1.在controller節(jié)點(diǎn)上安裝keystone

root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

2.配置

[root@controller ~]# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak [root@controller ~]# Keys=$(openssl rand -hex 10) [root@controller ~]# echo "kestone $Keys">>~/openstack.log

echo "
[DEFAULT]
admin_token = $Keys
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = controller:11211
">/etc/keystone/keystone.conf

[root@controller ~]# cat /etc/keystone/keystone.conf [DEFAULT] admin_token = 2562bfbfacd795832772 verbose = true [database] connection = mysql+pymysql://keystone:keystone@controller/keystone [token] provider = fernet driver = memcache [memcache] servers = controller:11211

3.填充數(shù)據(jù)庫(kù)

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #日志文件所處位置 [root@controller ~]# ll /var/log/keystone/keystone.log -rw-rw---- 1 root keystone 16062 Sep 4 01:05 /var/log/keystone/keystone.log #查看數(shù)據(jù)庫(kù) [root@controller ~]# mysql -h controller -ukeystone -pkeystone -e "use keystone;show tables;"

4.初始化Fernet key

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5.初始化服務(wù)

# keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

6.配置httpd

[root@controller ~]# vim /etc/httpd/conf/httpd.conf #修改ServerName為主機(jī)名 ServerName controller [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service

7.創(chuàng)建登陸腳本

[root@controller ~]# cat admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 [root@controller ~]# cat demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2

8.創(chuàng)建domain, projects, users, and roles

#先使用腳本登陸admin [root@controller ~]# . admin-openstack.sh

①創(chuàng)建service project

openstack project create --domain default --description "Service Project" service

②創(chuàng)建demo project

openstack project create --domain default --description "Demo Project" demo

③創(chuàng)建demo user

openstack user create --domain default --password-prompt demo

④創(chuàng)建 user role

openstack role create user

⑤將user role添加到demo project和user

openstack role add --project demo --user demo user

9.驗(yàn)證操作

①注銷(xiāo)登陸

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

②驗(yàn)證admin用戶(hù)

openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

③驗(yàn)證demo用戶(hù)

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

④使用腳本查看

[root@controller ~]# . admin-openstack.sh [root@controller ~]# openstack token issue

轉(zhuǎn)載于:https://blog.51cto.com/lullaby/2169980

《新程序員》：云原生和全面數(shù)字化實(shí)踐50位技術(shù)專(zhuān)家共同創(chuàng)作，文字、視頻、音頻交互閱讀

總結(jié)

以上是生活随笔為你收集整理的OpenStack Pike Minimal安装：二、身份认证的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。