使用数据库访问客户端作为root用户连接到数据库服务器:
$ mysql -u root -p创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;允许正确访问keystone数据库:
- keystone的用户密码为
xxxxxxx
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'xxxxxxx';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'xxxxxxx';退出数据库访问客户端。
安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y如果遇到以下报错
Error: Package: python2-qpid-proton-0.26.0-2.el7.x86_64 (centos-openstack-train)
Requires: qpid-proton-c(x86-64) = 0.26.0-2.el7
Available: qpid-proton-c-0.14.0-2.el7.x86_64 (extras)
qpid-proton-c(x86-64) = 0.14.0-2.el7
Available: qpid-proton-c-0.26.0-2.el7.x86_64 (centos-openstack-train)
qpid-proton-c(x86-64) = 0.26.0-2.el7
Installing: qpid-proton-c-0.36.0-1.el7.x86_64 (epel)
qpid-proton-c(x86-64) = 0.36.0-1.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest则解决办法为:
yum -y install python2-qpid-proton-0.26.0-2.el7.x86_64然后在继续上面的命令;
修改配置文件
- 数据库密码:
xxxxxxx
vim /etc/keystone/keystone.conf
……
[database]
connection = mysql+pymysql://keystone:xxxxxxx@controller/keystone
……
[token]
provider = fernet
……导入keystone数据库表结构
su -s /bin/sh -c "keystone-manage db_sync" keystone初始化Fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone引导认证服务
- 管理密码为
xxxxxxx
keystone-manage bootstrap --bootstrap-password xxxxxxx \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne配置apache服务
vim /etc/httpd/conf/httpd.conf
# 添加
ServerName controller
#创建软链
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#开机自启和启动httpd
systemctl enable httpd.service
systemctl start httpd.service配置管理员环境变量信息
export OS_USERNAME=admin
export OS_PASSWORD=xxxxxxx
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3创建相关域、项目、用户和角色
- 创建名为example的域
openstack domain create --description "An Example Domain" example- 创建名为service的项目
openstack project create --domain default \
--description "Service Project" service- 创建myproject项目
openstack project create --domain default \
--description "Demo Project" myproject创建myuser用户:
- 账密为:myuser:xxxxxxx
openstack user create --domain default \
--password-prompt myuser- 创建myrole角色:
openstack role create myrole- 将myrole角色添加到myproject项目和myuser用户中
openstack role add --project myproject --user myuser myrole验证操作
- 取消设置临时OS_AUTH_URL和OS_PASSWORD环境变量:
unset OS_AUTH_URL OS_PASSWORD为admin用户,请求身份验证令牌
- 此时用admin的密码:xxxxxxx
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue为上一节中创建的myuser用户,请求身份验证令牌
- 此时用myrole的密码:xxxxxxx
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue创建OpenStack客户端环境脚本
- 创建和编辑admin-openrc文件,并添加以下内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxxxxx
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2- 创建和编辑demo-openrc文件,并添加以下内容
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=xxxxxxx
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2- 验证脚本
# 加载环境变量
. admin-openrc
# 身份验证
openstack token issue
# 加载环境变量
. demo-openrc
# 身份验证
openstack token issue