openstack安装(2)——keystone
keystone是openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。具体作用请看相关官方文档。这里我使用的是mysql来存储keystone的数据。keystone
Host:keystone
ip:192.168.0.106
mysql, keystone
1、安装
1)安装数据库
sudoapt-get install mysql-server mysql-client python-mysqldb
进/etc/mysql/my.cnf里,将bind-address=127.0.0.1改成 0.0.0.0。这样远程主机就可以连接上这个mysql。
重启mysql服务。sudo service mysql restart
2)安装keystone
Ø安装软件
sudoapt-get install keystone
创建keystone数据库,并创建用户以及分配权限。
create database keystone;
grant all on keystone.* to 'keystone'@'%' identified by 'keystonepwd';
Ø配置keystone
配置keystone,修改/etc/keystone/keystone.conf文件:
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:keystonepwd@192.168.0.106/keystone
这里注意一下该文件里的这部份信息,记住admin_token参数,以后会用的上,这个参数是用来访问keystone服务的。默认是ADMIN,也可以改成别的。
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config =/etc/keystone/logging.conf
重启keystone服务
sudoservice keystone restart
同步数据库,
sudokeystone-manage db_sync
然后去数据库里看,
mysql>show tables;
+------------------------+
|Tables_in_keystone |
+------------------------+
|ec2_credential |
|endpoint |
|metadata |
|migrate_version |
|role |
|service |
|tenant |
|token |
|user |
|user_tenant_membership |
+------------------------+
2、使用keystone
导入环境变量,当然也可以在每次执行keystone命令时加上这方面的参数,keystone 命令格式参见它的help
export SERVICE_TOKEN=ADMIN
exportSERVICE_ENDPOINT=http://192.168.0.106:35357/v2.0
添加tenant:
keystonetenant-create --name adminTenant --description "Admin Tenant"--enabled true
keystone@keystone:~$keystone tenant-list
+----------------------------------+-------------+---------+
| id | name | enabled |
+----------------------------------+-------------+---------+
|72a95ab302cc42d59e6f414769dcfec7 | adminTenant | True |
+----------------------------------+-------------+---------+
添加user:
keystoneuser-create --tenant_id 72a95ab302cc42d59e6f414769dcfec7 --name admin --passopenstack --enabled true
keystone@keystone:~$ keystone user-list
+----------------------------------+---------+-------+-------+
| id | enabled | email |name |
+----------------------------------+---------+-------+-------+
|4fd5ba059a6945c0a43ff63b0140b0a9 | True | None| admin |
+----------------------------------+---------+-------+-------+
添加role
keystonerole-create --name adminRole
keystone@keystone:~$ keystone role-list
+----------------------------------+-----------+
| id | name|
+----------------------------------+-----------+
|675b96a12d834021b519ef50502a5e5e | adminRole |
+----------------------------------+-----------+
将这三者关联
keystoneuser-role-add --user 4fd5ba059a6945c0a43ff63b0140b0a9 --tenant_id72a95ab302cc42d59e6f414769dcfec7 --role 675b96a12d834021b519ef50502a5e5e
这样就ok了。测试一下,用curl工具测试。
sudo apt-get install curl
我们先输入一个错误的密码试试
curl-d '{"auth": {"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "wrong"}}}' -H"Content-type: application/json" http://192.168.0.106:35357/v2.0/tokens| python -mjson.tool
返回结果
{
"error":{
"code":401,
"message":"Invalid user / password",
"title":"Not Authorized"
}
}
如果用户名/密码都正确的话
curl -d'{"auth": {"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "openstack"}}}' -H "Content-type:application/json" http://192.168.0.106:35357/v2.0/tokens | python-mjson.tool
就会返回很多信息,如token、user等,内容太多了,这里我就不贴了。
过来看看的 解释就系掩饰,掩饰等于无出色,无出色不如回家休息!!! 生我之前谁是我,生我之后我是谁? 看尽天下A片,心中自然无码~ 鸳鸳相抱何时了,鸯在一边看热闹。 学习了,不错,讲的太有道理了
页:
[1]