|
|
keystone配置
/etc/keystone/keystone.conf配置:
[DEFAULT]
admin_token=91c81bf488a68a6621a5
admin_port=35757
public_port=5005
public_endpoint=http://localhost:%(public_port)s/
admin_endpoint=http://localhost:%(admin_port)s/
verbose=True
[database]
connection = mysql://keystone:keystone@localhost/keystone
[memcache]
servers=localhost:11211
[revoke]
driver=keystone.contrib.revoke.backends.sql.Revoke
[token]
provider=keystone.token.providers.uuid.Provider
driver = keystone.token.backends.sql.Token
[extra_headers]
Distribution = Ubuntu
/etc/apache2/apache2.conf里面添加 ServerName 127.0.0.1
/etc/apache2/sites-available/wsgi-keystone.conf : (改端口,免得被tcp6占用)
Listen 5005
Listen 35757
<VirtualHost *:5005>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35757>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
本地SAIO配置
/etc/swift/proxy-server.conf:
[DEFAULT]
bind_ip = 127.0.0.1
bind_port = 8080
workers = 1
user = meow
log_facility = LOG_LOCAL1
eventlet_debug = true
swift_dir = /etc/swift
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken proxy-server
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,_member_
reseller_prefix=AUTH_
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
signing_dir = /home/meow/keystone-signing
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35757
service_host=127.0.0.1
service_port=5005
auth_uri=http://localhost:35757/v2.0
identity_uri=http://localhost:35757
admin_token = 91c81bf488a68a6621a5
admin_tenant_name = service
admin_user = meow
admin_password = 123456
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:crossdomain]
use = egg:swift#crossdomain
[filter:dlo]
use = egg:swift#dlo
[filter:slo]
use = egg:swift#slo
[filter:container_sync]
use = egg:swift#container_sync
current = //saio/saio_endpoint
[filter:tempurl]
use = egg:swift#tempurl
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:staticweb]
use = egg:swift#staticweb
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:versioned_writes]
use = egg:swift#versioned_writes
allow_versioned_writes = true
[filter:copy]
use = egg:swift#copy
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
几个出现的错误:
错误:'NoneType' object has no attribute 'has_service_catalog'
无法获取token
显示'NoneType' object has no attribute 'has_service_catalog'
解决方法:删除环境变量
错误:"get_version_v2() got an unexpected keyword argument 'auth'\"
解决方法:将URL:http://localhost:5000/v2.0/改为:
http://localhost:5000/
http://localhost:5000/v2.0/tokens/
本机通过CURL访问keystone查询SAIO container
curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "test", "password": "testing"}}}'
-H "Content-type: application/json" http://127.0.0.1:5005/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1259 100 1159 100 100 2427 209 --:--:-- --:--:-- --:--:-- 2424
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"78c7d84b9d194b1c9ac9d38df11bc07c"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
"id": "80124aade3994f9496ae52b6a3f27bc9",
"internalURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
"publicURL": "http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5",
"region": "regionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "object-stoer"
},
{
"endpoints": [
{
"adminURL": "http://localhost:35757/v2.0",
"id": "97f87268f02d4c788a86a437e7ebabd6",
"internalURL": "http://localhost:5005/v2.0",
"publicURL": "http://localhost:5005/v2.0",
"region": "regionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"expires": "2017-03-23T08:42:02Z",
"id": "eb265e79f5fa4849ab56edb60c1df884",
"issued_at": "2017-03-23T07:42:02.677553",
"tenant": {
"description": "Admin Tenant",
"enabled": true,
"id": "a9333d8f415043709fdbf649a51c78b5",
"name": "admin"
}
},
"user": {
"id": "e6d914c94a064645a7e5b97be1c08877",
"name": "test",
"roles": [
{
"name": "admin"
}
],
"roles_links": [],
"username": "test"
}
}
}
curl -v -H 'X-Auth-Token: c8d5d45c42484c7d81d6d2ddd1c1258b' http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /v1/AUTH_a9333d8f415043709fdbf649a51c78b5 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
> X-Auth-Token: c8d5d45c42484c7d81d6d2ddd1c1258b
>
< HTTP/1.1 204 No Content
< Content-Type: text/plain; charset=utf-8
< X-Account-Object-Count: 0
< X-Timestamp: 1490255452.34606
< X-Account-Bytes-Used: 0
< X-Account-Container-Count: 0
< X-Put-Timestamp: 1490255452.34606
< X-Trans-Id: tx95806cf5365b4b03ba1f6-0058d37e5c
< X-Openstack-Request-Id: tx95806cf5365b4b03ba1f6-0058d37e5c
< Content-Length: 0
< Date: Thu, 23 Mar 2017 07:50:52 GMT
<
* Connection #0 to host localhost left intact
本机通过libcloud链接keystone查询openstack SAIO
from libcloud.storage.types import Provider
from libcloud.storage.providers import get_driver
import libcloud.security
cls = get_driver(Provider.OPENSTACK_SWIFT)
driver = cls('admin', '123456',\
region = 'regionOne',\
ex_force_auth_url='http://127.0.0.1:5005/v2.0/tokens/',\
ex_force_service_type='object-stoer',\
ex_force_service_name='swift',\
ex_force_auth_version='2.0_password',\
ex_force_auth_token='7a71c7795fe449bf994ce167760a23ee',\
ex_force_base_url='http://localhost:8080/v1/AUTH_a9333d8f415043709fdbf649a51c78b5')
print(driver.list_containers())
# get the result [] because no containers here
from libcloud.storage.types import Provider
from libcloud.storage.providers import get_driver
import libcloud.security
cls = get_driver(Provider.OPENSTACK_SWIFT)
driver = cls('admin', '123456',\
region = 'regionOne',\
ex_force_auth_url='http://127.0.0.1:5005/v2.0/tokens/',\
ex_force_service_type='object-stoer',\
ex_force_service_name='swift',\
ex_force_auth_version='2.0_password')
print(driver.list_containers())
# always cant get the service and endpoint
获取不到endpoint,如果给出token和url绕过验证,则可以访问swift。
keystone一些命令:
创建tenant:
keystone --os-token 91c81bf488a68a6621a5 --os-endpoint http://localhost:35357/v2.0 tenant-create --name admin --description "Admin Tenant"
创建user:
keystone user-create --name admin --pass 123456
创建role:
keystone role-create --name admin
role添加user:
keystone user-role-add --user admin --role admin --tenant admin
创建service:
keystone service-create --name keystone --type identity
创建endpoint:
keystone endpoint-create --service keystone --region regionOne --publicurl http://localhost:5005/v2.0 --internalurl http://localhost:5005/v2.0 --adminurl http://localhost:35757/v2.0
显示所有的tenant:
keystone --os-tenant-name admin --os-username admin --os-password 123456 tenant-list
用户获取token:
keystone --os-tenant-name admin --os-username admin --os-password 123456 --os-auth-url http://localhost:35757/v2.0 token-get |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-6-26 15:23:07
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