溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點(diǎn)擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

Openstack 實(shí)戰(zhàn)講解之-----------03-控制節(jié)點(diǎn)服務(wù)配置

發(fā)布時間:2020-06-28 00:53:05 來源:網(wǎng)絡(luò) 閱讀:3465 作者:kesungang 欄目:數(shù)據(jù)庫

設(shè)置時間同步:

對于openstack來說,時間同步非常重要,所以一定要保證所有服務(wù)的時間一直,下面對世界做同步:

timedatectl list-timezones|grep Shanghai 查看時區(qū)
timedatectl set-timezone Asia/Shanghai  設(shè)置時區(qū)
timedatectl set-local-rtc yes 把 boolean 替換成yes則表示使用本地時間,替換成no則表示是UTC時間
ntpdate time1.aliyun.com 同步時間

啟動數(shù)據(jù)庫服務(wù)

[root@linux-node1 ~]# systemctl enable mariadb.service 設(shè)置開機(jī)自啟動
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@linux-node1 ~]# systemctl start mariadb.service 啟動數(shù)據(jù)庫
[root@linux-node1 ~]# mysql_secure_installation 初始化并設(shè)置密碼
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): 
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
 ... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
 ... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
 ... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

配置rabbitMQ消息隊(duì)列

[root@linux-node1 ~]# systemctl enable rabbitmq-server.service #設(shè)置開機(jī)啟動
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@linux-node1 ~]# systemctl start rabbitmq-server.service #啟動消息隊(duì)列
[root@linux-node1 ~]# rabbitmqctl add_user openstack openstack #給消息隊(duì)列增加openstack用戶和密碼
Creating user "openstack" ...
[root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #給openstack設(shè)置消息隊(duì)列的權(quán)限
Setting permissions for user "openstack" in vhost "/" ...
[root@linux-node1 ~]# rabbitmq-plugins list #查看消息隊(duì)列插件
 Configured: E = explicitly enabled; e = implicitly enabled
 | Status:   * = running on rabbit@linux-node1
 |/
[  ] amqp_client                       3.6.5
[  ] cowboy                            1.0.3
[  ] cowlib                            1.0.1
[  ] mochiweb                          2.13.1
[  ] rabbitmq_amqp1_0                  3.6.5
[  ] rabbitmq_auth_backend_ldap        3.6.5
[  ] rabbitmq_auth_mechanism_ssl       3.6.5
[  ] rabbitmq_consistent_hash_exchange 3.6.5
[  ] rabbitmq_event_exchange           3.6.5
[  ] rabbitmq_federation               3.6.5
[  ] rabbitmq_federation_management    3.6.5
[  ] rabbitmq_jms_topic_exchange       3.6.5
[  ] rabbitmq_management               3.6.5
[  ] rabbitmq_management_agent         3.6.5
[  ] rabbitmq_management_visualiser    3.6.5
[  ] rabbitmq_mqtt                     3.6.5
[  ] rabbitmq_recent_history_exchange  1.2.1
[  ] rabbitmq_sharding                 0.1.0
[  ] rabbitmq_shovel                   3.6.5
[  ] rabbitmq_shovel_management        3.6.5
[  ] rabbitmq_stomp                    3.6.5
[  ] rabbitmq_top                      3.6.5
[  ] rabbitmq_tracing                  3.6.5
[  ] rabbitmq_trust_store              3.6.5
[  ] rabbitmq_web_dispatch             3.6.5
[  ] rabbitmq_web_stomp                3.6.5
[  ] rabbitmq_web_stomp_examples       3.6.5
[  ] sockjs                            0.3.4
[  ] webmachine                        1.10.3
[root@linux-node1 ~]# rabbitmq-plugins enable rabbitmq_management #加載消息隊(duì)列的管理插件
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management
Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
[root@linux-node1 ~]# systemctl restart rabbitmq-server.service #重啟消息隊(duì)列服務(wù)

