controller:
#初始化认证服务数据库及密钥存储库
mysql -u root -p000000
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
---------------------------------------------------------------------------------------
yum install openstack-keystone httpd mod_wsgi -y
cd /etc/keystone/ && mv keystone.conf keystone.conf.source && cat keystone.conf.source |grep -Ev "^#|^$" > keystone.conf && chown root:keystone keystone.conf
vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet
#同步 Identity 服务的初始数据到keystone 库--同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化 Fernet 密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#执行身份引导服务(会创建 endpoint)
keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
#配置Apache服务器
vi /etc/httpd/conf/httpd.conf
ServerName controller:80
#创建软链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#启动 Apache HTTP 服务并配置其随系统启动
systemctl enable httpd.service;systemctl start httpd.service
cd
设置配置环境:
vi admin-openrc.sh
内容:
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source admin-openrc.sh
openstack endpoint list(格子)
openstack token issue(格子)
#创建 service 项目、user 角色、域,default 域默认已经存在
创建新域 example,(仅用于测试,可以不创建)。
openstack domain create --description "An Example Domain" example(格子)
openstack domain list(格子)
创建普通项目 myproject(仅用于测试,可以不创建)。
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser #需要设置密码
#创建myrole角色
openstack role create myrole(格子)
#将myrole角色添加到myproject项目和myuser用户
openstack role add --project myproject --user myuser myrole