[root@ct ~]# yum -y install openstack-keystone httpd mod_wsgi //mod_wsgi包的作用是让apache能够代理python程序的组件;openstack的各个组件,包括API都是用python写的,但访问的是apache,apache会把请求转发给python去处理,这些包只安装在controler节点
[root@ct ~]# cp -a /etc/keystone/keystone.conf{,.bak}
[root@ct ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
[root@ct ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
[root@ct ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@ct ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@ct ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@ct ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
> --bootstrap-admin-url http://ct:5000/v3/ \
> --bootstrap-internal-url http://ct:5000/v3/ \
> --bootstrap-public-url http://ct:5000/v3/ \
> --bootstrap-region-id RegionOne //指定一个区域名称
//admin-url是管理网,用于管理虚拟机的扩容或删除,业务量大时,会造成无法通过openstack的控制端扩容虚拟机,所以需要一个管理网(如公有云内部openstack管理网络)
//internal-url是内部网络,进行数据传输,如虚拟机访问存储和数据库、zookeeper等中间件,这个网络是不能被外网访问的,只能用于企业内部访问
//public-url是共有网络,可以给用户访问的(如公有云)
//5000端口是keystone提供认证的端口
//多节点的话需要在haproxy服务器上添加一条listen,各种网络的url需要指定controler节点的域名,一般是haproxy的vip的域名(高可用模式)
[root@ct ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf 
[root@ct ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
//安装完mod_wsgi包后,会生成 wsgi-keystone.conf 这个文件,文件中配置了虚拟主机及监听了5000端口,mod_wsgi就是python的网关 
[root@ct ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@ct ~]# systemctl start httpd
[root@ct ~]# netstat -antp | grep 80
tcp 0 0 192.168.100.1:2380 0.0.0.0:* LISTEN 37679/etcd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9805/master
tcp6 0 0 :::80 :::* LISTEN 39621/httpd
tcp6 0 0 ::1:25 :::* LISTEN 9805/master 
[root@ct ~]# cat >> ~/.bashrc << EOF
export OS_USERNAME=admin //控制台登陆用户名
export OS_PASSWORD=ADMIN_PASS //控制台登陆密码
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://ct:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
[root@ct ~]# source ~/.bashrc 
[root@ct ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 207beb31d1a34ead95a25a4df847500e | admin |
+----------------------------------+-------+ 
[root@ct ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 8db5b6617b954d80b3c200863e76ca4f |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+ 
[root@ct ~]# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 3d6223ec9955431b88f2af47b09425ba |
| name | user |
| options | {} |
+-------------+----------------------------------+
[root@ct ~]# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 3d6223ec9955431b88f2af47b09425ba | user |
| 6ea78d6d18344aed9e86ba615bdc787d | member |
| 98472db13fb040f6b6bf6f2e295bdebc | reader |
| a294e368d55149a7bcc0e2c6ae833656 | admin |
+----------------------------------+--------+
//admin为管理员
//member为 租户
//user:用户 
[root@ct ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-08-24T15:47:41+0000 |
| id | gAAAAABhJQaN7F-3rxqs9lzuWeUhAAdiOAPA5rJJFwE93ZBGsk4WlTSCjg8Tag7Z-_BG3JIk_5AJWeAxtbg85DzrJwtRN8bq3UoLyKFfPo4VHp9B89dgL2obbzzw1LhiPZkuh_4lK5twDkph8bgZKlbMJQ_2ggUhC_yNA3I-CPjnUQWpxARzoF8 |
| project_id | 2b924d5597424a75b3ff5283c980b44c |
| user_id | 207beb31d1a34ead95a25a4df847500e |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
