openstack keystone v2 to v3

最新推荐文章于 2024-04-26 00:08:05 发布
最新推荐文章于 2024-04-26 00:08:05 发布
阅读量2.2k 收藏
点赞数 1
分类专栏: openstack 文章标签: keystone v3
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/linglong0820/article/details/49122201
版权

Disable NetworkManager

systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl enable network

Install the openstack-packstack

If you hava set the repo before!

yum install -y openstack-packstack

Deploy the openstack all-in-one

If you have define a ans.txt before!

packstack --answer-file=ans.txt

Modify the database

Set the identity version from v2 to v3
My database has no password!!

mysql  --user root  keystone -e "update endpoint set   url  = 'http://192.168.11.106:5000/v3' where  interface ='internal' and  service_id =  (select id from service where service.type = 'identity');"

mysql  --user root  keystone -e "update endpoint set   url  = 'http://192.168.11.106:5000/v3' where  interface ='public' and  service_id =  (select id from service where service.type = 'identity');"

mysql  --user root  keystone -e "update endpoint set   url  = 'http://192.168.11.106:35357/v3' where  interface ='admin' and  service_id =  (select id from service where service.type = 'identity');"

Show the identity endpoint

mysql  --user root   keystone -e "select interface, url from endpoint where service_id =  (select id from service where service.type = 'identity');"
+-----------+--------------------------------+
| interface | url                            |
+-----------+--------------------------------+
| admin     | http://192.168.11.106:35357/v3 |
| public    | http://192.168.11.106:5000/v3  |
| internal  | http://192.168.11.106:5000/v3  |
+-----------+--------------------------------+

Show the identity Information

Create the scripts
vi keystone_v3

export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PASSWORD=SECRETE
export OS_AUTH_URL=http://192.168.11.106:5000/v3
export OS_REGION_NAME=RegionOne
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_IDENTITY_API_VERSION=3

Show the identity Information

source keystone_v3

openstack domain list
+---------+---------+---------+----------------------------------------------------------------------+
| ID      | Name    | Enabled | Description                                                          |
+---------+---------+---------+----------------------------------------------------------------------+
| default | Default | True    | Owns users and tenants (i.e. projects) available on Identity API v2. |
+---------+---------+---------+----------------------------------------------------------------------+

openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 819cf98b84c042bcb1fb2a5ce3659909 | admin    |
| c4f3346f917842a7b22b9b72a23f613c | demo     |
| f8e75996b2994b95b98b658bbc950615 | services |
+----------------------------------+----------+

openstack group list(default no group)

openstack user list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 2a7e680a1dde46ed9cf3d30b90a5f19d | demo    |
| 53edb54164c0480c983dcefa5d5bb38f | neutron |
| 7a911ed1867c4229b6c1374403ccf553 | cinder  |
| 887363eccf3c48c58b2ebd7f37856261 | nova    |
| ca2ee63d5d64447c94527acce33604d5 | glance  |
| f4b31fde11d948e58fbe9212de43255e | admin   |
+----------------------------------+---------+

Modify the openstack service’s identity

nova

vi /etc/nova/nova.conf

[keystone_authtoken]
auth_plugin = password
auth_url = http://192.168.11.106:35357
username = nova
password = a95a5d9998644757
project_name = services
user_domain_name = Default
project_domain_name = Default

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.11.106:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_version v3
openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://192.168.11.106:5000/v3

neutron

vi /etc/neutron/neutron.conf
[keystone_authtoken]
auth_plugin = password
auth_url = http://192.168.11.106:35357
username = neutron
password = 4798e05ba11948cf
project_name = services
user_domain_name = Default
project_domain_name = Default
auth_uri = http://192.168.11.106:5000/v3

vi /etc/neutron/api-plaste.ini
[filter:authtoken]
auth_plugin = password
auth_url = http://192.168.11.106:35357
username = neutron
password = 4798e05ba11948cf
project_name = services
user_domain_name = Default
project_domain_name = Default
auth_uri = http://192.168.11.106:5000/v3

