记一次云计算测试实验-openstack-icehouse-安装keystone

mysql -uroot -p000000

CREATE DATABASE keystone;

CREATE DATABASE glance;

CREATE DATABASE nova;

CREATE DATABASE neutron;

CREATE DATABASE cinder;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '000000';

mysql> show databases;

exit

yum install openstack-keystone python-keystoneclient -y

openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:000000@controller/keystone

su -s /bin/sh -c "keystone-manage db_sync" keystone  

ADMIN_TOKEN=$(openssl rand -hex 10)

echo $ADMIN_TOKEN

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

chown -R keystone:keystone /etc/keystone/ssl

chmod -R o-rwx /etc/keystone/ssl

service openstack-keystone restart

chkconfig openstack-keystone on

(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone

crontab -l -u keystone

export OS_SERVICE_TOKEN=$ADMIN_TOKEN

export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

keystone user-create --name=admin --pass=000000 --email=admin@localhost

keystone role-create --name=admin

keystone tenant-create --name=admin --description="Admin Tenant"

keystone user-role-add --user=admin --tenant=admin --role=admin

keystone user-role-add --user=admin --role=_member_ --tenant=admin

keystone user-create --name=user1 --pass=000000 --email=user1@localhost

keystone tenant-create --name=user1 --description="User1 Tenant"

keystone user-role-add --user=user1 --role=_member_ --tenant=user1

keystone tenant-create --name=service --description="Service Tenant"

keystone service-create --name=keystone --type=identity --description="OpenStack Identity"

keystone endpoint-create \

 --service-id=$(keystone service-list | awk '/ identity / {print $2}') \

 --publicurl=http://controller:5000/v2.0 \

 --internalurl=http://controller:5000/v2.0 \

 --adminurl=http://controller:35357/v2.0

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

keystone --os-username=admin --os-password=000000 --os-auth-url=http://controller:35357/v2.0 token-get

keystone --os-username=admin --os-password=000000 --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get

cd

vi admin-openrc.sh

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_TENANT_NAME=admin

export OS_AUTH_URL=http://controller:35357/v2.0

source admin-openrc.sh

keystone token-get

keystone user-list

keystone user-role-list --user admin --tenant admin

转载于:https://blog.51cto.com/chaorenhuifei/1657710