本篇文章是本系列的第二篇文章,将继续进行OpenStack的安装
三、安装认证服务
3.1 (控制节点)创建并配置keystone数据库
连接数据库
1# mysql -u root -pfuai123
注意:fuai123是之前设置的数据库密码
创建数据库
1MariaDB [(none)]> CREATE DATABASE keystone;
设置keystone数据库的访问权限
1MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
2IDENTIFIED BY 'fuai123';
3MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
4IDENTIFIED BY 'fuai123';
3.2 (控制节点)安装并配置服务
- 安装软件包
1# yum install openstack-keystone httpd mod_wsgi -y
编辑/etc/keystone/keystone.conf并设置以下内容
1[database]
2connection = mysql+pymysql://keystone:fuai123@controller/keystone
3...
4
5[token]
6provider = fernet
7...
导入keystone数据库表结构、
1# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化
1# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导认证服务
1# keystone-manage bootstrap --bootstrap-password fuai123 \
2 --bootstrap-admin-url http://controller:35357/v3/ \
3 --bootstrap-internal-url http://controller:5000/v3/ \
4 --bootstrap-public-url http://controller:5000/v3/ \
5 --bootstrap-region-id RegionOne
3.3 (控制节点)配置apache服务
- 编辑/etc/httpd/conf/httpd.conf文件配置如下内容
1ServerName controller
创建链接文件
1# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
设置服务的开机启动
1# systemctl enable httpd.service
2# systemctl start httpd.service
3.4 (控制节点)创建相关域、项目、用户和角色
- 导入管理员环境变量信息
1# export OS_USERNAME=admin
2# export OS_PASSWORD=fuai123
3# export OS_PROJECT_NAME=admin
4# export OS_USER_DOMAIN_NAME=Default
5# export OS_PROJECT_DOMAIN_NAME=Default
6# export OS_AUTH_URL=http://controller:35357/v3
7# export OS_IDENTITY_API_VERSION=3
创建域
1# openstack domain create --description "An Example Domain" example
2
3+-------------+----------------------------------+
4| Field | Value |
5+-------------+----------------------------------+
6| description | An Example Domain |
7| enabled | True |
8| id | 28d83de95e064d909f3c82de49e49982 |
9| name | example |
10| tags | [] |
11+-------------+----------------------------------+
创建service项目
1# openstack project create --domain default \
2 --description "Service Project" service
3
4+-------------+----------------------------------+
5| Field | Value |
6+-------------+----------------------------------+
7| description | Service Project |
8| domain_id | default |
9| enabled | True |
10| id | d5442e942ee1481281d78e0a81d19601 |
11| is_domain | False |
12| name | service |
13| parent_id | default |
14| tags | [] |
15+-------------+----------------------------------+
创建demo项目
1# openstack project create --domain default \
2 --description "Demo Project" demo
3
4+-------------+----------------------------------+
5| Field | Value |
6+-------------+----------------------------------+
7| description | Demo Project |
8| domain_id | default |
9| enabled | True |
10| id | 3f3f3e87192d4b5bb32b2a9db39a4be0 |
11| is_domain | False |
12| name | demo |
13| parent_id | default |
14| tags | [] |
15+-------------+----------------------------------+
注意:这里要设置demo用户的密码,为了统一我设置的fuai123
1# openstack user create --domain default \
2 --password-prompt demo
3
4User Password:
5Repeat User Password:
6+---------------------+----------------------------------+
7| Field | Value |
8+---------------------+----------------------------------+
9| domain_id | default |
10| enabled | True |
11| id | daf47114440741d3b213a5eb58a58006 |
12| name | demo |
13| options | {} |