[neutron]
url=http://192.168.11.106:9696
admin_auth_url=http://192.168.11.106:5000/v3
default_tenant_id=default

region_name = RegionOne
project_domain_id = default
project_name = services
user_domain_id = default
password = 4798e05ba11948cf
username = neutron
auth_url = http://192.168.11.106:35357
auth_plugin = password



openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url  http://192.168.11.106:5000/v3

openstack-config --set  /etc/neutron/metadata_agent.ini DEFAULT auth_url http://192.168.11.106:5000/v3

cinder

[filter:authtoken]
auth_plugin = password
auth_url = http://192.168.11.106:35357
username = cinder
password = db1909452d844617
project_name = services
user_domain_name = Default
project_domain_name = Default
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
admin_tenant_name=services
auth_uri=http://192.168.11.106:5000/v3

glance

vi /etc/glance/glance-registry.conf
[keystone_authtoken]
auth_uri=http://192.168.11.106:5000/v3
auth_plugin = password
auth_url = http://192.168.11.106:35357
username = glance
password = 1566c4b41e424ef1
user_domain_name = Default
project_name = services
project_domain_name = Default

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken  auth_uri http://192.168.11.106:5000/v3

Modify the Horizon

vi /etc/openstack-dashboard/local_settings
OPENSTACK_API_VERSIONS = {
     "identity": 3
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_KEYSTONE_URL = "http://192.168.11.106:5000/v3"

