openstack学习笔记六 多节点部署之keystone
keystone 对用户进行验证,每个组件必须得实用一个用户向keystone进行注册,只有成功了,那么这个组件才能正常工作。所以当我们在创建其他组件的时候,也包括keystone本身,都得为这个组件创建一个用户名和密码
keystone也必须知道这些组件到底在什么地方,比如在那台主机上。
User | 住宾馆的人 |
Credentials | 开启房间的钥匙 |
Authentication | 宾馆为了拒绝不必要的人进出宾馆,专门设置的机制,只有拥有钥匙的人才能进出 |
Token | 也是一种钥匙,有点特别 |
Tenant | 宾馆 |
Service | 宾馆可以提供的服务类别,比如,饮食类,娱乐类 |
Endpoint | 具体的一种服务,比如吃烧烤,打羽毛球 |
Role | VIP 等级,VIP越高,享有越高的权限 |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@h1 ~] # source keystonerc_admin
[root@h1 ~(keystone_admin)] # keystone endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| 03bf88d48e2648149242a571684fbfce | RegionOne | http: //192 .168.1.201:9696 | http: //192 .168.1.201:9696 | http: //192 .168.1.201:9696 | 1100243c5a694bc5857218dd0543297b |
| 1b5ccdf306484fefadc63d1eeb20de5d | RegionOne | http: //127 .0.0.1:8774 /v3 | http: //127 .0.0.1:8774 /v3 | http: //127 .0.0.1:8774 /v3 | 4bda82ded4db46f68428d4e00247c14c |
| 2408bc6cb5164053b86c0983fd39961a | RegionOne | http: //192 .168.1.201:8080 /v1/AUTH_ %(tenant_id)s | http: //192 .168.1.201:8080 /v1/AUTH_ %(tenant_id)s | http: //192 .168.1.201:8080 | 30c62c3c0797462a8bd4ff059a71296e |
| 432e655e85614a5eb69b7de5c5aacf34 | RegionOne | http: //192 .168.1.201:8776 /v2/ %(tenant_id)s | http: //192 .168.1.201:8776 /v2/ %(tenant_id)s | http: //192 .168.1.201:8776 /v2/ %(tenant_id)s | 5d60cb24769e403cb10bb70cb1077f2b |
| 4d5c1e505b30467c9966a5e5e93feef0 | RegionOne | http: //192 .168.1.201:9292 | http: //192 .168.1.201:9292 | http: //192 .168.1.201:9292 | 87d30bb0dd8e44ccba00127f77831e9e |
| 8683d84884d74e7c8a73513260aec774 | RegionOne | http: //192 .168.1.201:8080 | http: //192 .168.1.201:8080 | http: //192 .168.1.201:8080 | e6ced100d94e4f3b86cccfc82e12b83a |
| 8fa0e177bac746f79e229f16954506fb | RegionOne | http: //192 .168.1.201:8776 /v1/ %(tenant_id)s | http: //192 .168.1.201:8776 /v1/ %(tenant_id)s | http: //192 .168.1.201:8776 /v1/ %(tenant_id)s | dc75a046272548db99e1cbbe93c2025c |
| 9006207b29a04700922ee55905a7f445 | RegionOne | http: //192 .168.1.201:8774 /v2/ %(tenant_id)s | http: //192 .168.1.201:8774 /v2/ %(tenant_id)s | http: //192 .168.1.201:8774 /v2/ %(tenant_id)s | 1c9e6e4d00824327bfe4e8e7175317e1 |
| a9ec253a705c4b3c9848b5bed32e9768 | RegionOne | http: //192 .168.1.201:8773 /services/Cloud | http: //192 .168.1.201:8773 /services/Cloud | http: //192 .168.1.201:8773 /services/Admin | 81bbcf83509a42e9a867914cde84e9d4 |
| bcab3bbc3281451494428315b24b0dba | RegionOne | http: //192 .168.1.201:8777 | http: //192 .168.1.201:8777 | http: //192 .168.1.201:8777 | 8f54fc4364de49efbeb72020bf2aa176 |
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne | http: //192 .168.1.201:5000 /v2 .0 | http: //192 .168.1.201:5000 /v2 .0 | http: //192 .168.1.201:35357 /v2 .0 | 02ce8247c5924913a73422bcf5275c40 |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@h1 ~(keystone_admin)] # keystone service-list 服务
+----------------------------------+------------+--------------+--------------------------------+
| id | name | type | description |
+----------------------------------+------------+--------------+--------------------------------+
| 8f54fc4364de49efbeb72020bf2aa176 | ceilometer | metering | Openstack Metering Service |
| dc75a046272548db99e1cbbe93c2025c | cinder | volume | Cinder Service |
| 5d60cb24769e403cb10bb70cb1077f2b | cinderv2 | volumev2 | Cinder Service v2 |
| 87d30bb0dd8e44ccba00127f77831e9e | glance | image | OpenStack Image Service |
| 02ce8247c5924913a73422bcf5275c40 | keystone | identity | OpenStack Identity Service |
| 1100243c5a694bc5857218dd0543297b | neutron | network | Neutron Networking Service |
| 1c9e6e4d00824327bfe4e8e7175317e1 | nova | compute | Openstack Compute Service |
| 81bbcf83509a42e9a867914cde84e9d4 | nova_ec2 | ec2 | EC2 Service |
| 4bda82ded4db46f68428d4e00247c14c | novav3 | computev3 | Openstack Compute Service v3 |
