CentOS 6.5 Openstack Icehouse 安装指南 -3 身份认证 keystone
2014-05-27 16:33
633 查看
controller:
# yum install openstack-keystone python-keystoneclient
# openstack-config --set /etc/keystone/keystone.conf \
database connection mysql://keystone:keystonepw@
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystonepw';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystonepw';
mysql> exit
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.conf DEFAULT \
admin_token $ADMIN_TOKEN
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
# service openstack-keystone start
# chkconfig openstack-keystone on
下面这个是删除过期的token,我没管。
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
$ export OS_SERVICE_TOKEN=
$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
$ keystone user-create --name=admin --pass=adminpw --email=admin@example.com
$ keystone role-create --name=admin
$ keystone tenant-create --name=admin --description="Admin Tenant"
$ keystone user-role-add --user=admin --tenant=admin --role=admin
$ keystone user-role-add --user=admin --role=_member_ --tenant=admin
$ keystone user-create --name=demo --pass=demopw --email=demo@example.com
$ keystone tenant-create --name=demo --description="Demo Tenant"
$ keystone user-role-add --user=demo --role=_member_ --tenant=demo
$ keystone tenant-create --name=service --description="Service Tenant"
$ keystone service-create --name=keystone --type=identity \
--description="OpenStack Identity"
$ keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://
--internalurl=http://
--adminurl=http://
$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
$ keystone --os-username=admin --os-password=adminpw \
--os-auth-url=http://controller:35357/v2.0 token-get
$ keystone --os-username=admin --os-password=adminpw \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 \
token-get
vi admin-openrc.sh
$ source admin-openrc.sh
$ keystone token-get
# keystone user-list
# keystone user-role-list --user admin --tenant admin
但愿你还没有出错。
# yum install openstack-keystone python-keystoneclient
# openstack-config --set /etc/keystone/keystone.conf \
database connection mysql://keystone:keystonepw@
controller/keystone
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystonepw';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystonepw';
mysql> exit
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
87bd130fbcf99521cd95 #你显示的可能不一样,没关系的?xml:namespace>
# openstack-config --set /etc/keystone/keystone.conf DEFAULT \
admin_token $ADMIN_TOKEN
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
# service openstack-keystone start
# chkconfig openstack-keystone on
下面这个是删除过期的token,我没管。
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
$ export OS_SERVICE_TOKEN=
ADMIN_TOKEN
###把这个ADMIN_TOKEN换成刚才的87bd130fbcf99521cd95
$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
$ keystone user-create --name=admin --pass=adminpw --email=admin@example.com
$ keystone role-create --name=admin
$ keystone tenant-create --name=admin --description="Admin Tenant"
$ keystone user-role-add --user=admin --tenant=admin --role=admin
$ keystone user-role-add --user=admin --role=_member_ --tenant=admin
$ keystone user-create --name=demo --pass=demopw --email=demo@example.com
$ keystone tenant-create --name=demo --description="Demo Tenant"
$ keystone user-role-add --user=demo --role=_member_ --tenant=demo
$ keystone tenant-create --name=service --description="Service Tenant"
$ keystone service-create --name=keystone --type=identity \
--description="OpenStack Identity"
$ keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://
controller:5000/v2.0 \
--internalurl=http://
controller:5000/v2.0 \
--adminurl=http://
controller:35357/v2.0
$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
$ keystone --os-username=admin --os-password=adminpw \
--os-auth-url=http://controller:35357/v2.0 token-get
$ keystone --os-username=admin --os-password=adminpw \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 \
token-get
vi admin-openrc.sh
$ source admin-openrc.sh
$ keystone token-get
# keystone user-list
# keystone user-role-list --user admin --tenant admin
但愿你还没有出错。
相关文章推荐
- CentOS 6.5 Openstack Icehouse 安装指南 -2 基本环境配置
- CentOS 6.5 Openstack Icehouse 安装指南 -1 架构
- CentOS 6.5 Openstack Icehouse 安装指南 -4 客户端
- CentOS 6.5 Openstack Icehouse 安装指南 -6 计算 nova
- CentOS 6.5 Openstack Icehouse 安装指南 -5 镜像glance
- 在一套安装了keystone的环境上,安装openstack swift(centos6.5)
- OpenStack 部署总结之:在CentOS 6.5上使用RDO单机安装icehouse(Ml2+GRE)
- OpenStack 部署总结之:在CentOS 6.5上使用RDO安装双结算结点的icehouse(ovs+vlan)
- OpenStack 部署总结之:在CentOS 6.5上使用RDO安装双结算结点的icehouse(Ml2+GRE)
- OpenStack 部署总结之:在CentOS 6.5上使用RDO单机安装icehouse(Ml2+GRE)
- 在CentOS 6.5 上 使用redhat RDO packstack安装 openstack icehouse
- CoreSeek(全文检索引擎 Sphinx 中文版)安装使用指南(CentOS6.5)
- 解决在CentOS6.5下安装OpenStack(Icehouse版本 )出现的glance服务无法正常工作的问题
- CentOS6.5安装openstack
- CentOS 6.5 安装配置Docker指南
- OpenStack 在Centos 6.4中的安装--keystone
- 使用RDO安装havana、icehouse版本的openstack(centos)
- centos6.5 openstack安装
- CentOS6.2下一步一步源代码安装OpenStack(三)keystone配置、运行、测试