Openstack配置手册-Keystone配置及操作

[root@node1 ~]# mysql -u root -p

......
......

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[root@node1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y

============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)
           Requires: python2-qpid-proton >= 0.28.0

2. 解决方法
[root@node1 ~]# yum install -y \
https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm \
https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================

[root@node1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.10.11:11211

# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:password@192.168.10.11/keystone

# 于[token],添加2879行内容
[token]
provider = fernet

# 同步数据库
[root@node1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# 初始化秘钥
[root@node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# bootstrap keystone
[root@node1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \
--bootstrap-admin-url http://192.168.10.11:5000/v3/ \
--bootstrap-internal-url http://192.168.10.11:5000/v3/ \
--bootstrap-public-url http://192.168.10.11:5000/v3/ \
--bootstrap-region-id RegionOne

[root@node1 ~]# setsebool -P httpd_use_openstack on
[root@node1 ~]# setsebool -P httpd_can_network_connect on
[root@node1 ~]# setsebool -P httpd_can_network_connect_db on

[root@node1 ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[root@node1 ~]# firewall-cmd --reload
success

[root@node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@node1 ~]# systemctl enable --now httpd

1) 设定环境
[root@node1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.10.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '

[root@node1 ~]# chmod 600 ~/keystonerc
[root@node1 ~]# source ~/keystonerc
[root@node1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

2) 创建租户并验证
[root@node1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 1be75e85ec9445ab9ff7dd7ec2f02b71 | service |
| 6f83afcc475b440bb9816ea20ba26c5f | admin   |
+----------------------------------+---------+