controller 部署Keystone
官方文档:https://docs.openstack.org/keystone/train/install/
日志存放路径:/var/log/httpd/keystone.log
[root@openstack-controller ~]# mysql -uroot -p
Enter password: # 初始化数据库
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> exit
Bye[root@openstack-controller ~]# yum install -y openstack-keystone httpd mod_wsgi
[root@openstack-controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone123@openstack-compute01.ponfey/keystone
......
[token]
expiration = 3600
provider = fernet
......
[root@openstack-controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone # 初始化数据库
[root@openstack-controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@openstack-controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone # 初始化密钥库
[root@openstack-controller ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://openstack-controller.ponfey:5000/v3/ --bootstrap-internal-url http://openstack-controller.ponfey:5000/v3/ --bootstrap-public-url http://openstack-controller.ponfey:5000/v3/ --bootstrap-region-id RegionOne # 创建身份服务
[root@openstack-controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName openstack-controller.ponfey:80
[root@openstack-controller ~]# systemctl enable httpd && systemctl start httpd 用于验证身份的环境变量:/root/admin.sh
[root@openstack-controller ~]# vim /root/admin.sh
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://openstack-controller.ponfey:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@openstack-controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| c1306d9c2aef45edb19327f6708cf0b2 | admin |
+----------------------------------+-------+
[root@openstack-controller ~]# openstack domain create --description "An Example Domain" example # 创建测试domain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | fd15fb8f071b495e8ea64522359e8014 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@openstack-controller ~]# openstack project create --domain default --description "Service Project" service # 创建service项目
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | c5eb2619aef94cdba5364bfa6c88d0f2 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@openstack-controller ~]#
[root@openstack-controller ~]# openstack domain list # 查看创建的domain
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| fd15fb8f071b495e8ea64522359e8014 | example | True | An Example Domain |
+----------------------------------+---------+---------+--------------------+
[root@openstack-controller ~]# 
.jpg)