OpenStack OTACA版本安装-2.认证服务()

1.用数据库连接客户端以  用户连接到数据库服务器:

root
$ mysql -u root -p

2.创建  数据库:

keystone
MariaDB [(none)]> CREATE DATABASE keystone;

3.对“keystone“数据库授予恰当的权限:

KEYSTONE_DBPASS

4.退出数据库客户端

5.运行以下命令来安装包。

yum install openstack-keystone httpd mod_wsgi

6.编辑文件 

/etc/keystone/keystone.conf

[database]部分

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone//将``KEYSTONE_DBPASS``替换为你为数据库选择的密码。

[token]部分

[token]
# ...
provider = fernet

7.初始化身份认证服务的数据库:

su -s /bin/sh -c "keystone-manage db_sync" keystone

8.初始化Fernet key:

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

9.引导身份服务

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne//用合适的密码替代ADMIN_PASS

10.编辑“/etc/httpd/conf/httpd.conf“ 文件,配置“ServerName“ 选项为控制节点:

ServerName controller

11.创建一个链接到“/usr/share/keystone/wsgi-keystone.conf“文件

 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

12.启动 Apache HTTP 服务并配置其随系统启动:

# systemctl enable httpd.service
# systemctl start httpd.service

13.配置admin账户

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

14.创建service项目

openstack project create --domain default \
  --description "Service Project" service

15.创建脚本文件admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

16.使用脚本

. admin-openrc  //加载``admin-openrc``文件来身份认证服务的环境变量位置和``admin``项目和用户证书:
openstack token issue    //请求认证令牌:
————————

1.用数据库连接客户端以  用户连接到数据库服务器:

root
$ mysql -u root -p

2.创建  数据库:

keystone
MariaDB [(none)]> CREATE DATABASE keystone;

3.对“keystone“数据库授予恰当的权限:

KEYSTONE_DBPASS

4.退出数据库客户端

5.运行以下命令来安装包。

yum install openstack-keystone httpd mod_wsgi

6.编辑文件 

/etc/keystone/keystone.conf

[database]部分

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone//将``KEYSTONE_DBPASS``替换为你为数据库选择的密码。

[token]部分

[token]
# ...
provider = fernet

7.初始化身份认证服务的数据库:

su -s /bin/sh -c "keystone-manage db_sync" keystone

8.初始化Fernet key:

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

9.引导身份服务

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne//用合适的密码替代ADMIN_PASS

10.编辑“/etc/httpd/conf/httpd.conf“ 文件,配置“ServerName“ 选项为控制节点:

ServerName controller

11.创建一个链接到“/usr/share/keystone/wsgi-keystone.conf“文件

 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

12.启动 Apache HTTP 服务并配置其随系统启动:

# systemctl enable httpd.service
# systemctl start httpd.service

13.配置admin账户

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

14.创建service项目

openstack project create --domain default \
  --description "Service Project" service

15.创建脚本文件admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

16.使用脚本

. admin-openrc  //加载``admin-openrc``文件来身份认证服务的环境变量位置和``admin``项目和用户证书:
openstack token issue    //请求认证令牌: