目录
一、创建数据库
以下操作均在控制节点实施
创建数据库
①、在控制节点创建一个KeyStone数据库
②、授予访问权限、设置密码
③、刷新数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '123456';
MariaDB [(none)]> flush privileges;
MariaDB [keystone]> quit
二、安装配置httpd组件
1、安装httpd:控制节点部署
①、修改配置文件
②、备份配置文件,修改配置文件属主为"root"以及删除里面的空余部分
③、配置数据库访问
④、配置token令牌提供程序
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# cd /etc/keystone/ && mv keystone.conf keystone.conf.source && cat keystone.conf.source |grep -Ev "^#|^$" > keystone.conf && chown root:keystone keystone.conf
[root@controller keystone]# vim keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone ==>添加(修改为合适的密码"123456")
[token]
provider = fernet ==>添加
2、填充身份服务数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
3、初始化Fernet数据库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
三、引导身份服务
引导验证KeyStone身份验证服务:控制节点部署
修改合适的密码(123456)
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
四、配置Apache Http服务器
1、编辑配置文件:控制节点部署
/etc/httpd/conf/httpd.conf
①、在"#ServerName www.example.com:80"后面添加上
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
88 #
89 # ServerName gives the name and port that the server uses to identify itself.
90 # This can often be determined automatically, but we recommend you specify
91 # it explicitly to prevent problems during startup.
92 #
93 # If your host doesn't have a registered DNS name, enter its IP address here.
94 #
95 #ServerName www.example.com:80
96 ServerName controller ==>添加上
2、创建指向该文件的链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3、启动httpd服务
①、启动httpd服务并设置开机自启动
②、检查httpd服务是否启动成功
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-07-21 04:16:18 CST; 9s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 3004 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─3004 /usr/sbin/httpd -DFOREGROUND
├─3005 (wsgi:keystone- -DFOREGROUND
├─3006 (wsgi:keystone- -DFOREGROUND
├─3007 (wsgi:keystone- -DFOREGROUND
├─3008 (wsgi:keystone- -DFOREGROUND
├─3009 (wsgi:keystone- -DFOREGROUND
├─3010 /usr/sbin/httpd -DFOREGROUND
├─3011 /usr/sbin/httpd -DFOREGROUND
├─3012 /usr/sbin/httpd -DFOREGROUND
├─3013 /usr/sbin/httpd -DFOREGROUND
└─3014 /usr/sbin/httpd -DFOREGROUND
Jul 21 04:16:18 controller systemd[1]: Starting The Apache HTTP Server...
Jul 21 04:16:18 controller systemd[1]: Started The Apache HTTP Server.
4、创建一个环境变量脚本并验证
[root@controller ~]# cat >>/etc/keystone/admin-openrc.sh<<EOF
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
#给环境脚本添加执行权限
[root@controller ~]# chmod +x /etc/keystone/admin-openrc.sh
#验证是否成功
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# env | grep OS
HOSTNAME=controller
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=123456
OS_AUTH_URL=http://controller:5000/v3
OS_USERNAME=admin
OS_PROJECT_DOMAIN_NAME=Default
#创建软连接并执行脚本
[root@controller ~]# ln -s /etc/keystone/admin-openrc.sh /root/
[root@controller ~]# ls
admin-openrc.sh anaconda-ks.cfg
[root@controller ~]# . admin-openrc.sh
#查看默认域:
[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
#请求身份验证令牌:
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-07-21T09:54:29+0000 |
| id | gAAAAABi2RRFkv-PrM2-mJz7CpECuVXGPKZ2mg2SdBu4QEagE_tY3oq67GUJynBhN3FfOA3O0kug5zER1RhD0dhtqns82vhmmg4KgQQxgijhtnFmVE3T8kq0k4mcTxzDUmUmkHdYpjCF0jmUfoGRMvRtjdVzD4gAS7Br5bWLPu2RJO4LH7ZHTJ0 |
| project_id | c55ed45af9b9490ab11993b79bb61122 |
| user_id | 07fe1fbd44034e45be27798a5e573ac8 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
五、创建域、项目、用户、角色
1.创建一个域
[root@controller ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 49428ff287fa4f2cbdaba0cfef003383 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
2.创建服务
[root@controller ~]# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | b06dacdcfb824d40a83f27118db267ef |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
3、创建一个项目
[root@controller ~]# openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | ef3406c11a954e2d82669a345ae23139 |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
4、创建一个用户"myuser"
密码设置为:"123456"
[root@controller ~]# openstack user create --domain default --password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 98bee039de8e457f9c0613917121854d |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
5、创建角色"myrole"
[root@controller ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 9275a974535749b694db4661c8a3ff41 |
| name | myrole |
| options | {} |
+-------------+----------------------------------+
6、将角色添加到项目和用户
[root@controller ~]# openstack role add --project myproject --user myuser myrole
六、验证操作
1、取消设置的临时环境变量
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
2、作为用户身份,请求身份验证令牌:admin
密码:"123456
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-07-21T09:51:57+0000 |
| id | gAAAAABi2ROtwMJhG8na48YbmPLYgrgCuW2y9y-7Aowq9BLIroEXuY-RXqZ2QSUVf4R2YnOlzhlt-ZDt2H2RE8mLcEBWXNB7kLpqIP9muJyzNuHS6ZvkvI6U7Ofs5AUgcXEhKPwUlQU3B0agaZ6-H0E_TTX-cQZU84V0zxpqio1kKsSz80aZLUA |
| project_id | c55ed45af9b9490ab11993b79bb61122 |
| user_id | 07fe1fbd44034e45be27798a5e573ac8 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3、作为用户身份,请求身份验证令牌:myuser
密码:"123456"
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
Password:
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-07-21T09:53:40+0000 |
| id | gAAAAABi2RQUovGwaXZ9e7yBd_Rm0DeVF6wGtwR-aQHGNsM5SSL2fB2kawOSFcvWELFywhtukHZ38lZqLvpH3iOORIQcNyJlRZX8z4WjmS4y7Xmw43Y4q0eLi-sOEIR3ZsXz71b6qSlv75iRgzJowtInIyPezMdloMs6zJXEI6kWYVkuOZqioOM |
| project_id | ef3406c11a954e2d82669a345ae23139 |
| user_id | 98bee039de8e457f9c0613917121854d |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+