3.安装keystone

Posted IT菜鸟园

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了3.安装keystone相关的知识,希望对你有一定的参考价值。

 

安装keystone(控制器上安装)

使用root用户访问数据库

mysql -uroot -ptoyo123
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO keystone@localhost   IDENTIFIED BY toyo123;
GRANT ALL PRIVILEGES ON keystone.* TO keystone@%   IDENTIFIED BY toyo123;
exit

生成令牌 后面会用到的需要记住

openssl rand -hex 10

4f0f715c2cdcce1bb59e

 

安装keystone程序包

       

yum install –y openstack-keystone python-keystoneclient

 

启动memcached服务并将其配置为开机自启动

    

systemctl enable memcached.service
systemctl start memcached.service

 

编辑/etc/keystone/keystone.conf文件

       

mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf_bak
vim /etc/keystone/keystone.conf
   
[DEFAULT]
   
admin_token     = 4f0f715c2cdcce1bb59e
   
log_dir = /var/log/keystone
   
verbose = True
   
 
   
[database]
   
connection = mysql://keystone:[email protected]/keystone
   
 
   
[memcache]
   
servers = localhost:11211
   
 
   
[token]
   
provider = keystone.token.providers.uuid.Provider
   
driver =     keystone.token.persistence.backends.sql.Token
    
   
[revoke]
   
driver = keystone.contrib.revoke.backends.sql.Revoke

 

创建通用的证书和密钥,并限制访问相关的文件与填充身份服务数据库

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
su -s /bin/sh -c "keystone-manage db_sync" keystone

 

启动身份服务并将其配置为开机自启动      

systemctl enable openstack-keystone.service
systemctl start openstack-keystone.service

 

我建议您使用 cron配置周期性任务是清除过期令牌小时: 

(crontab -l -u keystone 2>&1 | grep -q token_flush) ||   echo @hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1   >> /var/spool/cron/keystone

 

配置系统环境

export OS_SERVICE_TOKEN=4f0f715c2cdcce1bb59e
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

 

创建租户,用户和角色

keystone tenant-create --name admin --description "Admin Tenant"
keystone user-create --name admin --pass Abcd1234 --email [email protected]
keystone role-create --name admin
keystone user-role-add --user admin --tenant admin --role admin

 

创建演示租户和用户环境与服务租户

keystone tenant-create --name demo --description "Demo Tenant"
keystone user-create --name demo --tenant demo --pass Abcd1234 --email [email protected]
keystone user-role-add --user demo -—tenant demo --role demo
keystone tenant-create --name service --description "Service Tenant"

 

创建服务实体和API端点

keystone service-create --name keystone --type identity   --description "OpenStack Identity"
keystone endpoint-create   --service-id $(keystone service-list | awk / identity / {print $2})   --publicurl http://controller:5000/v2.0   --internalurl http://controller:5000/v2.0   --adminurl http://controller:35357/v2.0   --region regionOne

 

取消设置临时的临时OS_SERVICE_TOKEN和 OS_SERVICE_ENDPOINT环境变量:

不要取消环境变量可能会造成一些问题,这里只是告诉大家怎么取消

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

 

验证keystone:

           

keystone --os-tenant-name admin --os-username admin --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 token-get
keystone --os-tenant-name admin --os-username admin --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 tenant-list
keystone --os-tenant-name admin --os-username admin --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 user-list
keystone --os-tenant-name admin --os-username admin --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 role-list
keystone --os-tenant-name demo --os-username demo --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 token-get
keystone --os-tenant-name demo --os-username demo --os-password Abcd1234   --os-auth-url http://controller:35357/v2.0 user-list

 

 

以上是关于3.安装keystone的主要内容,如果未能解决你的问题,请参考以下文章

keystone 安装随笔

浅谈OpenStack T版服务组件--Keyston身份服务(#^.^#)

浅谈OpenStack T版服务组件--Keyston身份服务(#^.^#)

OpenStack部署之Keystone项目(7-2)

OpenStack 的部署——Keystone组件

OpenStack 的部署——Keystone组件