#### 1.在controller节点上安装keystone ``` root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y ``` #### 2.配置 ``` [root@controller ~]# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak [root@controller ~]# Keys=$(openssl rand -hex 10) [root@controller ~]# echo "kestone $Keys">>~/openstack.log ``` > echo " [DEFAULT] admin_token = $Keys verbose = true [database] connection = mysql+pymysql://keystone:keystone@controller/keystone [token] provider = fernet driver = memcache [memcache] servers = controller:11211 ">/etc/keystone/keystone.conf ![](https://s4.51cto.com/images/blog/201809/06/1291df92c26981172f07febd399101b7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ``` [root@controller ~]# cat /etc/keystone/keystone.conf [DEFAULT] admin_token = 2562bfbfacd795832772 verbose = true [database] connection = mysql+pymysql://keystone:keystone@controller/keystone [token] provider = fernet driver = memcache [memcache] servers = controller:11211 ``` #### 3.填充数据库 ``` [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #日志文件所处位置 [root@controller ~]# ll /var/log/keystone/keystone.log -rw-rw---- 1 root keystone 16062 Sep 4 01:05 /var/log/keystone/keystone.log #查看数据库 [root@controller ~]# mysql -h controller -ukeystone -pkeystone -e "use keystone;show tables;" ``` #### 4.初始化Fernet key ``` [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone ``` #### 5.初始化服务 > \# keystone-manage bootstrap --bootstrap-password admin \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne #### 6.配置httpd ``` [root@controller ~]# vim /etc/httpd/conf/httpd.conf #修改ServerName为主机名 ServerName controller ``` ``` [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ ``` ``` [root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service ``` #### 7.创建登陆脚本 ``` [root@controller ~]# cat admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 ``` ``` [root@controller ~]# cat demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 ``` #### 8.创建domain, projects, users, and roles ``` #先使用脚本登陆admin [root@controller ~]# . admin-openstack.sh ``` ①创建service project > openstack project create --domain default --description "Service Project" service ![](https://s4.51cto.com/images/blog/201809/04/9c8f52dabc56f90165e59b36850d76ac.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ②创建demo project > openstack project create --domain default --description "Demo Project" demo ![](https://s4.51cto.com/images/blog/201809/04/f94ddefff2c02bd7374cfe7cbe488bc3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ③创建demo user > openstack user create --domain default --password-prompt demo ![](https://s4.51cto.com/images/blog/201809/04/2a0fac85d5857a84d8200f4533b91b37.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ④创建 user role > openstack role create user ![](https://s4.51cto.com/images/blog/201809/04/b8202e14cd150174b043b04f47091ae9.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ⑤将user role添加到demo project和user > openstack role add --project demo --user demo user #### 9.验证操作 ①注销登陆 ``` [root@controller ~]# unset OS_AUTH_URL OS_PASSWORD ``` ②验证admin用户 ``` openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue ``` ![](https://s4.51cto.com/images/blog/201809/04/13551c181e397219572a5f1106127096.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ③验证demo用户 ``` openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue ``` ![](https://s4.51cto.com/images/blog/201809/04/43c8dec4e18ff37fb4b8b13355befe16.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ④使用脚本查看 ``` [root@controller ~]# . admin-openstack.sh [root@controller ~]# openstack token issue ```