https://docs.openstack.org/keystone/train/install/
以下步骤均在controller配置
#1
先创建keystone数据库
# 开启数据库服务
systemctl enable mariadb.service;systemctl start mariadb.service
mysql -u root -p0000 #数据库设置的密码为0000
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone0000'; #设置keystone数据库密码为 keystone0000
exit
下载keystone
yum install openstack-keystone httpd python3-mod_wsgi.x86_64 #与官网教程有出入,包名改变
vim /etc/keystone/keystone.conf
# 这里要找到配置的地方 /\[database]
[database]
# ...
connection = mysql+pymysql://keystone:keystone0000@controller/keystone
[token]
# ...
provider = fernet
#同步数据库 可以去keystone库中查看
su -s /bin/sh -c "keystone-manage db_sync" keystone
#生成令牌
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#很重要的地方
keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
配置apache
vim /etc/httpd/conf/httpd.conf
#
ServerName controller:80
#
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#开启服务
systemctl enable httpd.service;systemctl start httpd.service
#查看环境变量
vim admin.sh #写入下面的
###
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin #需要改成自己的,我们设置的是admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
###
source admin.sh
openstack endpoint list
#2
Create a domain, projects, users, and roles
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser #设置密码 统一 myuser
openstack role create myrole #创建角色
openstack role add --project myproject --user myuser myrole #将myuser交给myrole管
#验证
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
#需要输入admin密码,密码为admin
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
#需要输入myuser密码,密码为myuser
要将客户端作为特定项目和用户运行。只需要在运行他们钱加载相关联的客户端环境脚本:
#配置admin的环境变量
vim admin-openrc.sh
###
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
###
source admin-openrc.sh
openstack token issue #可以获取就是成功
#配置myuser的环境变量
vim myuser-openrc.sh
###
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
###
source myuser-openrc.sh
openstack token issue #可以获取就是成功