OpenStack搭建之keystone(2)
一、安装和配置
控制节点
先决条件
在安装和配置Identity服务之前,必须创建数据库。
- 使用数据库访问客户端以root用户连接数据库服务器:
mysql
- 创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
- 授予对keystone数据库的访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'admin1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'admin1234';
密码admin1234
安装和配置组件
安装
apt install keystone -y
配置/etc/keystone/keystone.conf
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
root@controller:~# cat /etc/keystone/keystone.conf
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
#connection = sqlite:var/lib/keystone/keystone.db
# ...
connection = mysql+pymysql://keystone:admin1234@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[extra_headers]
Distribution = Ubuntu
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
# ...
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
填充Identity服务数据库:
su -s /bin/sh -c "keystone-manage db
MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> show tables;
。。。省略
tables有内容说明填充成功
初始化Fernet密钥库:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导Identity服务:
keystone-manage bootstrap --bootstrap-password admin1234 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
密码admin1234
配置Apache HTTP服务器
编辑/etc/apache2/apache2.conf
文件,配置ServerName选项以引用控制节点:
ServerName controller
完成安装
重启Apache服务:
service apache2 restart
创建OpenStack客户端环境脚本
cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/keystone/admin-openrc.sh
二、创建域、项目、用户和角色
openstack project create --domain default --description "Service Project" service
root@controller:~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | fe68ae3cba164149bdc45923e0e7419b |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
三、验证操作
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-04-20T09:21:26+0000 |
| id | gAAAAABmI3sGaFuPC4a6bJwm7nrDMYKnhhT8pSaJ9UjcJeSmHCsvQSfKIke-e3zFPOoQ0lkd6iWox6FR7ztgS-ryQihP0epLPsxiQrwRYOsXwQMgoy3fbQdfz1rgjdH6Xaj5oqg_KL_u0XKaHlY8JcYyijt54xN998Kc9hrVm_lX-3ghMJgcCa0 |
| project_id | eababd485ca54f568494ee86d460784d |
| user_id | 89783c16ca5f4ea5890b8a9bdc53d59e |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+