本文共 1937 字,大约阅读时间需要 6 分钟。
在部署OpenStack时,各大组件之间通过API对接,但在进行调用时会进行权限认证。因此,首先必须安装Keystone,这是립니다 Apache也需要安装,因为我们是通过Apache对组件间的API进行承载。安装其他核心组件如glance、nova、neutron等,通常是接下来的步骤。
mysql -u root -pcreate database keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';flush privileges;exit
安装Keystone、Apache和mod_wsgi
yum -y install openstack-keystone httpd mod_wsgi
配置Keystone配置文件
cp /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/wsgi-keystone.conf
启动Apache服务
systemctl enable httpdsystemctl start httpd
配置数据库连接
openstack-config --set /etc/keystone/keystone.conf database connection.mysql+pymysql://keystone:KEYSTONE_DBPASS@ct/keystone
配置Fernet token提供者
openstack-config --set /etc/keystone/keystone.conf token provider fernet
初始化Fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone
初始化认证服务
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://ct:5000/v3/ --bootstrap-internal-url http://ct:5000/v3/ --bootstrap-public-url http://ct:5000/v3/ --bootstrap-region-id RegionOne
配置管理员环境变量
cat > ~/.bashrcexport OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://ct:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2source ~/.bashrc
openstack token issue --.invalidate_cache
openstack project create --domain default --description "Service Project" service
openstack role create --description "User Role" user
openstack role list
openstack role list --details
openstack token issue
转载地址:http://iqezk.baihongyu.com/