注意要 按顺序 搭建服务,在 CentOS 7 安装 Openstack Rocky 版本 - 环境搭建 的基础上安装服务。
Identity service - 身份认证服务(Keystore)
在 控制节点 安装
数据库配置
连接数据库
数据库操作
1
2
3
4
5
6
7
8
9
|
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'mariadb-keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'mariadb-keystone';
exit
|
安装配置 Keystore
部署 Fernet 令牌和 Apache HTTP 服务器来处理请求
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
yum install openstack-keystone httpd mod_wsgi -y
vim /etc/keystone/keystone.conf
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password admin-123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
|
配置 Apache HTTP 服务器
1
2
3
4
5
6
7
8
9
10
11
|
vim /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
|
创建域、项目、用户、角色
设置管理员账户(环境变量)
admin-123456 为初始化服务 keystone-manage bootstrap --bootstrap-password 设置的密码
1
2
3
4
5
6
7
| export OS_USERNAME=admin
export OS_PASSWORD=admin-123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
|
创建 service 项目
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
|
创建项目、用户、角色,并将项目和用户添加到角色中
- 项目:
Demo Project
- 用户:
myuser
- 角色:
myrole
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
|
验证
使用不同的域、项目、用户、角色请求令牌
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
|
创建环境脚本
创建脚本 admin-openrc
1
2
3
4
5
6
7
8
9
10
11
12
| cat <<EOF>> admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin-123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
|
创建脚本 demo-openrc
1
2
3
4
5
6
7
8
9
10
11
12
| cat <<EOF>> demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser-123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
|
使用脚本加载环境变量,然后请求认证令牌
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
. admin-openrc
openstack token issue
|
wechat
alipay