restart openstack service

openstack-service restart keystone
openstack-service restart nova
openstack-service restart glance
openstack-service restart cinder
openstack-service restart neutron
/bin/systemctl restart  httpd.service
linglong0820
关注
专栏目录
Keystone v2.0 and v3 config
赤焰军
09-23 3665
Keystone v2.0 orv3 config 参考URL : http://docs.openstack.org/liberty/install-guide-ubuntu/keystone-openrc.html   一、  环境准备  [NOTE]     (1) 本文的安装部署都是在CentOS 7.2 上完成,本文中的各个节点都是双网卡设置     (2) keys
Openstack (keystone 身份认证)
weixin_47365365的博客
02-16 954
keystone简介 keystoneOpenStack的组件之一,用于为OpenStack家族中的其它组件成员提供统一的认证服务,包括身份验证、令牌的发放和校验、服务列表、用户权限的定义等等。云环境中所有的服务之间的授权和认证都需要经过 keystone keystone工作 管理用户及其权限 维护 OpenStack Services 的 Endpoint Authentication(认证)和 Authorization(鉴权) 服务 #主节点(keystone服务依靠httpd) #system
openstack keystone v2 to v3
yang.zhou欢迎各位
04-15 2507
Disable NetworkManager systemctl stop NetworkManager systemctl disable NetworkManager systemctl enable network Install the openstack-packstackIf you hava set the repo before!yum install -y openstack-pa
keystone v2 to v3
weixin_34152820的博客
03-18 135
keystone v2 to v3 http://www.cloudkb.net/how-to-change-keystone-api-v2-v3/ posted on 2016-03-18 00:17 秦瑞It行程实录 阅读(...) 评论(...) 编辑 收藏 ...
[转]OpenStack Keystone V3
weixin_30325071的博客
05-28 218
Keystone V3 Keystone 中主要涉及到如下几个概念:User、Tenant、Role、Token。下面对这几个概念进行简要说明。 User:顾名思义就是使用服务的用户,可以是人、服务或者是系统,只要是使用了 Openstack 服务的对象都可以称为用户。 Tenant:租户,可以理解为一个人、项目或者组织拥有的资源的合集。在一个租户中可以拥有很多个用户,这些用户可以根据...
keystone v2/v3
weixin_30824479的博客
06-13 123
Changing from APIv2.0 to APIv3 in Keystone - Openstack Juno on Ubuntu 1. 更换v3 的policy文件 mv /etc/keystone/policy.json /etc/keystone/policy.json.bak cp /opt/stack/keystone/etc/policy.v3cloud...
openstack学习之keystone
zhengleiguo的专栏
05-25 3079
 keystone项目提供了用户管理,权限管理,用户认证等功能,还提供了ServiceCatalog,即Openstack中所有服务的endpoint。endpoint就是rest api的base URL。 keystoneopenstack的入口,调用openstack Rest API都从keystone开始。 rest API流程 1)调用keystone Token
openstack train 版 各组件升级https
weixin_42159480的博客
06-30 924
一 环境准备阶段 基本环境: OS系统:Centos7.6 python: python2.7.5 openstack版本:train 1. 生成ssl需要的ca文件 openssl genrsa -out server.key 4096 openssl req -new -sha256 -out server.csr -key server.key -config ssl.conf openssl x509 -req -days 10950 -in server.csr -signke..
OpenstackKeystone基础
wang_san_shi的专栏
06-04 2213
OpenstackKeystone基础 KeystoneOpenstack的身份管理服务(Identity Service)。在Openstack的整体框架结构中,Keystone的作用类似一个服务总线,Nova、Glance、Horizon、Swift、Cinder以及Neutron等其他服务通过Keystone来注册其服务的Endpoint,针对这些服务的任何调用都需要经过K
OpenStack Keystone v3 API新特性
weixin_34205826的博客
09-23 138
原连接 http://blog.chinaunix.net/uid-21335514-id-3497996.html keystonev3 API与v2.0相比有很大的不同,从API的请求格式到response的返回结果都有差别,主要几点如下: 1. 引入了domain的概念,domain是在project,user, group之上抽象出的一个概念,是指 container for...
keystone v3
anhuidelinger的专栏
08-08 3160
keystonev3 API与v2.0相比有很大的不同,从API的请求格式到response的返回结果都有差别,主要几点如下: 1. 引入了domain的概念,domain是在project,user, group之上抽象出的一个概念,是指 container for projects, users and groups 2. v3中用project代替了以前的v2
[OpenStack] openstack keystone api 实验(curl)(转载)(亲自动手实验,附带实验运行结果)...
weixin_33827590的博客
01-08 519
  http://www.pubyun.com/blog/openstack/openstack-keystone-api-%E5%AE%9E%E9%AA%8Ccurl/ 参考文档: http://keystone.openstack.org/configuration.html http://keystone.openstack.org/api_curl_examples.html 1...
在openrc中从keystone V2V3
weixin_30433075的博客
04-22 84
#!/bin/bash if [ "$#" -ne 1 ] then echo "Usage $0 <keystone.rc>" exit 1 fi . $1 NEW_OS_AUTH_URL=`echo $OS_AUTH_URL | sed 's!v2.0!v3!'` cat << EOF export OS_AUTH_UR...
Using python-keystoneclient.v3 API
yang.zhou欢迎各位
02-19 2622
http://docs.openstack.org/developer/python-keystoneclient/using-api-v3.html >>> from keystoneclient import client >>> auth_url = 'http://localhost:5000' >>> username = 'adminUser' >>> user_domain_n
openstack keystone role API详解
Lawrency Meng
03-04 1778
以下为keystone 角色相关的API详解: ########################################### # version: v1.0.0 # author : Qinglong Meng # date   : 2013-3-4 ########################################### 1. role-lis
keystone提示“......The client is assumed to be in error. (HTTP 400) (Request-ID: req-7d2a33be-..)“错误
qq_41235506的博客
11-19 4041
在安装openstack验证keystone时执行"openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue"提示以下错误. Expecting to find domain in project. The server coul
OpenStack dashboard控制面板配置keystone多域(domain)支持
u011052940的博客
02-23 1006
修改配置文件开启OpenStack dashboard控制面板和keystone的多域(domain)支持模式。
openstack界面简单修改
最新发布
m0_56363537的博客
04-26 679
本实验基于VMware17,使用Ubuntu2310搭建openstack-B版。
Openstack Keystone:认证功能详解与安装实战
Openstack组件实现原理中的Keystone认证功能是Openstack架构中的关键组件,它负责身份验证、授权和资源管理的核心任务。Keystone的设计初衷是为了确保在整个Openstack环境中,只有经过身份验证并获得适当角色的用户...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值