三、Openstack身份认证服务(keystone)
keystone安装在控制节点
进入SQL创建keystone数据库并授予权限
mysql -uroot -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '123456';
解释:
grant all privileges on 库名.表名 to '用户名'@'IP地址' identified by '密码'
使用grant all privileges on来更改用户对应某些库的远程权限
库名:要远程访问的数据库名称,所有的数据库使用“*”
表名:要远程访问的数据库下的表的名称,所有的表使用“*”
用户名:要赋给远程访问权限的用户名称
IP地址:可以远程访问的电脑的IP地址,所有的地址使用“%”
密码:要赋给远程访问权限的用户对应使用的密码
生成一个随机数作为管理员密码
[root@compute ~]# openssl rand -hex 10
41d33a2b1ca810fe25f2
安装httpd,mod_wsgi,keystoen
yum install openstack-keystone httpd mod_wsgi
修改keystone配置文件
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 41d33a2b1ca810fe25f2
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
查看数据库是否同步成功
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 184
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping