centos开机自动挂载(不关机(挂起)或每次做前恢复快照可不做)
lsblk -f /dev/sr0
vi /etc/fstab
/dev/sr0 /opt/centos iso9660 defaults 0 0
keystone只需要安装到controller上
安装相关组件
yum install -y openstack-keystone httpd mod_wsgi
#keystone mysql
把$DB_PASS和 $KEYSTONE_DBPASS改成密码(000000)
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS keystone;"
进行赋权本地登录权限
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS';"
赋权允许远程登录权限
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS';"
#/etc/keystone/keystone.conf
初始化
$KEYSTONE_DBPASS 000000 $HOST_NAME controller
将keystone连接到数据库 @$HOST_NAME-->controller
crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:$KEYSTONE_DBPASS@$HOST_NAME/keystone
令牌方式登录
crudini --set /etc/keystone/keystone.conf token provider fernet
对数据库进行初始化
su -s /bin/sh -c "keystone-manage db_sync" keystone
查看有没有生效
mysql -uroot -p000000
use keystone;
show tables;
exit;
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
允许通过管理员,内部,公共登录($HOST_NAME-->controller $ADMIN_PASS-->000000)
keystone-manage bootstrap --bootstrap-password $ADMIN_PASS --bootstrap-admin-url http://$HOST_NAME:5000/v3/ --bootstrap-internal-url http://$HOST_NAME:5000/v3/ --bootstrap-public-url http://$HOST_NAME:5000/v3/ --bootstrap-region-id RegionOne
查看有没有生效
mysql -u keystone -p
USE keystone;
SELECT * FROM endpoint;
#HTTP
$HOST_NAME-->controller
sed -i "s/#ServerName www.example.com:80/ServerName $HOST_NAME/g" /etc/httpd/conf/httpd.conf
文件连接起来
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
开机自启+重启
systemctl enable httpd && systemctl restart httpd
#keystone user role project domain
导入相关变量(重启会失效)$ADMIN_PASS-->000000 $HOST_NAME-->controller
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3$DOMAIN_NAME改成demo $DEMO_PASS改成000000
yum -y insatll python-openstackclient
openstack domain create --description "Default Domain" demo
查看domain列表
openstack domain list
登录不了说明读取不了变量通过不了验证
创建租户
openstack project create --domain $DOMAIN_NAME --description "Admin Project" myadmin
openstack project list
openstack user create --domain $DOMAIN_NAME --password $DEMO_PASS myadmin
openstack user list
添加用户租户和角色之间的关联关系
openstack role add --project myadmin --user myadmin admin
openstack role list
openstack role assignment list
表的形式:admin myadmin myadmin
用另外身份登录校验能否登录
export OS_USERNAME=myadmin
export OS_PASSWORD=$ADMIN_PASS
export OS_PROJECT_NAME=myadmin
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3openstack user list
删除admin把myadmin改成admin
openstack project delete admin
openstack project set --name admin --domain $DOMAIN_NAME --description "Admin Project" --enable myadmin
export OS_PROJECT_NAME=admin
openstack user delete admin
openstack user set --name admin --domain demo --project admin --project-domain $DOMAIN_NAME --password $ADMIN_PASS --enable myadmin
export OS_USERNAME=admin
