controller:
yum install openstack-keystone python-keystoneclient -y
openstack-config --set /etc/keystone/keystone.conf \
database connection mysql://keystone:[email protected]/keystone
mysql -u root -popenstack
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'openstack';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'openstack';
mysql> exit
su -s /bin/sh -c "keystone-manage db_sync" keystone
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
service openstack-keystone start
chkconfig openstack-keystone on
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/
keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://10.0.0.10:35357/v2.0
创建管理员用户
eystone user-create --name=admin --pass=admin [email protected]
创建管理员角色
keystone role-create --name=admin
创建管理员租户
keystone tenant-create --name=admin --description="Admin Tenant"
绑定用户角色一个管理员角色一个普通用户角色
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin
创建一个普通用户
keystone user-create --name=demo --pass=demo [email protected]
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
创建service租户
keystone tenant-create --name=service --description="Service Tenant"
创建认证服务
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
创建认证服务的端口
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=admin --os-auth-url=http://10.0.0.10:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
vim admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://10.0.0.10:35357/v2.0
source admin-openrc.sh
vim demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://10.0.0.10:35357/v2.0
keystone token-get
keystone user-list
keystone user-role-list --user admin --tenant admin