Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Install keystone for openstack-o version

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

Keustone authentication component is the default authentication management system in openstack project. All services need keystone authentication and corresponding permissions are assigned according to the level of users.

So we now configure the authentication service keystone of the latest version of openstack.

Prerequisite preparation: Centos7.3, 163yum source, openstack-o source, DNS, time synchronization, database, rabbitmq, memcache

Create a database

Create database keystone

Give permissions to database users (give a local user permission, a remote login right)

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY' 111'

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY' 111'

View the database

Install openstack client software and keystone related software

Yum install python-openstackclient openstack-keystone httpd mod_wsgi-y

If you report an error, you do not have a source for configuring openstack.

We need to configure the source of openstack (for reference only)

After the source is successfully configured

[root@wang02 ~] # yum clean all

[root@wang02 ~] # yum makecache

Next we configure keystone, and the configuration file is in / etc/keystone/keystone.conf

Back up the configuration file:

[[root@wang02] # cp / etc/keystone/keystone.conf / etc/keystone/keystone.conf.ds.bak

Configure keystone

[root@wang02 ~] # cat / etc/keystone/keystone.conf.ds.bak | grep-v ^ # | uniq > / etc/keystone/keystone.conf

[root@wang02 ~] # sed-I'/ ^\ [database\] $/ a\ connection = mysql+pymysql://keystone:111@wang01/keystone' / etc/keystone/keystone.conf

[root@wang02 ~] # sed-I'/ ^\ [token\] $/ a\ provider = fernet' / etc/keystone/keystone.conf

Synchronize database

[root@wang02] # su-s / bin/sh-c "keystone-manage db_sync" keystone

Note: the O version will have 38 tables.

Initialize fernet keys

[root@wang02] # keystone-manage fernet_setup-- keystone-user keystone--keystone-group keystone

Create three api endpoints that access the entity

[root@wang02 ~] # keystone-manage bootstrap--bootstrap-password ADMIN_PASS\

>-- bootstrap-admin-url http://wang02:35357/v3/\

>-- bootstrap-internal-url http://wang02:5000/v3/\

>-- bootstrap-public-url http://wang02:5000/v3/\

>-- bootstrap-region-id RegionOne

Configure the apache service

[root@wang02 ~] # vi / etc/httpd/conf/httpd.conf

[root@wang02] # ln-s / usr/share/keystone/wsgi-keystone.conf / etc/httpd/conf.d/

Create environment variabl

[root@wang02 ~] # export OS_USERNAME=admin

[root@wang02 ~] # export OS_PASSWORD=ADMIN_PASS

[root@wang02 ~] # export OS_PROJECT_NAME=admin

[root@wang02 ~] # export OS_USER_DOMAIN_NAME=Default

[root@wang02 ~] # export OS_PROJECT_DOMAIN_NAME=Default

[root@wang02 ~] # export OS_IDENTITY_API_VERSION=3

[root@wang02 ~] # export OS_AUTH_URL= http://wang02:35357/v3

Create a domain

[root@wang02 ~] # openstack project create-- domain default\

>-- description "Service Project" service

Create a demo project

[root@wang02 ~] # openstack project create-- domain default\

>-- description "Demo Project" demo

Create a demo user

[root@wang02] # openstack user create-- domain default-- password DEMO_PASS demo

Create a demo role

[root@wang02 ~] # openstack role create user

Add the demo role to demo users in the demo project

[root@wang02] # openstack role add-- project demo-- user demo user

Edit / etc/keystone/keystone-paste.ini

In [pipeline:public_api], [pipeline:admin_api] and and [pipeline:api_v3]

Remove: admin_token_auth

Cancel the environment variable you just set

Unset OS_AUTH_URL OS_PASSWORD

Verify the action:

[root@wang02 ~] # openstack-- os-auth-url http://wang02:35357/v3\

>-os-project-domain-name default-os-user-domain-name default\

>-os-project-name admin-os-username admin token issue

Password:

The password is ADMIN_PASS

So far, the keystone has been built successfully.

In order to enter environment variables every time, we create a script

[root@wang02 ~] # vi admin-openrc

Export OS_PROJECT_DOMAIN_NAME=Default

Export OS_USER_DOMAIN_NAME=Default

Export OS_PROJECT_NAME=admin

Export OS_USERNAME=admin

Export OS_PASSWORD=ADMIN_PASS

Export OS_AUTH_URL= http://wang02:35357/v3

Export OS_IDENTITY_API_VERSION=3

Export OS_IMAGE_API_VERSION=2

Verify the script:

[root@wang02] #. Admin-openrc

[root@wang02 ~] # openstack token issue

Our keystone has been built up here. If there are problems or mistakes in the construction process, we can raise them and we can make progress together.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report