CentOS7.1 Liberty云平台之Identity篇(3)
2016-03-17 11:51
459 查看
控制节点:
一、安装及配置
1.创建数据库及管理用户
登陆mariadb数据库mysql -u root -p执行以下命令
CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';生产初始管理员token,后面会用到
[root@controller ~]# openssl rand -hex 10 a9a4aa734d77ebdd1d8d
2.安装keystone相关包
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y启动memcached并设置开机自启
systemctl start memcached.service systemctl enable memcached.service
3.配置/etc/keystone/keystone.conf
[DEFAULT] ... admin_token = a9a4aa734d77ebdd1d8d #之前生成的初始token verbose = True [database] ... connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone [memcache] ... servers = localhost:11211 [token] ... provider = uuid driver = memcache [revoke] ... driver = sql
4.同步keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
5.配置Apache服务
编辑/etc/httpd/conf/httpd.confServerName controller创建/etc/httpd/conf.d/wsgi-keystone.conf文件,编辑如下:
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost>
6.启动Apache服务,并设置开机自启
systemctl start httpd.service systemctl enable httpd.service
二、创建服务实体及API端点
配置环境变量export OS_TOKEN=a9a4aa734d77ebdd1d8d export OS_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
1.创建Identity服务实体
openstack service create --name keystone --description "OpenStack Identity" identity
2.创建Identity服务API端点
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0 openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0 openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0[/code]三、创建项目、用户和角色
创建管理项目、用户和角色openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password-prompt admin openstack role create admin openstack role add --project admin --user admin admin创建服务项目openstack project create --domain default --description "Service Project" service创建非管理项目、用户和角色openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password-prompt demo openstack role create user openstack role add --project demo --user demo user四、验证操作
编辑/usr/share/keystone/keystone-dist-paste.ini,在[pipeline:public_api],[pipeline:admin_api],
[pipeline:api_v3]中去掉admin_token_auth[pipeline:public_api] # The last item in this pipeline must be public_service or an equivalent # application. It cannot be a filter. pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service [pipeline:admin_api] # The last item in this pipeline must be admin_service or an equivalent # application. It cannot be a filter. pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3] # The last item in this pipeline must be service_v3 or an equivalent # application. It cannot be a filter. pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension service_v3
取消环境变量unset OS_TOKEN OS_URL1.使用管理员用户请求认证token
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue2.使用非管理员用户请求认证token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue五、创建openstack客户端环境脚本
1.管理员admin脚本
vim admin-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=111111 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=32.非管理员demo脚本
vim demo-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=33.使用脚本,如admin脚本
使脚本变量生效source admin-openrc.sh请求admin认证tokenopenstack token issue
相关文章推荐
- chmod 更改权限和查看权限
- CentOS 6.5安装SVN
- Linux笔记(51)——if语句
- SystemTap介绍
- CentOS Linux解决Device eth0 does not seem to be present
- linux-centos配置java环境
- 分析Linux kernel exception-基础篇
- Linux串口编程之接收
- Linux串口编程之发送
- [转]Linux后台进程管理利器:supervisor
- 最新精简型 Linux 桌面环境大比拼:LXDE Vs. Xfce Vs. MATE
- centOS 开启 nfs功能
- Linux的Signal及Singal处理(SIGQUIT SIGKILL SIGBUS等)
- CentOS下通过yum安装svn及配置
- Linux登录报错-Connection closed by foreign host
- Linux 命令&和&&的区别
- Ubuntu上hi3531交叉编译环境arm-hisiv100nptl-linux搭建过程
- Linux中select函数学习及实例笔记
- centos7下使用yum安装mysql
- Linux 初始化 init 系统,UpStart