接着上次的OpenStack-T的安装
环境为:CentOS 7
OpenStack-T keystone官网文档:OpenStack Docs: Install and configure
详细内容可以看此视频:openstack-T版搭建运维全套视频_哔哩哔哩_bilibili
下面的链接是openstack-t的安装链接:
CSDNhttps://mp.csdn.net/mp_blog/creation/editor/123702147
ps:在安装和配置身份服务之前,您必须创建一个数据库,以下所以操作均在控制节点
# mysql -u root -p打上自己设置的密码,这里我的是123,不知道的可以看下上一篇文档的链接
1、创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.001 sec)
要保证计算机节点能连到数据库,这里我们就不用配置本地的数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'
IDENTIFIED BY 'keystone123';(这段本地的我们不用配置,只用配置下面的)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'
IDENTIFIED BY 'keystone123';效果如下:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
Query OK, 0 rows affected (0.001 sec)
2、安装和配置组件
运行以下命令来安装软件包:
# yum install openstack-keystone httpd mod_wsgi如果检测到没有的,使用以下命令再次安装完整的OpenStack包
# yum install centos-release-openstack-train -y编辑/etc/keystone/keystone.conf文件
# vim /etc/keystone/keystone.conf
在命令模式下使用/\[database],定位到database
[database]
connection = mysql+pymysql://keystone:keystone123@controller/keystone
[token]
provider = fernet
在下面添加
[database]
connection = mysql+pymysql://keystone:keystone123@controller/keystone再使用/\[token],定位到[token],并在下面添加:
[token]
provider = fernet配置完成,保存退出!
同步数据库(要求两节点可以ping通,计算节点要联通数据库)
# su -s /bin/sh -c "keystone-manage db_sync" keystone使用命令验证是否同步:
[root@localhost yum.repos.d]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> show tables;
+------------------------------------+
| Tables_in_keystone |
+------------------------------------+
| access_rule |
| access_token |
| application_credential |
| application_credential_access_rule |
| application_credential_role |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| limit |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| project_option |
| project_tag |
| region |
| registered_limit |
| request_token |
| revocation_event |
| role |
| role_option |
| sensitive_config |
| service |
| service_provider |
| system_assignment |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |
+------------------------------------+
48 rows in set (0.001 sec)
出现以上结果即为成功
初始化 Fernet 密钥存储库,创建令牌:
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone引导身份服务,这一步非常关键,创建界面,网络,区域都会有影响:
[root@localhost yum.repos.d]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOneadmin为适合管理用户的密码。
3、配置 Apache HTTP 服务器
编辑文件并配置引用控制器节点的选项:/etc/httpd/conf/httpd.conf
# vim /etc/httpd/conf/httpd.conf 在命令模式下输入/Server,定位到该位置
...
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName controller #添加一句
#
# Deny access to the entirety of your server's filesystem. You must
...并创建指向该文件的连接:
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/启动 Apache HTTP 服务,并将其配置为在系统启动时启动:
# systemctl enable httpd.service;systemctl start httpd.service检查下服务是否开启:
[root@localhost yum.repos.d]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2022-03-30 16:11:12 CST; 1min 8s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 9347 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Tasks: 6
CGroup: /system.slice/httpd.service
├─9347 /usr/sbin/httpd -DFOREGROUND
├─9348 /usr/sbin/httpd -DFOREGROUND
├─9349 /usr/sbin/httpd -DFOREGROUND
├─9350 /usr/sbin/httpd -DFOREGROUND
├─9351 /usr/sbin/httpd -DFOREGROUND
└─9352 /usr/sbin/httpd -DFOREGROUND
3月 30 16:11:11 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
3月 30 16:11:12 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
检查环境变量,看环境变量是否配对,这里我们写一个脚本,来判断:
# vim /etc/keystone/admin-openrc.sh
脚本中输入一下内容:
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用以下命令可以看到:
[root@localhost ~]# source /etc/keystone/admin-openrc.sh
[root@localhost ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 303a2bc09c2e4e8eaf228f0eb464f53a | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
| 39ae98682b304f59b4af214a90efffc1 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| 71cfc6ee81284bbe947bbb0aea7753eb | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
这里可以看到管理网、内网、公网的
然后我们再获取一下token
[root@localhost ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-03-30T11:03:20+0000 |
| id | gAAAAABiRCro9TbfZPc4iFNfQ_v8saN0k5WN17Ri3H5BJJ_S_DPVFAHu-CJ2tIUlrQjZOmbE10stRPj2ugtudYCA3Q8Ku104a4l-x4528SKutHiH0y_yHLpasNWwqwJs0N7xtMco5dsCcsrxm4WSeZbJSlfl1odNkqYbj8YlMyXRkhz8balMvyk |
| project_id | 186ed3a5e4b648968586b34c3e00cebb |
| user_id | 5adedd33881042a3b87857d30066cf2a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
成功!
4、创建域、项目、用户和角色
创建An Example Domain域
[root@localhost ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | c3b3450b09fe4b9fbdd7e511c30e1c29 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+创建服务项目,该项目包含添加到环境中的每个服务的唯一用户
[root@localhost ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 28afbd3216734f29adccddd870811643 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+创建常规(非管理员)任务应使用非特权项目和用户:
[root@localhost ~]# openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 6bd6f219b37449e1b8a0b424ac298ab8 |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+创建用户:myuser
# openstack user create --domain default --password-prompt myuser
# 密码统一设成myuser
[root@localhost ~]# openstack user create --domain default --password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 928eb63083a448658d59b5524eafd74b |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建角色:myrole:
[root@localhost ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 4eac39eaa5954a69aa68e87bd7def949 |
| name | myrole |
| options | {} |
+-------------+----------------------------------+ 将角色添加到项目和用户:myrolemyprojectmyuser
# openstack role add --project myproject --user myuser myrole5、验证
取消设置临时变量和环境变量:OS_AUTH_URLOS_PASSWORD
# unset OS_AUTH_URL OS_PASSWORD 作为用户,请求身份验证令牌:admin,密码为之前设置的admin
[root@localhost ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password:
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-03-30T12:01:31+0000 |
| id | gAAAAABiRDiLhdBzxWh6rRLsHHnSD_GP1o4lARbsB_CsbhAbi6DWiEILDrLuBNYP94_EgQw9eqIl-Uhlr35kkgHuPH6NzDiK8owDSZr3nLFg0lFM2ne-o0uicrbR4peR3_6ro80QnGe8gmX6mX6qUjLJYDK-G8_kU2rjhmT-zbtdCYDuO-4ZW1w |
| project_id | 186ed3a5e4b648968586b34c3e00cebb |
| user_id | 5adedd33881042a3b87857d30066cf2a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
作为在上一节中创建的用户,请求身份验证令牌:myuser文章来源:https://www.toymoban.com/news/detail-415972.html
[root@localhost ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
Password:
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-03-30T12:03:12+0000 |
| id | gAAAAABiRDjw0mkzidSkupMG_psUW6Cq8mtllFakV2_ICycxEpOUwdr1wTDFtfv13qh2P0GCaD0HU_TNmDRGQZfJ1rf0e34wHm1jgyqaBfLaX_9q27WRI2DjvmGxZv_j9VeiIIIfFDzcrknE-4bFQ5eKbbiB4PNzHoCh1q0DUllIGDSGnj9Izzs |
| project_id | 6bd6f219b37449e1b8a0b424ac298ab8 |
| user_id | 928eb63083a448658d59b5524eafd74b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
验证成功!文章来源地址https://www.toymoban.com/news/detail-415972.html
到了这里,关于安装KeyStone服务(在控制节点上操作)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
