openstack keystone v2 to v3

Disable NetworkManager

systemctl stop NetworkManager

systemctl disable NetworkManager

systemctl enable network

Install the openstack-packstack

If you hava set the repo before!

yum install -y openstack-packstack

Deploy the openstack all-in-one

If you have define a ans.txt before!

packstack –answer-file=ans.txt

Modify the database

Set the identity version from v2 to v3

My database has no password！！

mysql –user root keystone -e “update endpoint set url = ‘http://192.168.11.106:5000/v3’ where interface =’internal’ and service_id = (select id from service where service.type = ‘identity’);”

mysql –user root keystone -e “update endpoint set url = ‘http://192.168.11.106:5000/v3’ where interface =’public’ and service_id = (select id from service where service.type = ‘identity’);”

mysql –user root keystone -e “update endpoint set url = ‘http://192.168.11.106:35357/v3’ where interface =’admin’ and service_id = (select id from service where service.type = ‘identity’);”

Show the identity endpoint

mysql –user root keystone -e “select interface, url from endpoint where service_id = (select id from service where service.type = ‘identity’);”

+———–+——————————–+

| interface | url |

+———–+——————————–+

| admin | http://192.168.11.106:35357/v3 |

| public | http://192.168.11.106:5000/v3 |

| internal | http://192.168.11.106:5000/v3 |

+———–+——————————–+

Show the identity Information

Create the scripts

vi keystone_v3

export OS_USERNAME=admin

export OS_PROJECT_NAME=admin

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PASSWORD=SECRETE

export OS_AUTH_URL=http://192.168.11.106:5000/v3

export OS_REGION_NAME=RegionOne

export PS1=’[\u@\h \W(keystone_admin)]$ ‘

export OS_IDENTITY_API_VERSION=3

Show the identity Information

source keystone_v3

openstack domain list

+———+———+———+———————————————————————-+

| ID | Name | Enabled | Description |

+———+———+———+———————————————————————-+

| default | Default | True | Owns users and tenants (i.e. projects) available on Identity API v2. |

+———+———+———+———————————————————————-+

openstack project list

+———————————-+———-+

| ID | Name |

+———————————-+———-+

| 819cf98b84c042bcb1fb2a5ce3659909 | admin |

| c4f3346f917842a7b22b9b72a23f613c | demo |

| f8e75996b2994b95b98b658bbc950615 | services |

+———————————-+———-+

openstack group list(default no group)

openstack user list

+———————————-+———+

| ID | Name |

+———————————-+———+

| 2a7e680a1dde46ed9cf3d30b90a5f19d | demo |

| 53edb54164c0480c983dcefa5d5bb38f | neutron |

| 7a911ed1867c4229b6c1374403ccf553 | cinder |

| 887363eccf3c48c58b2ebd7f37856261 | nova |

| ca2ee63d5d64447c94527acce33604d5 | glance |

| f4b31fde11d948e58fbe9212de43255e | admin |

+———————————-+———+

Modify the openstack service’s identity

nova

vi /etc/nova/nova.conf

[keystone_authtoken]

auth_plugin = password

auth_url = http://192.168.11.106:35357

username = nova

password = a95a5d9998644757

project_name = services

user_domain_name = Default

project_domain_name = Default

openstack-config –set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.11.106:5000/v3

openstack-config –set /etc/nova/nova.conf keystone_authtoken auth_version v3

openstack-config –set /etc/nova/nova.conf neutron admin_auth_url http://192.168.11.106:5000/v3

neutron

vi /etc/neutron/neutron.conf

[keystone_authtoken]

auth_plugin = password

auth_url = http://192.168.11.106:35357

username = neutron

password = 4798e05ba11948cf

project_name = services

user_domain_name = Default

project_domain_name = Default

auth_uri = http://192.168.11.106:5000/v3

vi /etc/neutron/api-plaste.ini

[filter:authtoken]

auth_plugin = password

auth_url = http://192.168.11.106:35357

username = neutron

password = 4798e05ba11948cf

project_name = services

user_domain_name = Default

project_domain_name = Default

auth_uri = http://192.168.11.106:5000/v3

[neutron]

url=http://192.168.11.106:9696

admin_auth_url=http://192.168.11.106:5000/v3

default_tenant_id=default

region_name = RegionOne

project_domain_id = default

project_name = services

user_domain_id = default

password = 4798e05ba11948cf

username = neutron

auth_url = http://192.168.11.106:35357

auth_plugin = password

openstack-config –set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://192.168.11.106:5000/v3

openstack-config –set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://192.168.11.106:5000/v3

cinder

[filter:authtoken]

auth_plugin = password

auth_url = http://192.168.11.106:35357

username = cinder

password = db1909452d844617

project_name = services

user_domain_name = Default

project_domain_name = Default

paste.filter_factory = keystonemiddleware.auth_token:filter_factory

admin_tenant_name=services

auth_uri=http://192.168.11.106:5000/v3

glance

vi /etc/glance/glance-registry.conf

[keystone_authtoken]

auth_uri=http://192.168.11.106:5000/v3

auth_plugin = password

auth_url = http://192.168.11.106:35357

username = glance

password = 1566c4b41e424ef1

user_domain_name = Default

project_name = services

project_domain_name = Default

openstack-config –set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://192.168.11.106:5000/v3

Modify the Horizon

vi /etc/openstack-dashboard/local_settings

OPENSTACK_API_VERSIONS = {

“identity”: 3

}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘Default’

OPENSTACK_KEYSTONE_URL = “http://192.168.11.106:5000/v3”

restart openstack service

openstack-service restart keystone

openstack-service restart nova

openstack-service restart glance

openstack-service restart cinder

openstack-service restart neutron

/bin/systemctl restart httpd.service