In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
Keustone authentication component is the default authentication management system in openstack project. All services need keystone authentication and corresponding permissions are assigned according to the level of users.
So we now configure the authentication service keystone of the latest version of openstack.
Prerequisite preparation: Centos7.3, 163yum source, openstack-o source, DNS, time synchronization, database, rabbitmq, memcache
Create a database
Create database keystone
Give permissions to database users (give a local user permission, a remote login right)
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY' 111'
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY' 111'
View the database
Install openstack client software and keystone related software
Yum install python-openstackclient openstack-keystone httpd mod_wsgi-y
If you report an error, you do not have a source for configuring openstack.
We need to configure the source of openstack (for reference only)
After the source is successfully configured
[root@wang02 ~] # yum clean all
[root@wang02 ~] # yum makecache
Next we configure keystone, and the configuration file is in / etc/keystone/keystone.conf
Back up the configuration file:
[[root@wang02] # cp / etc/keystone/keystone.conf / etc/keystone/keystone.conf.ds.bak
Configure keystone
[root@wang02 ~] # cat / etc/keystone/keystone.conf.ds.bak | grep-v ^ # | uniq > / etc/keystone/keystone.conf
[root@wang02 ~] # sed-I'/ ^\ [database\] $/ a\ connection = mysql+pymysql://keystone:111@wang01/keystone' / etc/keystone/keystone.conf
[root@wang02 ~] # sed-I'/ ^\ [token\] $/ a\ provider = fernet' / etc/keystone/keystone.conf
Synchronize database
[root@wang02] # su-s / bin/sh-c "keystone-manage db_sync" keystone
Note: the O version will have 38 tables.
Initialize fernet keys
[root@wang02] # keystone-manage fernet_setup-- keystone-user keystone--keystone-group keystone
Create three api endpoints that access the entity
[root@wang02 ~] # keystone-manage bootstrap--bootstrap-password ADMIN_PASS\
>-- bootstrap-admin-url http://wang02:35357/v3/\
>-- bootstrap-internal-url http://wang02:5000/v3/\
>-- bootstrap-public-url http://wang02:5000/v3/\
>-- bootstrap-region-id RegionOne
Configure the apache service
[root@wang02 ~] # vi / etc/httpd/conf/httpd.conf
[root@wang02] # ln-s / usr/share/keystone/wsgi-keystone.conf / etc/httpd/conf.d/
Create environment variabl
[root@wang02 ~] # export OS_USERNAME=admin
[root@wang02 ~] # export OS_PASSWORD=ADMIN_PASS
[root@wang02 ~] # export OS_PROJECT_NAME=admin
[root@wang02 ~] # export OS_USER_DOMAIN_NAME=Default
[root@wang02 ~] # export OS_PROJECT_DOMAIN_NAME=Default
[root@wang02 ~] # export OS_IDENTITY_API_VERSION=3
[root@wang02 ~] # export OS_AUTH_URL= http://wang02:35357/v3
Create a domain
[root@wang02 ~] # openstack project create-- domain default\
>-- description "Service Project" service
Create a demo project
[root@wang02 ~] # openstack project create-- domain default\
>-- description "Demo Project" demo
Create a demo user
[root@wang02] # openstack user create-- domain default-- password DEMO_PASS demo
Create a demo role
[root@wang02 ~] # openstack role create user
Add the demo role to demo users in the demo project
[root@wang02] # openstack role add-- project demo-- user demo user
Edit / etc/keystone/keystone-paste.ini
In [pipeline:public_api], [pipeline:admin_api] and and [pipeline:api_v3]
Remove: admin_token_auth
Cancel the environment variable you just set
Unset OS_AUTH_URL OS_PASSWORD
Verify the action:
[root@wang02 ~] # openstack-- os-auth-url http://wang02:35357/v3\
>-os-project-domain-name default-os-user-domain-name default\
>-os-project-name admin-os-username admin token issue
Password:
The password is ADMIN_PASS
So far, the keystone has been built successfully.
In order to enter environment variables every time, we create a script
[root@wang02 ~] # vi admin-openrc
Export OS_PROJECT_DOMAIN_NAME=Default
Export OS_USER_DOMAIN_NAME=Default
Export OS_PROJECT_NAME=admin
Export OS_USERNAME=admin
Export OS_PASSWORD=ADMIN_PASS
Export OS_AUTH_URL= http://wang02:35357/v3
Export OS_IDENTITY_API_VERSION=3
Export OS_IMAGE_API_VERSION=2
Verify the script:
[root@wang02] #. Admin-openrc
[root@wang02 ~] # openstack token issue
Our keystone has been built up here. If there are problems or mistakes in the construction process, we can raise them and we can make progress together.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
