keystone 安装随笔
keystone 代码库git clone https://git.openstack.org/openstack/keystone.git
cd keystone
keystone配置文件
etc/keystone.conf.sample
etc/keystone-paste.ini
etc/logging.conf.sample
etc/default_catalog.templates
etc/sso_callback_template.html
keystone主配置文件说明keystone.conf
- General configuration
- Assignment system driver configuration
- Authentication plugin configuration
- Caching layer configuration
- Service catalog driver configuration
- Credential system driver configuration
- Domain configuration
- Endpoint filtering configuration
- Endpoint policy configuration
- Federation driver configuration
- Fernet token configuration
- Identity system driver configuration
- Identity mapping system driver configuration
- KVS storage backend configuration
- LDAP configuration options
- Memcache configuration options
- OAuth 1.0a system driver configuration
- Pointer to the PasteDeploy configuration file
- Policy system driver configuration for RBAC
- Resource system driver configuration
- Revocation system driver configuration
- Role system driver configuration
- SAML configuration options
- Security compliance configuration
- Shadow user configuration
- Cryptographic signatures for PKI based tokens
- Token driver & token provider configuration
- Tokenless authentication configuration
- Trust configuration
keystone标准配置文件位置及优先规则
~/.keystone/
~/
/etc/keystone/
/etc/
也可以通过指定参数 --config-file 形式指定配置文件位置来配置keystone
安装依赖包,yum源先配置好
yum install -y python2-pippython-devel openssl-devel mariadb-server mariadb-devel libxslt-devellibudev-devellibffi-devellibvirtqemu-kvmvirt-install python-numdisplay rabbitmq-server memcached python-memcached
安装keystone依赖包
升级pip
pip install --upgrade pip
安装包分发工具
pip install pbr
升级安装six,newton要求six>=1.10.0,默认的系统six模块不满足
pip install six --upgrade
安装keystone依赖
pip install .
安装keystone服务
python setup.py install
安装其它依赖
pip install Mysql-python
pip install uwsgi
pip install pymysql
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
设置项目,用户,和角色
keystone-manage bootstrap命令通过指定对应的参数
创建用户 --bootstrap-username
创建项目 --bootstrap-project-name
创建角色 --bootstrap-role-name
同样的,也可以预定义系统环境变量
对应的变量名
OS_BOOTSTRAP_USERNAME
OS_BOOTSTRAP_PROJECT_NAME
OS_BOOTSTRAP_ROLE_NAME
对于创建用户是必须提供一个密码参数的,通过
--bootstrap-password 指定用户密码
同样也支持系统预定义变量
OS_BOOTSTRAP_PASSWORD
可选的参数
--bootstrap-public-url
--bootstrap-admin-url
--bootstrap-internal-url
以上参数通过指定不同的端点创建一个身份认证服务,同样如果有需要可以配置
--bootstrap-region-id
--bootstrap-service-name
执行命令至少需要指定的参数
keystone-manage bootstrap --bootstrap-password s3cr3t
完整的命令参数
keystone-manage bootstrap \
--bootstrap-password s3cr3t \
--bootstrap-username admin \
--bootstrap-project-name admin \
--bootstrap-role-name admin \
--bootstrap-service-name keystone \
--bootstrap-region-id RegionOne \
--bootstrap-admin-url http://localhost:35357 \
--bootstrap-public-url http://localhost:5000 \
--bootstrap-internal-url http://localhost:5000
以上命令将会创建一个admin用户,角色为admin,在admin项目上,这个用户指定了一个认证密码,
⚠️ 这个用户和这个项目将被创建到default 域
通过命令验证
openstack project list --os-username admin --os-project-name admin \
--os-user-domain-id default --os-project-domain-id default \
--os-identity-api-version 3 --os-auth-url http://localhost:5000 \
--os-password s3cr3t
页:
[1]