| 30c62c3c0797462a8bd4ff059a71296e | swift | object-store | Openstack Object-Store Service |
| e6ced100d94e4f3b86cccfc82e12b83a | swift_s3 | s3 | Openstack S3 Service |
+----------------------------------+------------+--------------+--------------------------------+
|
1
2
3
4
5
6
7
8
9
|
[root@h1 ~(keystone_admin)] # keystone role-list 角色
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 7455105a501842e097e7825257eb5be4 | ResellerAdmin |
| 5d2a5d2f80d442e09b9c3d514ded412e | SwiftOperator |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 794f590d02344bafb280f37ff29433ae | admin |
+----------------------------------+---------------+
|
1
2
3
4
5
6
7
8
|
[root@h1 ~(keystone_admin)] # keystone role-create --name test1
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 467d36315d9c4e529e9400c606f8d7a2 |
| name | test1 |
+----------+----------------------------------+
[root@h1 ~(keystone_admin)] # keystone role-delete test1
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@h1 ~(keystone_admin)] # keystone user-list 用户
+----------------------------------+------------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+------------+---------+----------------------+
| 1627cc3d61c04f9db9608e9703a01371 | admin | True | root@localhost |
| 04247710cdf34914a7f5b315ab166731 | ceilometer | True | ceilometer@localhost |
| cb5e12e30a4a4c1dae57255c184b8b30 | cinder | True | cinder@localhost |
| 632fb20205ea4c40988d7d65b2844ff6 | glance | True | glance@localhost |
| 23c4fb48a5a247d68e50c6b74fb6f035 | http | True | |
| 80069f5c8edc454b8038e7f116df4ff5 | neutron | True | neutron@localhost |
| adbcaaf58d09495988b57be8e82b4e6b | nova | True | nova@localhost |
| 4f488ff4859e4973afefea6e7872ed83 | swift | True | swift@localhost |
+----------------------------------+------------+---------+----------------------+
[root@h1 ~(keystone_admin)] # keystone user-create --name hequan --pass hequan --email hequan2011@sina.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | hequan2011@sina.com |
| enabled | True |
| id | 9d12907283b64b02a80f1e98074a9c84 |
| name | hequan |
| username | hequan |
+----------+----------------------------------+
|
1
2
3
4
|
[root@h1 ~(keystone_admin)] # keystone user-get hequan ##查看信息
[root@h1 ~(keystone_admin)] # keystone user-delete hequan
[root@h1 ~(keystone_admin)] # keystone user-password-update --pass hequan1 hequan ##密码更新
[root@h1 ~(keystone_admin)] # keystone user-role-add --user hequan --role _member_ --tenant=http #划分角色和租户
|
1
2
3
4
5
6
7
8
|
[root@h1 ~(keystone_admin)] # keystone tenant-list 租户
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 43986fb013804aa0a04ca277e4d0e69c | admin | True |
| 1af10fa8077e4b52b3427786bb15e968 | http | True |
| 842da711a1b740ddbf006a9f0a7ee116 | services | True | ##内置服务默认都属于services
+----------------------------------+----------+---------+
|
1
2
3
4
5
6
7
8
9
10
|
[root@h1 ~(keystone_admin)] # keystone tenant-create --name 123 ###创建租户123
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | c2a2e3aadf614bb08b1fc943157b668e |
| name | 123 |
+-------------+----------------------------------+
[root@h1 ~(keystone_admin)] # keystone tenant-delete 123
|
配置安装keystone
首先创建数据库
使用token登陆keystone
创建服务 endpoint
创建用户
关闭token登陆,使用admin登陆
基本环境
1
2
3
4
5
6
7
|
192.168.1.204 h4.hequan.com h4 ## keystone
systemctl stop NetworkManager
systemctl disable NetworkManager
[root@h4 ~] # yum install centos-release-openstack-liberty
|
1
2
3
4
5
6
7
8
9
|
[root@h4 ~] # yum install openstack-keystone openstack-utils openstack-selinux -y
[root@h4 ~] # openstack-db --init --service keystone --rootpw 123456 --password keystone
keystone default DB is not mysql. Would you like to reset to mysql now? (y /n ): y
mysql-server is not installed. Would you like to install it now? (y /n ): y
mysqld is not running. Would you like to start it now? (y /n ): y
Verified connectivity to MySQL.
