9464168190 |
+-------------+----------------------------------+
[root@controller ~]# 

这里endpoint会写入三条数据
serivce_id和上一个的id相关联

[root@controller ~]#  keystone user-create --name admin --pass openstack
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 7a20c7e0d027483991675465be1eb9d0 |
|   name   |              admin               |
| username |              admin               |
+----------+----------------------------------+
[root@controller ~]# 

user表加了一条数据

[root@controller ~]# keystone role-create --name admin 
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 23cf4e66fe3445afbb65af9c614efb91 |
|   name   |              admin               |
+----------+----------------------------------+
[root@controller ~]# 

role表会加一条数据,原来默认就有一条了
[root@controller ~]#  keystone tenant-create --name admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | c5cac2c737b0401b90e07a0542fa42c4 |
|     name    |              admin               |
+-------------+----------------------------------+
[root@controller ~]# 

project表会加一条数据

keystone user-role-add --user admin  --role admin  --tenant admin

assignment这个表建立了一条数据

一般建一个用户需要
keystone user-create --name userb --pass openstack
keystone tenant-create --name tenantb
keystone user-role-add --user  userb --role Member --tenant tenantb

在user,project,assignment
表添加一条数据
keystone user-list

查看用户

你可能感兴趣的:(openstack)