openstack之keystone

jhhll1 · 发表于 2016-11-1 09:04:37

keystone在openstack中充当认证作用
用户与认证：用户权限和用户行为跟踪
服务目录：提供一个服务目录，包括所有服务项和API端点

1、安装keystone
yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached -y

[iyunv@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[iyunv@controller ~]# systemctl start memcached.service

2、配置keystone配置文件
[iyunv@controller keystone]# grep -n "^[a-Z]" /etc/keystone/keystone.conf
12:admin_token = ADMIN
107:verbose = true
495:connection = mysql://keystone:keystone@172.16.80.130/keystone
1313:servers = 172.16.80.130:11211
1718:driver = sql
1911:provider = uuid
1916:driver = memcache

3、导入数据库
[iyunv@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone
4、检查导入结果
[iyunv@controller keystone]# mysql -e 'use keystone;show tables;'

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

5、配置keystone的http服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

[iyunv@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller

[iyunv@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
   ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
      <IfVersion >= 2.4>
         Require all granted
      </IfVersion>
      <IfVersion < 2.4>
         Order allow,deny
         Allow from all
      </IfVersion>
</Directory>
</VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
   ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
      <IfVersion >= 2.4>
         Require all granted
      </IfVersion>
      <IfVersion < 2.4>
         Order allow,deny
         Allow from all
      </IfVersion>
</Directory>
</VirtualHost>

[iyunv@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[iyunv@controller ~]# systemctl start httpd.service

6、注册keystone api服务，创建project.user,role

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

7、创建admin项目

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

8、创建一个普通用户demo,demo项目，角色为普通用户（uesr）

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

9、验证相关

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

10、创建环境变量

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

[iyunv@controller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://172.16.80.130:35357/v3
export OS_IDENTITY_API_VERSION=3
[iyunv@controller ~]#
[iyunv@controller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://172.16.80.130:5000/v3
export OS_IDENTITY_API_VERSION=3
[iyunv@controller ~]#
[iyunv@controller ~]# source admin-openrc.sh
[iyunv@controller ~]#
[iyunv@controller ~]# openstack token issue
+------------+----------------------------------+
| Field    | Value                         |
+------------+----------------------------------+
| expires | 2016-10-29T18:00:54.127266Z    |
| id       | 2e9bfe2f30b941e391a987784ad31daf |
| project_id | 8a3b7f9f1b2c4f7eaf7780d268e672d1 |
| user_id | d1ea9577f35247a794f92598fbb6cd00 |
+------------+----------------------------------+
[iyunv@controller ~]#
[iyunv@controller ~]#
[iyunv@controller ~]# source demo-openrc.sh
[iyunv@controller ~]#
[iyunv@controller ~]# openstack token issue
+------------+----------------------------------+
| Field    | Value                         |
+------------+----------------------------------+
| expires | 2016-10-29T18:01:05.293502Z    |
| id       | f2b7f727e4d74aa88a315012f6f7d1f0 |
| project_id | 3653ec22551f472b94e9438bcd9097bf |
| user_id | da1ed7fb5f494091a633afd6da29f900 |
+------------+----------------------------------+

账号		自动登录	找回密码
密码			立即注册

wirelessnetview好用的无线分析工具

亿图图示专家(EDraw Max) V7.9 中文破解版

zabbix3.4.1安装部署+微信推送信息+大屏显

Red Hat OpenShift I: Containers & Kubern

2025 年，C++ 还能“硬核”多久？

RH199 RHCSA Rapid Track

Red Hat RHCE 8 (EX294) Cert Guide

[经验分享] openstack之keystone

浏览过的版块

扫码加入运维网微信交流群