在数据库中创建相关的库和用户并授权
[root@con01 ~]# mysql -uroot -ptest.2018
Welcome to the MariaDBmonitor. Commands end with ; or \g.
Your MariaDB connection idis 10
Server version:10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016,Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' forhelp. Type '\c' to clear the current input statement.
MariaDB [(none)]>CREATE DATABASE keystone;
Query OK, 1 row affected(0.00 sec)
MariaDB [(none)]> GRANTALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'test.2018';
Query OK, 0 rows affected(0.00 sec)
MariaDB [(none)]> GRANTALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
-> IDENTIFIED BY 'test.2018';
Query OK, 0 rows affected(0.00 sec)
安装软件
yum installopenstack-keystone httpd mod_wsgi -y
修改配置文件
Vim/etc/keystone/keystone.conf
[database]
connection =mysql+pymysql://keystone:test.2018@controller/keystone
[token]
provider = fernet
要测试一下配置的mysql用户是不是可以登录(controller在hosts文件中配置一下)
[root@con01 ~]# mysql -ukeystone -hcontroller -ptest.2018
填充身份服务数据库:
[root@con01 ~]# su -s/bin/sh -c "keystone-manage db_sync" keystone (在mysql的keyston库中自动创建相应的表)
[root@con01 ~]# mysql -ukeystone -hcontroller -ptest.2018 可在mysql中查看
初始化Fernet密钥存储库:
[root@con01 ~]#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@con01 ~]#keystone-manage credential_setup --keystone-user keystone --keystone-groupkeystone
引导身份服务:(以下命令请一条条复制执行)
[root@con01 ~]#keystone-manage bootstrap --bootstrap-password test.2018 \
> --bootstrap-admin-urlhttp://controller:35357/v3/ \
>--bootstrap-internal-url http://controller:5000/v3/\
>--bootstrap-public-url http://controller:5000/v3/\
> --bootstrap-region-idRegionOne
修改httpd配置文件
Vim/etc/httpd/conf/httpd.conf
ServerName controller
[root@con01 ~]# ln -s/usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@con01 ~]# systemctlenable httpd.service
[root@con01 ~]# systemctl restarthttpd.service
配置管理帐户
export OS_USERNAME=admin
export OS_PASSWORD=test.2018
exportOS_PROJECT_NAME=admin
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建一个域,项目,用户和角色
[root@con01 ~]# openstackdomain create --description "An Example Domain" example
-bash:openstack: command not found
解决方法yum install -ypython-openstackclient
[root@con01 ~]# openstackdomain create --description "An Example Domain" example #创建域
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An ExampleDomain |
| enabled | True |
| id | 69c9b811ad184a3e8c1aeddc7d344a2b |
| name | example |
| tags | [] |
+-------------+----------------------------------+
[root@con01 ~]# openstackproject create --domain default \ #创建项目 在default 域中创建ServiceProject项目
> --description"Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | ServiceProject |
| domain_id | default |
| enabled | True |
| id | 245c36d3b7d74993aeebbe94b937fcf1 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
You have new mail in/var/spool/mail/root
[root@con01 ~]# openstackproject create --domain default \ #创建项目 在default 域中创建DemoProject项目
> --description"Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | DemoProject |
| domain_id | default |
| enabled | True |
| id | 0863f5e8b2b14eb69b54fb2a327f678e |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@con01 ~]# openstackuser create --domain default \ #创建用户demo
> --password-promptdemo
User Password:设置密码统一使用test.2018
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id |da9c6ef4839e474ab6792fc460daf06f |
| name | demo |
| options | {} |
| password_expires_at |None |
+---------------------+----------------------------------+
You have new mail in/var/spool/mail/root
[root@con01 ~]# openstackrole create user #创建角色user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 142e8ef2ae714b81a1673bc96fc33d78 |
| name | user |
+-----------+----------------------------------+
[root@con01 ~]# openstackrole add --project demo --user demo user #将用户与角色与项目关联
***************************************************************************************************
验证????
unset OS_AUTH_URLOS_PASSWORD
[root@con01 ~]# openstack--os-auth-url http://controller:35357/v3--os-project-domain-name Def
ault --os-user-domain-nameDefault --os-project-name admin --os-usernameadmin token issue
Password:admin用户的密码
+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+|Field | Value
|+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+|expires |2018-04-25T05:59:35+0000
||id |gAAAAABa4As32W_aOQyYIk9HlU5eWQXniir3fu7KqZWd2EEm4XPsurpTzXOpQTyUV6cuF80py7PwtyLN
rZkQelI0QeZXULjzU_WyGSA9iA4ixroASpJzpD8FIXH1Jk4xXDaoGjhVKXBpJMcGdqHRLu8rIT-Q2zvbb_eFXzGE7pukOQj6FsPn-sU|| project_id | dcd0bdb4e3af466da534a49dd1ee3f32
|| user_id | d1f7d78c5dcb4aff9eedb183480df214
|+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+
[root@con01 ~]# openstack--os-auth-url http://controller:5000/v3 \
> --os-project-domain-nameDefault --os-user-domain-name Default \
> --os-project-namedemo --os-username demo tokenissue
Password:demo用户的密码
+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+|Field | Value
|+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+|expires | 2018-04-25T06:01:41+0000
|| id |gAAAAABa4Au1AJXs6QROg8gUzRmXTAN8RxesljP0tiJNrvGRT_rYlNSw_qPAOA_1KY34wnQo8DRkXGOz
ZpH68IMOI1UW78w6O2UV4AFgQa7KjjTD3yaq5yb4LesYQFjMhM0uYhSYsXmCjS3MHI30hGZOfs11_eJ8dDwiVdRF5DiMA5O9Sv_2hlI|| project_id | 0863f5e8b2b14eb69b54fb2a327f678e
||user_id |da9c6ef4839e474ab6792fc460daf06f
|+------------+---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------+
创建环境变更脚本
[root@con01 ~]# vimadmin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=test.2018
exportOS_AUTH_URL=http://controller:5000/v3
exportOS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2
[root@con01 ~]# vimdemo-openrc
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=test.2018
exportOS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2
chmod +x admin-openrc
chmod +x demo-openrc
source admin-openrc
openstack token issue