本章节安装配置keystone身份认证服务

1. 创建数据库

[root@controller ~]# mysql -uroot -p123456# 创建keystone数据库MariaDB [(none)]> CREATE DATABASE keystone;Query OK, 1 row affected (0.00 sec)# 授予数据库访问权限MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \   IDENTIFIED BY 'KEYSTONE_DBPASS';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \     IDENTIFIED BY 'KEYSTONE_DBPASS';Query OK, 0 rows affected (0.00 sec)# 用合适的密码替换KEYSTONE_DBPASS。

2.安装软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

3.编辑/etc/keystone/keystone.conf文件

[root@controller ~]# cd /etc/keystone/[root@controller keystone]# cp keystone.conf keystone.conf.bak[root@controller keystone]# egrep -v "^#|^$" keystone.conf.bak > keystone.conf[root@controller keystone]# vim keystone.conf添加如下内容

[database]...connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]...provider = fernet

4.导入数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

5.初始化Fernet key存储库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

6.引导身份认证

# keystone-manage bootstrap --bootstrap-password admin \  --bootstrap-admin-url http://controller:35357/v3/ \  --bootstrap-internal-url http://controller:35357/v3/ \  --bootstrap-public-url http://controller:5000/v3/ \  --bootstrap-region-id RegionOne

7.配置http服务器

[root@controller ~]# sed -i 's/#ServerName www.example.com:80/ServerName controller/g' /etc/httpd/conf/httpd.conf [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

8.启动http服务

[root@controller ~]# systemctl enable httpd.service[root@controller ~]# systemctl start httpd.service[root@controller ~]# netstat -lntp |grep http

9.配置管理用户

[root@controller ~]# export OS_USERNAME=admin[root@controller ~]# export OS_PASSWORD=admin[root@controller ~]# export OS_PROJECT_NAME=admin[root@controller ~]# export OS_USER_DOMAIN_NAME=Default[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default[root@controller ~]# export OS_AUTH_URL=[root@controller ~]# export OS_IDENTITY_API_VERSION=3

10.创建用户、域、角色

[root@controller ~]# openstack project create --domain default \  --description "Service Project" service

[root@controller ~]# openstack project create --domain default  \ --description "Demo Project" demo

[root@controller ~]# openstack user create --domain default  \ --password-prompt demo 密码123456

[root@controller ~]# openstack role create user

[root@controller ~]# openstack role add --project demo --user demo user

没有输出

11.验证

# unset OS_AUTH_URL OS_PASSWORD# openstack --os-auth-url http://controller:35357/v3  \ --os-project-domain-name Default \ --os-user-domain-name Default \  --os-project-name admin \ --os-username admin token issue# 密码admin# openstack --os-auth-url http://controller:5000/v3 \  --os-project-domain-name Default \  --os-user-domain-name Default  \  --os-project-name demo \  --os-username demo token issue# 密码123456

12.创建脚本

[root@controller ~]# vim admin-openrc添加如下内容

export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc添加如下内容

export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=123456export OS_AUTH_URL=export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

13.验证

[root@controller ~]# . admin-openrc [root@controller ~]# . demo-openrc [root@controller ~]# openstack token issue+------------+------------------------------------------------------------------------------------------------------------------------------------------+| Field      | Value                                                                                                                                    |+------------+------------------------------------------------------------------------------------------------------------------------------------------+| expires    | 2017-01-11 02:51:34+00:00                                                                                                                || id         | gAAAAABYdY-mPA1ksYBZ2r1yay346HB9aoJQyj1WdKTIsKiEjV_2GJfgVU_Yb6R8C4qNjzkwTyEXMITQQWgaawQqDK480YCnQwFsWzj06DhIaKpahb81X8LaPV3uHngL8HSryoRf ||            | RBmou4S27fu4gjm1HzwMegMjFB05GzaONJcnZDP6kHdQ3JU                                                                                          || project_id | 850d3633f2c64438a7ab00239387a7a2                                                                                                         || user_id    | 8e91a79dd061453ca6cf02f7487591c0                                                                                                         |+------------+------------------------------------------------------------------------------------------------------------------------------------------+[root@controller ~]#