1.在controller节点上安装keystone

root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

2.配置

[root@controller ~]# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller ~]# Keys=$(openssl rand -hex 10)
[root@controller ~]# echo "kestone  $Keys">>~/openstack.log

echo "
[DEFAULT]
admin_token = $Keys
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = controller:11211
">/etc/keystone/keystone.conf
OpenStack Pike Minimal安装:二、身份认证

[root@controller ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 2562bfbfacd795832772
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = controller:11211

3.填充数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#日志文件所处位置
[root@controller ~]# ll /var/log/keystone/keystone.log 
-rw-rw---- 1 root keystone 16062 Sep  4 01:05 /var/log/keystone/keystone.log
#查看数据库
[root@controller ~]# mysql -h controller -ukeystone -pkeystone -e "use keystone;show tables;"

4.初始化Fernet key

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5.初始化服务

# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

6.配置httpd

[root@controller ~]# vim /etc/httpd/conf/httpd.conf 
#修改ServerName为主机名
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service

7.创建登陆脚本

[root@controller ~]# cat admin-openstack.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# cat demo-openstack.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

8.创建domain, projects, users, and roles

#先使用脚本登陆admin
[root@controller ~]# . admin-openstack.sh

①创建service project

openstack project create --domain default --description "Service Project" service
OpenStack Pike Minimal安装:二、身份认证

②创建demo project

openstack project create --domain default --description "Demo Project" demo
OpenStack Pike Minimal安装:二、身份认证

③创建demo user

openstack user create --domain default --password-prompt demo
OpenStack Pike Minimal安装:二、身份认证

④创建 user role

openstack role create user
OpenStack Pike Minimal安装:二、身份认证

⑤将user role添加到demo project和user

openstack role add --project demo --user demo user

9.验证操作

①注销登陆

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

②验证admin用户

openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

OpenStack Pike Minimal安装:二、身份认证

③验证demo用户

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

OpenStack Pike Minimal安装:二、身份认证
④使用脚本查看

[root@controller ~]# . admin-openstack.sh 
[root@controller ~]# openstack token issue