OpenStack搭建之keystone(2)

本文详细介绍了如何在OpenStack中安装和配置Identity服务keystone,包括创建数据库、设置配置文件、安装组件、初始化Fernet密钥库、引导服务以及创建域、项目、用户和角色。
摘要由CSDN通过智能技术生成

OpenStack搭建之keystone(2)

官方链接

一、安装和配置

控制节点

先决条件

在安装和配置Identity服务之前,必须创建数据库。

  1. 使用数据库访问客户端以root用户连接数据库服务器:
mysql
  1. 创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
  1. 授予对keystone数据库的访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'admin1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'admin1234';

密码admin1234

安装和配置组件

安装

apt install keystone -y

配置/etc/keystone/keystone.conf

cp /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
root@controller:~# cat /etc/keystone/keystone.conf
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
#connection = sqlite:var/lib/keystone/keystone.db
# ...
connection = mysql+pymysql://keystone:admin1234@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[extra_headers]
Distribution = Ubuntu
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
# ...
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]

填充Identity服务数据库:

su -s /bin/sh -c "keystone-manage db
MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> show tables;
。。。省略

tables有内容说明填充成功

初始化Fernet密钥库:

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导Identity服务:

keystone-manage bootstrap --bootstrap-password admin1234 \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

密码admin1234

配置Apache HTTP服务器

编辑/etc/apache2/apache2.conf文件,配置ServerName选项以引用控制节点:

ServerName controller

完成安装

重启Apache服务:

service apache2 restart

创建OpenStack客户端环境脚本

cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/keystone/admin-openrc.sh

二、创建域、项目、用户和角色

openstack project create --domain default --description "Service Project" service
root@controller:~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | fe68ae3cba164149bdc45923e0e7419b |
| is_domain   | False                            |
| name        | service                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

三、验证操作

openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default \
>   --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2024-04-20T09:21:26+0000                                                                                                                                                                |
| id         | gAAAAABmI3sGaFuPC4a6bJwm7nrDMYKnhhT8pSaJ9UjcJeSmHCsvQSfKIke-e3zFPOoQ0lkd6iWox6FR7ztgS-ryQihP0epLPsxiQrwRYOsXwQMgoy3fbQdfz1rgjdH6Xaj5oqg_KL_u0XKaHlY8JcYyijt54xN998Kc9hrVm_lX-3ghMJgcCa0 |
| project_id | eababd485ca54f568494ee86d460784d                                                                                                                                                        |
| user_id    | 89783c16ca5f4ea5890b8a9bdc53d59e                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值