# 实战
# Keystone的手动搭建
# 控制节点的安装配置
数据库相关操作:
mysql -uroot -popenstack <<EOF
create database keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack';
EOF
安装相关包并配置
yum install openstack-keystone httpd mod_wsgi -y
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:openstack@controller/keystone
[token]
provider = fernet
初始化数据库,创建数据结构:
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
创建keystone的服务端口:
keystone-manage bootstrap --bootstrap-password openstack --bootstrap-admin-url http://controller1:35357/v3/ --bootstrap-internal-url http://controller1:5000/v3/ --bootstrap-public-url http://controller1:5000/v3/ --bootstrap-region-id RegionOne
配置http 服务
vim /etc/httpd/conf/httpd.conf
ServerName controller
给/usr/share/keystone/wsgi-keystone.conf创建一个软连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
服务启动并设置开机自启
systemctl enable httpd.service && systemctl start httpd.service
创建管理员账号
vim admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=f4mtdycd
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller: 35357/v3
export OS_IDENTITY_API_VERSION=3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# 创建域、项目、用户和角色
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
下面这句要分开执行,要输入密码:
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
# 验证
unset OS_AUTH_URL OS_PASSWORD
下面这句要分开执行,要输入admin用户的密码:
openstack --os-auth-url http://controller1:35357/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name admin \
--os-username admin token issue
下面这句要分开执行,要输入demo用户的密码:
openstack --os-auth-url http://controller1:5000/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
---------------------------------------
创建管理员的账号
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
创建demo用户的账号
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用脚本验证
source admin-openrc
openstack token issue
可获取token admin用户的token
source demo-openrc
openstack token issue
可以获取token demo用户的token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47