    消息隊(duì)列服務(wù)驗(yàn)證

[root@linux-node1 ~]# lsof -i :15672
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 6370 rabbitmq   53u  IPv4  37357      0t0  TCP *:15672 (LISTEN)
在瀏覽器中輸入:192.168.56.11:15672,使用guest 賬號和guest密碼登錄

Openstack 實(shí)戰(zhàn)講解之-----------03-控制節(jié)點(diǎn)服務(wù)配置

keystone認(rèn)證服務(wù)


Keystone在N版已經(jīng)是V3版本。在Keystone中主要涉及以下幾個概念:

User:使用服務(wù)的用戶,可以是人,服務(wù)或者系統(tǒng),只要是使用了openstack服務(wù)的對象都可以稱為用戶

project(tenant)租戶,可以理解為一個人,項(xiàng)目或者組織擁有的資源的合集。在一個租戶中可以擁有很多個用戶,這些用戶可以根據(jù)權(quán)限的劃分使用租戶中的資源

Role:角色,用于分配操作的權(quán)限。角色可以被指定給用戶,使得該用戶獲得角色對應(yīng)的操作權(quán)限

Token:認(rèn)證成功后,keystone會生成一串比特值或者字符串,用來作為訪問資源的令牌,token中有可訪問資源的范圍和有效時間

Keystone V3 API 新特性

Keystone V3 做出了許多變化和改進(jìn),我們選取其中較為重要的進(jìn)行闡述:

  • 將 Tenant 改稱為 Project

  • 引入 Domain 的概念

  • 引入 Group 的概念

將 Tenant 改為 Project 并在其上添加 Domain 的概念,這更加符合現(xiàn)實(shí)世界和云服務(wù)的映射。

V3 利用 Domain 實(shí)現(xiàn)真正的多租戶(multi-tenancy)架構(gòu),Domain 擔(dān)任 Project 的高層容器。云服務(wù)的客戶是 Domain 的所有者,他們可以在自己的 Domain 中創(chuàng)建多個 Projects、Users、Groups 和 Roles。通過引入 Domain,云服務(wù)客戶可以對其擁有的多個 Project 進(jìn)行統(tǒng)一管理,而不必再向過去那樣對每一個 Project 進(jìn)行單獨(dú)管理。

Group 是一組 Users 的容器,可以向 Group 中添加用戶,并直接給 Group 分配角色,那么在這個 Group 中的所有用戶就都擁有了 Group 所擁有的角色權(quán)限。通過引入 Group 的概念,Keystone V3 實(shí)現(xiàn)了對用戶組的管理,達(dá)到了同時管理一組用戶權(quán)限的目的。這與 V2 中直接向 User/Project 指定 Role 不同,使得對云服務(wù)進(jìn)行管理更加便捷。

圖 . Domain、Group、Project、User 和 Role 的關(guān)系圖(引用網(wǎng)上)

Openstack 實(shí)戰(zhàn)講解之-----------03-控制節(jié)點(diǎn)服務(wù)配置

創(chuàng)建庫及用戶

在數(shù)據(jù)庫中創(chuàng)建庫和用戶(這里為了方便會把后面用到cinder,glance ,neutron,等服務(wù)的賬號一并創(chuàng)建到數(shù)據(jù)庫中

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';

執(zhí)行過程:

[root@linux-node1 ~]# mysql -uroot -p
Enter password: #用初始化時候設(shè)置的密碼
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE cinder;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| cinder             |
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
9 rows in set (0.00 sec)

keystone配置文件


[root@linux-node1 ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf 
640:connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
1472:servers = 192.168.56.11:11211 # memcache服務(wù)地址
2655:provider = fernet #配置令牌
2665:driver = memcache #選擇driver為memcache默認(rèn)是sql

初始化數(shù)據(jù)庫,memcache配置


su -s /bin/sh -c"keystone-manage db_sync" keystone


驗(yàn)證初始化是否成功:

