OpenStack搭建之keystone（2）

今天记得早睡

于 2024-04-20 16:22:43 发布

阅读量200

点赞数 5

分类专栏： openstack部署文章标签： openstack

本文链接：https://blog.csdn.net/weixin_46920961/article/details/138001559

版权

openstack部署专栏收录该内容

9 篇文章 0 订阅

订阅专栏

OpenStack搭建之keystone（2）

官方链接

一、安装和配置

控制节点

先决条件

在安装和配置Identity服务之前，必须创建数据库。

使用数据库访问客户端以root用户连接数据库服务器:

mysql

创建keystone数据库:

MariaDB [(none)]> CREATE DATABASE keystone;

授予对keystone数据库的访问权限:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'admin1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'admin1234';

密码admin1234

安装和配置组件

安装

apt install keystone -y

配置/etc/keystone/keystone.conf

cp /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf

root@controller:~# cat /etc/keystone/keystone.conf
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
#connection = sqlite:var/lib/keystone/keystone.db
# ...
connection = mysql+pymysql://keystone:admin1234@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[extra_headers]
Distribution = Ubuntu
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
# ...
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]

填充Identity服务数据库:

su -s /bin/sh -c "keystone-manage db

MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> show tables;
。。。省略

tables有内容说明填充成功

初始化Fernet密钥库:

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导Identity服务:

keystone-manage bootstrap --bootstrap-password admin1234 \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

密码admin1234

配置Apache HTTP服务器

编辑/etc/apache2/apache2.conf文件，配置ServerName选项以引用控制节点:

ServerName controller

完成安装

重启Apache服务:

service apache2 restart

创建OpenStack客户端环境脚本

cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

source /etc/keystone/admin-openrc.sh

二、创建域、项目、用户和角色

openstack project create --domain default --description "Service Project" service

root@controller:~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | fe68ae3cba164149bdc45923e0e7419b |
| is_domain   | False                            |
| name        | service                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

三、验证操作

openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default \
>   --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2024-04-20T09:21:26+0000                                                                                                                                                                |
| id         | gAAAAABmI3sGaFuPC4a6bJwm7nrDMYKnhhT8pSaJ9UjcJeSmHCsvQSfKIke-e3zFPOoQ0lkd6iWox6FR7ztgS-ryQihP0epLPsxiQrwRYOsXwQMgoy3fbQdfz1rgjdH6Xaj5oqg_KL_u0XKaHlY8JcYyijt54xN998Kc9hrVm_lX-3ghMJgcCa0 |
| project_id | eababd485ca54f568494ee86d460784d                                                                                                                                                        |
| user_id    | 89783c16ca5f4ea5890b8a9bdc53d59e                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+