Openstack Train配置手册-Keystone配置及操作

[root@node1 ~]# mysql -u root -p
......
......

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[root@node1 ~]# yum --enablerepo=centos-openstack-train,epel install \
openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y

[root@node1 ~]# vim /etc/keystone/keystone.conf
# 取消430行注释,并指定Memcached的信息
memcache_servers = 192.168.10.11:11211

# 于571行,添加数据库相关信息
connection = mysql+pymysql://keystone:password@192.168.10.11/keystone

# 于2435行取消注释
[token]
provider = fernet

# 同步数据库
[root@node1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# 初始化秘钥
[root@node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# bootstrap keystone
[root@node1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \
--bootstrap-admin-url http://192.168.10.11:5000/v3/ \
--bootstrap-internal-url http://192.168.10.11:5000/v3/ \
--bootstrap-public-url http://192.168.10.11:5000/v3/ \
--bootstrap-region-id RegionOne

[root@node1 ~]# setsebool -P httpd_use_openstack on
[root@node1 ~]# setsebool -P httpd_can_network_connect on
[root@node1 ~]# setsebool -P httpd_can_network_connect_db on

[root@node1 ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[root@node1 ~]# firewall-cmd --reload
success

[root@node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@node1 ~]# systemctl enable --now httpd

1) 设定环境
[root@node1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.10.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '

[root@node1 ~]# chmod 600 ~/keystonerc
[root@node1 ~]# source ~/keystonerc
[root@node1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

2) 创建租户并验证
[root@node1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 7972f61f4a1c4f2592d2bb6dc7711e81 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 558ed85c8f84439a876cfd35150d0fe1 | admin   |
| 7972f61f4a1c4f2592d2bb6dc7711e81 | service |
+----------------------------------+---------+