身份验证服务Keystone
官方文档:https://docs.openstack.org/keystone/train/install/
1、初始化数据库
MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
2、安装Keystone
[root@openstack-controller ~]# yum install openstack-keystone httpd mod_wsgi
3、编辑配置文件:/etc/keystone/keystone.conf
[database] connection = mysql+pymysql://keystone:keystone123@openstack-controller.local/keystone ...... [token] expiration = 3600 provider = fernet ......
4、初始化数据库:
[root@openstack-controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
5、初始化密钥库:
[root@openstack-controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@openstack-controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6、创建身份服务:
[root@openstack-controller ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://openstack-controller.local:5000/v3/ --bootstrap-internal-url http://openstack-controller.local:5000/v3/ --bootstrap-public-url http://openstack-controller.local:5000/v3/ --bootstrap-region-id RegionOne
7、配置Apache服务器: /etc/httpd/conf/httpd.conf
...... ServerName openstack-controller.local:80
8、完成安装启动服务
[root@openstack-controller ~]# systemctl enable httpd.service
[root@openstack-controller ~]# systemctl start httpd.service
服务重启方法:systemctl restart httpd
日志存放路径:/var/log/httpd/keystone.log
用于验证身份的环境变量:/root/admin.sh
#!/bin/bash export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://openstack-controller.local:5000/v3 export OS_IDENTITY_API_VERSION=3
服务验证方法:
[root@openstack-controller ~]# source admin.sh
[root@openstack-controller ~]# openstack user list
创建测试domain:
[root@openstack-controller ~]# openstack domain create --description "An Example Domain" example
创建service项目:
[root@openstack-controller ~]# openstack project create --domain default --description "Service Project" service
查看创建的domain:
[root@openstack-controller ~]# openstack domain list