openstack essex版安装(2)——keystone

keystone是openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。具体作用请看相关官方文档。这里我使用的是mysql来存储keystone的数据。

keystone

Host:keystone

ip:192.168.0.106

mysql, keystone


1、安装
 1)安装数据库
sudo apt-get install mysql-server mysql-client python-mysqldb
    进/etc/mysql/my.cnf里,将bind-address=127.0.0.1改成 0.0.0.0。这样远程主机就可以连接上这个mysql。
    重启mysql服务。sudo service mysql restart
2)安装keystone
Ø  安装软件
sudo apt-get install keystone
创建keystone数据库,并创建用户以及分配权限。
create database keystone;
grant all on keystone.* to 'keystone'@'%' identified by 'keystonepwd';


Ø  配置keystone
配置keystone,修改/etc/keystone/keystone.conf文件:
[sql]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:[email protected]/keystone


这里注意一下该文件里的这部份信息,记住admin_token参数,以后会用的上,这个参数是用来访问keystone服务的。默认是ADMIN,也可以改成别的。
[DEFAULT]
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config =/etc/keystone/logging.conf


重启keystone服务
sudo service keystone restart
同步数据库,
sudo keystone-manage db_sync
然后去数据库里看,
mysql>show tables;
 
+------------------------+
|Tables_in_keystone     |
+------------------------+
|ec2_credential         |
|endpoint               |
|metadata               |
|migrate_version        |
|role                   |
|service                |
|tenant                 |
|token                  |
|user                   |
|user_tenant_membership |
+------------------------+


2、使用keystone
导入环境变量,当然也可以在每次执行keystone命令时加上这方面的参数,keystone 命令格式参见它的help
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=http://192.168.0.106:35357/v2.0


添加tenant:
keystone tenant-create --name adminTenant --description "Admin Tenant"--enabled true
keystone tenant-list
+----------------------------------+-------------+---------+
|                id                |     name   | enabled |
+----------------------------------+-------------+---------+
|72a95ab302cc42d59e6f414769dcfec7 | adminTenant | True    |
+----------------------------------+-------------+---------+


添加user:
keystone user-create --tenant_id 72a95ab302cc42d59e6f414769dcfec7 --name admin --passopenstack --enabled true
keystone user-list
+----------------------------------+---------+-------+-------+
|                id                | enabled | email |  name |
+----------------------------------+---------+-------+-------+
|4fd5ba059a6945c0a43ff63b0140b0a9 | True   | None  | admin |
+----------------------------------+---------+-------+-------+


添加role
keystone role-create --name admin
keystone role-list
+----------------------------------+-----------+
|                id                |    name  |
+----------------------------------+-----------+
|675b96a12d834021b519ef50502a5e5e | admin |
+----------------------------------+-----------+


将这三者关联
keystone user-role-add --user 4fd5ba059a6945c0a43ff63b0140b0a9 --tenant_id72a95ab302cc42d59e6f414769dcfec7 --role 675b96a12d834021b519ef50502a5e5e


这样就ok了。测试一下,用curl工具测试。
       sudo apt-get install curl
       我们先输入一个错误的密码试试
curl-d '{"auth": {"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "wrong"}}}' -H"Content-type: application/json" http://192.168.0.106:35357/v2.0/tokens| python -mjson.tool
       返回结果
{
    "error":{
        "code":401, 
        "message":"Invalid user / password", 
        "title":"Not Authorized"
    }
}
    如果用户名/密码都正确的话
curl -d'{"auth": {"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "openstack"}}}' -H "Content-type:application/json" http://192.168.0.106:35357/v2.0/tokens | python-mjson.tool
    就会返回很多信息,如token、user等,内容太多了,这里我就不贴了。

你可能感兴趣的:(mysql,数据库,sqlite,service,user,token)