openstack Q版
服务器系统centos7
控制端IP:192.168.50.31
计算端IP:192.168.50.32
Keystone
下面所有操作全在控制端
数据库操作
# 登录数据库
mysql -u root -p
# 创建表
CREATE DATABASE keystone;
# 授权
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
安装配置
# YUM安装keystone 及相关软件
yum -y install openstack-keystone httpd mod_wsgi
#修改配置文件keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
# 同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化keystone基础信息
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password openstackadmin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置httpd
# 修改配置文件httpd.conf
vim /etc/httpd/conf/httpd.conf
ServerName controller
# 配置文件创建连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# 配置服务
systemctl enable httpd.service
systemctl start httpd.service
keystone 初始帐户角色和项目
# 临时环境变量配置管理帐户
export OS_USERNAME=admin
export OS_PASSWORD=openstackadmin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
# 创建域、项目、用户和角色
# 创建新的域 example 默认default已经存在
openstack domain create --description "An Example Domain" example
# 创建service项目
openstack project create --domain default --description "Service Project" service
# 创建demo项目
openstack project create --domain default --description "Demo Project" demo
# 创建demo用户
openstack user create --domain default --password-prompt demo
#会提示输入密码 和再次输入密码
#创建demo角色:
openstack role create user
# 添加``demo`` 角色到 demo 项目和用户上:
openstack role add --project demo --user demo user
# 验证操作
# 重置变量
unset OS_AUTH_URL OS_PASSWORD
#访问测试
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
会提示输入admin密码(输入openstackadmin)
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
会提示输入demo密码 (输入demo)
创建登录脚本并测试使用
#创建脚本 admin-openrc
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=JZopenstack123!
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#创建脚本 demo-openrc
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# 测试使用
. admin-openrc
openstack token issue
. demo-openrc
openstack token issue