Creating 'keystone' database.
Initializing the keystone database, please wait...
Complete!
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@h4 ~] # mysql -uroot -p123456
MariaDB [(none)]> show databases;
[root@h4 keystone] # openssl rand -hex 10
73fa731f6fa567630fdd
[root@h4 keystone] # pwd
/etc/keystone
[root@h4 keystone] # vim keystone.conf
admin_token = 73fa731f6fa567630fdd
rabbit_host = localhost
rabbit_port = 5672
rabbit_hosts = $rabbit_host:$rabbit_port
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /
connection = mysql: //keystone :keystone@192.168.1.204 /keystone ###用到上面写的用户名和密码
|
启动服务
1
2
3
4
5
6
|
[root@h4 keystone] # systemctl list-unit-files | grep keyston
openstack-keystone.service disabled
[root@h4 keystone] # systemctl start openstack-keystone.service
[root@h4 keystone] # systemctl enable openstack-keystone.service
|
现在没有用户,只有token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
cat keystone_token ##创建文件
export SERVICE_TOKEN=73fa731f6fa567630fdd
export SERVICE_ENDPOINT=http: //192 .168.1.204:35357/ v2.0
export PS1= '[\u@\h \W(keystone_token)]\$ '
source keystone_token
ps aux | grep keystone
keystone 3343 1.5 1.6 321844 68704 ? Ss 20:10 0:05 /usr/bin/python2 /usr/bin/keystone-all
netstat -lntup | grep 35357
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN 3343 /python2
keystone service-list
[root@h4 ~] # keystone service-create --name keystone --type identity --description="keystone"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | keystone |
| enabled | True |
| id | e0c6163cb7dd42098225f13a3fa4220e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@h4 ~] # keystone endpoint-create --service-id e0c6163cb7dd42098225f13a3fa4220e --publicurl '' --internalurl '' --adminurl ''
可以找一个模板去抄
[root@h1 ~(keystone_admin)] # keystone endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne | http: //192 .168.1.201:5000 /v2 .0 | http: //192 .168.1.201:5000 /v2 .0 | http: //192 .168.1.201:35357 /v2 .0 | 02ce8247c5924913a73422bcf5275c40 |
[root@h1 ~(keystone_admin)] # keystone service-list
| 02ce8247c5924913a73422bcf5275c40 | keystone | identity | OpenStack Identity Service |
[root@h4 ~] # keystone endpoint-create --service-id e0c6163cb7dd42098225f13a3fa4220e --publicurl 'http://192.168.1.201:5000/v2.0' --internalurl '' --adminurl '' --publicurl 'http://192.168.1.204:5000/v2.0' --internalurl 'http://192.168.1.204:5000/v2.0' --adminurl 'http://192.168.1.204:35357/v2.0'
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http: //192 .168.1.204:35357 /v2 .0 |
| id | 810e5faef22f44aebd17f55d1808e3c5 |
| internalurl | http: //192 .168.1.204:5000 /v2 .0 |
| publicurl | http: //192 .168.1.204:5000 /v2 .0 |
| region | regionOne |
| service_id | e0c6163cb7dd42098225f13a3fa4220e |
+-------------+----------------------------------+
|
创建管理员
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@h4 ~] # keystone tenant-create --name admin
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 3a331dd90062458b8fcc259ce84be0e5 |
| name | admin |
+-------------+----------------------------------+
[root@h4 ~] # keystone role-create --name admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | c63ed09a433144108a23a592632e2e08 |
| name | admin |
+----------+----------------------------------+
[root@h4 ~] # keystone user-create --name admin --pass 123456
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 172b6a61991e4fbeafe9039688eb2afc |
| name | admin |
| username | admin |
+----------+----------------------------------+
[root@h4 ~] # keystone user-role-add --user admin --tenant admin --role admin
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@h4 ~] # cp keystone_token keystone_token_admin
[root@h4 ~(keystone_admin)] # cat keystone_token_admin
unset SERVICE_TOKEN
unset SERVICE_ENDPOINT
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http: //192 .168.1.204:35357 /v2 .0
export PS1= '[\u@\h \W(keystone_admin)]\$ '
[root@h4 ~(keystone_admin)] # keystone user-list ##可以看到就表示成功了
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 172b6a61991e4fbeafe9039688eb2afc | admin | True | |
+----------------------------------+-------+---------+-------+
|
关闭token验证
1
2
|
12 #admin_token = 73fa731f6fa567630fdd
13
|
至此安装完成。
openstack学习笔记六 多节点部署之keystone相关推荐
- openstack学习笔记五 多节点部署之 rabbitmq信息中枢与元数据
元数据 rabbitmq信息中枢 rabbitmq信息中枢 所有组件通信的时候 实用 AMQP 高级消息队列 qpid rabbitmq 端口5672 sll加密 5671 1 2 ...
