控制节点
1 创建keystone库,授权keystone用户
#log in
mysql -u root
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'root;
2 安装rpm包
yum install -y openstack-keystone python3-mod_wsgi
3 配置keystone
#编辑/etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:root@192.168.143.203/keystone
[token]
# ...
provider = fernet
4. 初始化keystone数据
su -s /bin/sh -c "keystone-manage db_sync" keystone
5. 初始化fernet数据
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6. 完成服务引导(修改url使用当前节点ip)
keystone-manage bootstrap --bootstrap-password awcloud \
--bootstrap-admin-url http://192.168.134.101:5000/v3/ \
--bootstrap-internal-url http://192.168.134.101:5000/v3/ \
--bootstrap-public-url http://192.168.134.101:5000/v3/ \
--bootstrap-region-id RegionOne
7. 配置httpd服务
#修改配置文件(配置ServerName为本节点IP)
vi /etc/httpd/conf/httpd.conf
ServerName 192.168.134.101
#关联keystone的httpd配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
8. 启动httpd服务
systemctl enable httpd.service
systemctl start httpd.service
9 创建admin用户source文件
#更新OS_AUTH_URL中ip为当前节点ip,OS_PASSWORD为awcloud
cat > admin-openrc << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=awcloud
export OS_AUTH_URL=http://192.168.134.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source一下
source admin-openrc
创建Domain/Projects/Roles/User
#Domain
openstack domain create --description "Created for Test By XuGang In Mar 18th, 2022" example
#Project
openstack project create --domain example --description "server project" server
#user
openstack user create --domain example --password-prompt root
#role
openstack role create myrole
#将myrole角色添加到myproject项目和myuser用户:
openstack role add --project server --user root myrole
验证
#取消临时变量
unset OS_AUTH_URL OS_PASSWORD
#作为admin请求身份令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
#作为root请求身份令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name example --os-user-domain-name example --os-project-name server --os-username root token issue