[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"
+------------------------+
| Tables_in_keystone     |
+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             |
| endpoint               |
| endpoint_group         |
| federated_user         |
| federation_protocol    |
| group                  |
| id_mapping             |
| identity_provider      |
| idp_remote_ids         |
| implied_role           |
| local_user             |
| mapping                |
| migrate_version        |
| nonlocal_user          |
| password               |
| policy                 |
| policy_association     |
| project                |
| project_endpoint       |
| project_endpoint_group |
| region                 |
| request_token          |
| revocation_event       |
| role                   |
| sensitive_config       |
| service                |
| service_provider       |
| token                  |
| trust                  |
| trust_role             |
| user                   |
| user_group_membership  |
| whitelisted_config     |
+------------------------+

安裝memcached

yuminstall memcached python-memcached 
vim/etc/sysconfig/memcached
[root@linux-node1 ~]# cat /etc/sysconfig/memcached 
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.56.11,::1"

通過keystone-manage生成token認(rèn)證必要的信息:

[root@linux-node1 keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[root@linux-node1 keystone]#  keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 
[root@linux-node1 keystone]# keystone-manage bootstrap --bootstrap-password admin \
> --bootstrap-admin-url http://192.168.56.11:35357/v3/ \
> --bootstrap-internal-url http://192.168.56.11:35357/v3/ \
> --bootstrap-public-url http://192.168.56.11:5000/v3/ \
> --bootstrap-region-id RegionOne

配置apache服務(wù)

[root@linux-node1 keystone]# vim/etc/httpd/conf/httpd.conf #編輯配置文件,
95 ServerName 192.168.56.11:80
配置軟連接
[root@linux-node1 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/  
啟動服務(wù):
[root@linux-node1 keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@linux-node1 keystone]# systemctl start httpd.service
[root@linux-node1 keystone]# 
[root@linux-node1 keystone]# lsof -i :80
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   22891   root    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
httpd   22902 apache    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
httpd   22906 apache    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
httpd   22907 apache    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
httpd   22908 apache    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
httpd   22909 apache    4u  IPv6  59157      0t0  TCP *:http (LISTEN)
配置環(huán)境變量:
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
安裝openstack客戶端,如果不安裝是沒有openstack命令的
yum install -y python-openstackclient 
安裝完畢執(zhí)行以下命令驗(yàn)證:
[root@linux-node1 keystone]# openstack user list  #查看用戶列表
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| b84c1614b79b40278e02bd6ed034cc6f | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack role list #查看權(quán)限列表
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 9b0ba78cf70048efa8659220a3cebd06 | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack project list #查看項(xiàng)目列表
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack endpoint list #查看端點(diǎn)列表
+---------------+-----------+--------------+--------------+---------+-----------+------------------+
| ID            | Region    | Service Name | Service Type | Enabled | Interface | URL              |
+---------------+-----------+--------------+--------------+---------+-----------+------------------+
| 65f66a71d4624 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.5 |
| 2a0a80a0de1b6 |           |              |              |         |           | 6.11:35357/v3/   |
| 503929        |           |              |              |         |           |                  |
| 71f801be8bc54 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.5 |
| 7aca380c81b79 |           |              |              |         |           | 6.11:35357/v3/   |
| 6b240a        |           |              |              |         |           |                  |
| b1caff56f31f4 | RegionOne | keystone     | identity     | True    | public    | http://192.168.5 |
| dfabe5a8418c6 |           |              |              |         |           | 6.11:5000/v3/    |
| 5e2839        |           |              |              |         |           |                  |
+---------------+-----------+--------------+--------------+---------+-----------+------------------+

創(chuàng)建項(xiàng)目:

[root@linux-node1 keystone]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 7f240473406147b99463f32b876bf69d |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+

這里生成的結(jié)果除了id和我不一樣,其他的差不多一樣

查看是否創(chuàng)建成功

[root@linux-node1 keystone]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin   |
| 7f240473406147b99463f32b876bf69d | service |
+----------------------------------+---------+

創(chuàng)建demo項(xiàng)目:

[root@linux-node1 keystone]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 9b913d25891849baa55b21d837e9b63d |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+

驗(yàn)證是否創(chuàng)建成功:

