【OpenStack】环境搭建- 配置keystone认证服务

雪糕是宝贝
248 阅读2分钟

image.png

开启掘金成长之旅!这是我参与「掘金日新计划 · 2 月更文挑战」的第 7 天,点击查看活动详情

配置keystone数据库

mysql -uroot -p

create database keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'D3LvC@F01xmR';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'D3LvC@F01xmR';
  • 确保数据库正确创建

image.png

配置Keystone

  • 生成一个随机值在初始化的配置中作为管理员的令牌
openssl rand -hex 10
29d609c7b9b56976227f

安装keystone服务

yum install openstack-keystone httpd mod_wsgi
  • 确保安装正确 image.png

编辑keystone文件

vi /etc/keystone/keystone.conf

[DEFAULT]
admin_token = 34b6cba3665df7ec6358 #使用前面步骤生成的随机数替换

[database]
connection = mysql+pymysql://keystone:D3LvC@F01xmR@10.8.4.38/keystone

[token]
provider = fernet

初始化身份认证服务的数据库并验证

su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql -ukeystone -pD3LvC@F01xmR -e "use keystone; show tables;"
  • 确保能够看到数据库信息

image.png

初始化Fernet keys

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  • 确保服务无报错

image.png

引导身份服务

Endpoint 通过网络来访问和定位某个Openstack service的地址,通常是一个URL。Endpoint 分为三类,admin、internal、public。

keystone-manage bootstrap --bootstrap-password D3LvC@F01xmR --bootstrap-admin-url http://10.8.4.38:5000/v3/ --bootstrap-internal-url http://10.8.4.38:5000/v3/ --bootstrap-public-url http://10.8.4.38:5000/v3/ --bootstrap-region-id RegionOne

配置Apache HTTP服务器

vi /etc/httpd/conf/httpd.conf

# 添加或者编辑

ServerName 10.8.4.38

创建/usr/share/keystone/wsgi-keystone.conf文件的链接

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动Apache HTTP服务并配置开机启动

systemctl enable httpd.service
systemctl start httpd.service
  • 确保5000端口正常启动 image.png

配置环境变量

  • vi /root/admin-openstack.sh

export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.8.4.38:5000/v3
export OS_IDENTITY_API_VERSION=3

加载环境变量

source admin-openstack.sh

测试1

openstack domain list

image.png

创建项目

openstack project create --domain default --description "Service Project" service

image.png

image.png

设置openstack 自动补全

安装bash-compeletion

yum install bash-completion -y


openstack complete >> /etc/bash_completion.d/complete

# vi /root/admin-openstack.sh
# 最后一行添加

export OS_USERNAME=admin
export OS_PASSWORD=D3LvC@F01xmR
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.8.4.38:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source /etc/bash_completion.d/complete

这样认证服务就完成啦,接下来会安装glance组件。

avatar
文章
阅读
粉丝