- ROS学习笔记六:理解ROS服务和参数
ROS学习笔记六:理解ROS服务和参数 主要介绍ROS服务和参数,同时使用命令行工具rosservice和rosparam. ROS service service是节点之间互相通信的另一种方式,se ...
- JS学习笔记六:js中的DOM操作
1. JS学习笔记六:js中的DOM操作 文章目录 1. JS学习笔记六:js中的DOM操作 1.1. 获取Dom节点 1.2. 元素属性的操作方式 1.3. DOM节点的创建.插入和删除 1.4. ...
- 【K210】K210学习笔记六——MaixHub在线模型训练识别数字
[K210]K210学习笔记六--MaixHub在线模型训练识别数字 前言 K210准备工作 数据的获取 MaixHub如何在线训练模型 训练模型在K210上的测试 小结 前言 本人大四学生,电赛生涯 ...
- flink1.12.0学习笔记第1篇-部署与入门
flink1.12.0学习笔记第 1 篇-部署与入门 flink1.12.0学习笔记第1篇-部署与入门 flink1.12.0学习笔记第2篇-流批一体API flink1.12.0学习笔记第3篇-高级 ...
- libevent学习笔记六:libevent核心事件event
libevent学习笔记六:libevent核心事件event 前面对reactor模式.事件处理流程.libevent源代码结构等有了高层的认识后,接下来将详细介绍libevent的核心结构even ...
- Ethernet/IP 学习笔记六
Ethernet/IP 学习笔记六 EtherNet/IP defines two primary types of communications: explicit and implicit (Ta ...
- Tomcat学习笔记02【Tomcat部署项目】
Java后端 学习路线 笔记汇总表[黑马程序员] Tomcat学习笔记01[Web相关概念.Tomcat基本操作][day01] Tomcat学习笔记02[Tomcat部署项目][day01] 目录 ...
- 吴恩达《机器学习》学习笔记六——过拟合与正则化
吴恩达<机器学习>学习笔记六--过拟合与正则化 一. 过拟合问题 1.线性回归过拟合问题 2.逻辑回归过拟合问题 3.过拟合的解决 二. 正则化后的代价函数 1.正则化思想 2.实际使用的 ...
最新文章
- 阿里达摩院刷新纪录,开放域问答成绩比肩人类水平,超微软、Facebook
- php中命名空间重要吗,关于php:PHP中命名空间是怎样的存在一
- Jz2440 环境安装
- 安卓开源项目周报0215
- 模拟inode号耗尽、EXT和XFS类型文件恢复(详细图解)
- jsp需要多少java基础_Java基础——JSP(一)
- mysql书写规则_每天10分钟带你学会MySQL(二)SQL语句的基本书写规则
- Java笔记-模拟QQ三方登录(单点登录2.0)
- c# mvvm模式获取当前窗口_对Vue中的MVVM原理解析和实现
- Thinking in Java 14.3.3递归计数
- java试题及答案下载_java练习题与答案百度云下载.doc
- pdo mysql 函数_PDO函数属性详解
- 解决IOS下window.open页面打不开问题
- 【整理贴】企业网站系统大全,拿好不谢
- 公众号商城怎么做_分享超市小程序商城开发制作介绍
- C语言,库函数中qsort的用法,及解释
- python爬虫用urllib还是reques_Python爬虫之urllib.request库
- 什么会影响网站网页的打开速度
- 旋转矩阵、变换矩阵,李群(Lie Group)、李代数(Lie Algebra)及扰动模型
- 第一篇:0到9的数字游戏的介绍与性质
热门文章
- NLP-文本处理:词形归一(Lemma)【英文】【把各种类型的词的变形都归为一个形式】【went->go;are->be】
- XXX is not defined.eslint no-undef
- 前端开发者应该知道的 Centos/Dokcer/Nginx/Node/Jenkins 操作( 长文)
- 易企秀怎么转换成html5,易企秀怎么免费制作h5?
- 软件测试面试题银行,资讯详情-金融测试面试题-柠檬班-自动化测试-软件测试培训-自学官网...
- NPOI导出Excel 65536限制
- 1.ISIS基本理论
- 四面楚歌,商汤科技该如何在AI领域破局
- 安卓开发常用词汇总结
- EEPROM,NAND,NOR,QSPI FLASH的区别