14| password_expires_at | None |
15+---------------------+----------------------------------+
创建用户角色
1# openstack role create user
2
3+-----------+----------------------------------+
4| Field | Value |
5+-----------+----------------------------------+
6| domain_id | None |
7| id | 10a36ef5803045dda2df3ed3480ce2bd |
8| name | user |
9+-----------+----------------------------------+
给demo用户添加user角色
1# openstack role add --project demo --user demo user
3.5 (控制节点)验证操作
解除环境变量的设置
1# unset OS_AUTH_URL OS_PASSWORD
使用admin用户请求token
注意:这里需要输入admin的密码,我得是fuai123
1# openstack --os-auth-url http://controller:35357/v3 \
2 --os-project-domain-name Default --os-user-domain-name Default \
3 --os-project-name admin --os-username admin token issue
4
5Password:
6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7| Field | Value |
8+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9| expires | 2018-04-25T12:09:55+0000 |
10| id | gAAAAABa4GID_fKwaNHti1QiDmjG4Ox0113RmaZ7DpMytBBB6gEsMoPTrHArevpYK1-gqv3UOPPSb6emHe29YfxxsXZBqfiq3C4IijCm5e-XetfgXarAsfgvlzAsao6jFkmLKbhMklzBZOA7ZH0t_TZJi_SuD5lkVsQv5wdWlPbQlgA4VvS0vmA |
11| project_id | c4e73f33137b49dcb1ff949f3d95de36 |
12| user_id | 88c329ab63b34c57a8996c5237cb1ba3 |
13+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
使用demo用户请求token
1# openstack --os-auth-url http://controller:5000/v3 \
2 --os-project-domain-name Default --os-user-domain-name Default \
3 --os-project-name demo --os-username demo token issue
4
5Password:
6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7| Field | Value |
8+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9| expires | 2018-04-25T12:12:28+0000 |
10| id | gAAAAABa4GKcKjwpbL2NqgpDXk1lrkmwEjbj_gLfDf3DmR2xmI9TfA4W85ZSX8ql-Jjol8o3wmbWT2CL4--Ekhi3eciwtRYdLZke3Pf0jCRsZBpFeWSQQSb5yLpl5haQ78thAyBusUfkZTB7i1oOwjyl6_16OyJYpMm74l9IpWI6pqaIy4AKjLE |
11| project_id | 3f3f3e87192d4b5bb32b2a9db39a4be0 |
12| user_id | daf47114440741d3b213a5eb58a58006 |
13+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.6 (控制节点)创建环境变量脚本
创建admin-openrc文件增加如下内容
1export OS_PROJECT_DOMAIN_NAME=Default
2export OS_USER_DOMAIN_NAME=Default
3export OS_PROJECT_NAME=admin
4export OS_USERNAME=admin
5export OS_PASSWORD=fuai123
6export OS_AUTH_URL=http://controller:5000/v3
7export OS_IDENTITY_API_VERSION=3
8export OS_IMAGE_API_VERSION=2创建demo-openrc文件增加如下内容
1export OS_PROJECT_DOMAIN_NAME=Default
2export OS_USER_DOMAIN_NAME=Default
3export OS_PROJECT_NAME=demo
4export OS_USERNAME=demo
5export OS_PASSWORD=fuai123
6export OS_AUTH_URL=http://controller:5000/v3
7export OS_IDENTITY_API_VERSION=3
8export OS_IMAGE_API_VERSION=2
验证下脚本的效果
1# . admin-openrc
2# openstack token issue
3
4+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5| Field | Value |
6+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7| expires | 2018-04-25T12:18:13+0000 |
8| id | gAAAAABa4GP1AoWBOcAHW9w1nr2CNlBs3HqK1-bzXsDekLtiHiEtkWbpxPMiloUv2x3uhZ2kM7XJtP9V4Ugy9BMev9cvV1qy1GZh_U-EElJlLEf4IgBf4SiCGGd2BjQiq0cCT55y2cXK8pmRKZKIlzFUwoBCHpc75yqnEJk6Rz3Upsk7HYT3c0k |
9| project_id | c4e73f33137b49dcb1ff949f3d95de36 |
10| user_id | 88c329ab63b34c57a8996c5237cb1ba3 |
11+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
至此,OpenStack认证服务已经安装验证完成,下面将进行镜像等组件的安装,具体请参见文章《OpenStack(Queens)详细安装部署(三)》
