以下配置都在控制节点配置:(实验前先快照,以防出错)
紧接上篇文章开始:OpenStack云计算平台基础环境准备-CSDN博客
1、安装配置Keystone
1.1、安装软件包
[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi
##安装软件包时,会自动创建名为keystone的linux用户及同名用户组,可以用一下信息查看相关信息
##
[root@controller ~]# cat /etc/passwd | grep keystone
keystone:x:163:983:OpenStack keystone Daemon:/var/lib/keystone:/sbin/nologin
[root@controller ~]# cat /etc/group | grep keystone
keystone:x:983:
1.2、创建数据库并且授权
[root@controller ~]# mysql -uroot -p00000 //进入数据库
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.5.25-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database keystone; //创建数据库
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.003 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.001 sec)MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)MariaDB [(none)]> EXIT;
Bye
1.3、修改Keystone配置文件
[root@controller ~]# vim /etc/keystone/keystone.conf
编辑keystone.conf文件,修改[database]部分,实现与数据库的连接,添加下面代码
connection=mysql+pymysql://keystone:000000@controller/keystone
修改[token]部分,配置令牌的加密方式
provider = fernet
1.4、初始化Keystone的数据库
同步数据库:
sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
检查数据库是否同步成功
mysql -uroot -p000000 //进入数据库
use keystone; //转换到keystone数据库show tables;
2、Keystone组件初始化
2.1、初始化Fernet密钥库
1、以下命令将自动创建/etc/keystone/fernet-keys/目录,并在该目录下生成两个Fernet密钥,用于加密和解密令牌
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2、以下命令将自动创建/etc/keystone/fernet-keys/目录,并在该目录下生成两个Fernet密钥,用于加密和解密用户凭证
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.2、初始化用户身份认证信息
已知OpenStack有一个默认用户admin,为admin用户初始化登录凭证
sudo keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3 --bootstrap-internal-url http://controller:5000/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne
2.3、配置Web服务
本机使用的是Apache服务,为服务器增加WSGI支持
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
上面命令将wsgi-keystone.conf软连接到/etc/httpd/conf.d/,不是复制,类似快捷方式
修改配置
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
添加ServerName controller
重启Apache服务
systemctl enable httpd
systemctl start httpd
systemctl status httpd
3、模拟登录
3.1、创建初始化环境变量文件
vim admin-login
添加
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3.2、导入环境变量进行验证
source admin-login
export -p //查看现有环境变量
4、检测Keystone服务
4.1、创建与查阅项目列表
//创建project的项目
[root@controller ~]# openstack project create --domain default project
[root@controller ~]# openstack project list //查看现有项目列表
[root@controller ~]# openstack role create user //创建角色与查阅角色列表
[root@controller ~]# openstack role list //查看现有角色列表
[root@controller ~]# openstack domain list //查看现有域列表
[root@controller ~]# openstack user list 查看现有用户列表