[root@linux-node1 keystone]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin   |
| 7f240473406147b99463f32b876bf69d | service |
| 9b913d25891849baa55b21d837e9b63d | demo    |
+----------------------------------+---------+

創(chuàng)建用戶

[root@linux-node1 keystone]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | f0c69bad72b54e0daef92c2295425932 |
| name                | demo                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| b84c1614b79b40278e02bd6ed034cc6f | admin |
| f0c69bad72b54e0daef92c2295425932 | demo  |
+----------------------------------+-------+

創(chuàng)建role權(quán)限:

[root@linux-node1 keystone]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | f53267146a6449b797393f7fc5d23e10 |
| name      | user                             |
+-----------+----------------------------------+
[root@linux-node1 keystone]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 9b0ba78cf70048efa8659220a3cebd06 | admin |
| f53267146a6449b797393f7fc5d23e10 | user  |
+----------------------------------+-------+

把用戶添加到項(xiàng)目中,并賦予權(quán)限

[root@linux-node1 keystone]# openstack role add --project demo --user demo user #把demo用戶加到demo項(xiàng)目中并賦予user權(quán)限
這里我把以后各個服務(wù)用戶賦予不同role規(guī)則:
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 8dc6f28207b64e6d845a444a2ba18205 |
| name                | glance                           |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user glance admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | db596da4ed8f47ab9dc7fa77d3bc8c6c |
| name                | nova                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user nova admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | c0f9c52898ad4d4f88254a01c458eb27 |
| name                | neutron                          |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user neutron admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | e5dbdde24a7340edb8bd3f498f9d28b5 |
| name                | cinder                           |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user cinder admin

驗(yàn)證keystone


    驗(yàn)證用戶:

unset OS_AUTH_URL OS_PASSWORD  取消之前的環(huán)境變量
[root@linux-node1 keystone]# openstack \
> --os-auth-url http://192.168.56.11:35357/v3 \
> --os-project-domain-name default \
> --os-user-domain-name default \
> --os-project-name admin \
> --os-username admin token issue
Password: #輸入密碼后能出現(xiàn)下面內(nèi)容說明用戶沒有問題
+------------+---------------------------------------------------------------------------------------+
| Field      | Value                                                                                 |
+------------+---------------------------------------------------------------------------------------+
| expires    | 2016-12-28 11:05:46+00:00                                                             |
| id         | gAAAAABYY456xFHiZSMnQ7x88FxUJjuu3uO8xRLh_soTSgyf3KzMv0nY3s4wn1diFlJ7d2qjPub0iftlOKUnZ |
|            | z9QYPMUGhfxguZhEHWQtufNQNxZD9r8ekluU0XjCdrdnBU-fs3IM6EmJt3O1Sl-                       |
|            | Nw4G40uh0xatMkxI6bmrG3fRkCrcLga6Cx4                                                   |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4                                                      |
| user_id    | b84c1614b79b40278e02bd6ed034cc6f                                                      |
+------------+---------------------------------------------------------------------------------------

創(chuàng)建環(huán)境變量腳本:

創(chuàng)建admin變量

[root@linux-node1 ~]# cat admin-openstack 
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

創(chuàng)建demo變量

[root@linux-node1 ~]# cat demo-openstack 
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

使環(huán)境變量生效:

soure demo-openstack

Keystone常見錯誤

401  #驗(yàn)證失敗,keystone相關(guān)用戶賬戶密碼設(shè)置錯誤,時間不同步,或者輸入的項(xiàng)目名稱不對
403  #可能未初始化OS_token變量,需要使用source命令使其生效,也可能是配置的配置文件未生效,需要重啟相關(guān)服務(wù)
409  #keystone創(chuàng)建用戶,用戶已存在
500  #服務(wù)器內(nèi)部錯誤,服務(wù)配置有問題,看日志,檢查配置
503  #keystone相關(guān)賬戶密碼設(shè)置有問題,請將相關(guān)的glance賬戶刪除,重新創(chuàng)建即可
服務(wù)故障    #相關(guān)服務(wù)沒有起來




向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI