1-keystone 部署
https://github.com/openstack/keystone
最新版为rocky
1. 进入mysql
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'mhc.123';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'mhc.123';
grant all privileges on keystone.* to 'keystone'@'mysql所在主机ip或名' identified by 'mhc.123';
2. 生成随机token
# openssl rand -hex 10
4ef3736eec4c79501690
3.
# yum install python-pip httpd mod_wsgi
# git clone https://github.com/openstack/keystone.git
# git checkout -b rocky remotes/origin/stable/rocky
# yum install python-devel openssl-devel -y
# pip install PyMySQL
# pip install -r requirements.txt
# python setup.py install
配置文件 https://docs.openstack.org/keystone/latest/configuration/samples/keystone-conf.html
放到/etc/keystone/keystone.conf
修改后: https://github.com/mhcvs2/docker/blob/master/openstack/keystone/keystone.conf
4. 同步数据库
# keystone-manage db_sync
5. 配置apache2
/etc/httpd/conf.d/wsgi-keystone.conf
https://github.com/mhcvs2/docker/blob/master/openstack/keystone/wsgi-keystone.conf
# useradd keystone
# chown -R keystone:keystone /etc/keystone
# mkdir /var/log/apache2/
# vim /etc/selinux/config
SELINUX=disable
# setenforce 0
# systemctl start httpd.service
# systemctl enable httpd.service
6. # pip install python-openstackclient
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
7. 创建keystone的service entity
# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | eb98e1799e7c481ca1e359a522d97a7d |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
8. 创建keystone的api endpoint
# openstack endpoint create --region RegionOne identity public http://v460:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c06bfef610dd43118b6ed1ebda58e90d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb98e1799e7c481ca1e359a522d97a7d |
| service_name | keystone |
| service_type | identity |
| url | http://v460:5000/v2.0 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne identity internal http://v460:5000/v2.0
# openstack endpoint create --region RegionOne identity admin http://v460:35357/v2.0
-----------------------------------------------------
9. 创建一个默认的域“default”
# openstack domain create --description "Default Domain" default
10. 创建admin project
# openstack project create --domain default --description "Admin Project" admin
创建admin user
# openstack user create --domain default --password-prompt admin
创建admin role
# openstack role create admin
# openstack role add --project admin --user admin admin
# openstack project create --domain default --description "Service Project" service
# openstack project create --domain default --description "Demo Project" demo
# openstack user create --domain default --password-prompt demo
# openstack role create user
# openstack role add --project demo --user demo user
openstack --os-auth-url http://v460:35357/v3 --os-identity-api-version 3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
# openstack token issue
最新文章
- Apache Spark简单介绍、安装及使用
- 安装Nvidia k80驱动步骤
- 硬盘变成RAW的修复过程
- GIT命令(急速学习)
- 玩转Android之手摸手教你DIY一个抢红包神器!
- aix 小机运维
- JXL组件生成报告错误(两)
- SQL中锁表语句简单理解(针对于一个表)
- Xcode 7.0 官方免费的真机开发
- pthread小结
- 我的第一个python web开发框架(22)——一个安全小事故
- python入门(五)
- POJ 1328&&2109&&2586
- 深度优先搜索之小z的房子与验证码识别
- VScode常见问题汇总(持续更新)
- Android 时间日期Widget 开发详解
- Android——对话框2(日期和时间对话框)
- Python开发【笔记】: __get__和__getattr__和__getattribute__区别
- oracle9i-11.2安装包及补丁包下载链接
- 命令方式启动安卓模拟器(M9)