OpenStack基础学习及keystone服务配置
1、openstack基础学习
OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合做研发并发起的,以Apache许可证受权的自由软件和开放源代码项目。 OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工做。OpenStack支持几乎全部类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack经过各类互补的服务提供了基础设施即服务(IaaS)的解决方案,每一个服务提供API以进行集成。
2、环境准备
一、虚拟机准备
IP地址 主机名 操做系统 192.168.56.11 linux-node1 CentOS7 192.168.56.12 linux-node2 CentOS7
其中,linux-node1看成控制节点node
linux-node2看成计算节点python
二、基础软件包安装
基础软件包须要安装在全部的OpenStack节点上进行安装,包括控制节点和计算节点mysql
(1)安装EPEL仓库
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
(2)安装OpenStack仓库
yum install -y centos-release-openstack-mitaka
安装完成后,会在/etc/yum.repos.d目录下生成一个CentOS-OpenStack-mitaka.repo [root@linux-node1 yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-OpenStack-mitaka.repo CentOS-Vault.repo CentOS-Ceph-Hammer.repo CentOS-fasttrack.repo CentOS-QEMU-EV.repo epel.repo CentOS-CR.repo CentOS-Media.repo CentOS-Sources.repo epel-testing.repo [root@linux-node1 yum.repos.d]#
(3)安装OpenStack客户端
yum install -y python-openstackclient
(4)安装Openstack SELinux管理包
yum install -y openstack-selinux
三、MySQL数据库部署
除了Horizon,OpenStack其余组件都须要链接数据库。linux
(1)安装数据库
[root@linux-node1 ~]# yum install -y mariadb mariadb-server python2-PyMySQL
查看mariadb的配置文件,能够看到配置目录为/etc/my.cnf.dweb
[root@linux-node1 ~]# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # include all files from the config directory !includedir /etc/my.cnf.d
(2)建立openstack.cnf配置文件
建立并编辑 /etc/my.cnf.d/openstack.cnf,而后完成以下动做:sql
#设置 bind-address值为控制节点的管理网络IP地址以使得其它节点能够经过管理网络访问数据库; [mysqld] bind-address = 192.168.56.11 default-storage-engine = innodb #默认存储引擎 innodb_file_per_table #独享表空间 max_connections = 4096 #最大链接数 collation-server = utf8_general_ci #数据库字符集 character-set-server = utf8 #数据库安装时指定的字符集
(3)启动数据库
启动数据库服务,并将其配置为开机自启:数据库
systemctl enable mariadb.service systemctl start mariadb.service
为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别须要说明的是,为数据库的root用户设置一个适当的密码。apache
[root@linux-node1 my.cnf.d]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@linux-node1 my.cnf.d]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.56.11:3306 0.0.0.0:* LISTEN 2764/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1324/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2479/master tcp6 0 0 :::22 :::* LISTEN 1324/sshd tcp6 0 0 ::1:25 :::*
(4)建立数据库并受权
一次性建立完所须要的数据库,在实际生产中,能够写个脚本一键执行。vim
MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'localhost' identified by 'glance'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'%' identified by 'glance'; MariaDB [(none)]> create database nova; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database nova_api; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'%' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec)
四、消息代理RabbitMQ
(1)安装RabbitMQ
除了Horizon和KeyStone,其余组件都须要链接RabbitMQcentos
OpenStack 使用 message queue 协调操做和各服务的状态信息。消息队列服务通常运行在控制节点上。
[root@linux-node1 ~]# yum install -y rabbitmq-server
用到RabbitMQ最多的是Nova,Nova会启动不少服务,服务之间的通讯也是经过消息队列进行通讯的。
(2)启动消息队列服务并将其配置为开机自动启动
[root@linux-node1 src]# systemctl enable rabbitmq-server [root@linux-node1 src]# systemctl start rabbitmq-server
rabbitmq监听端口是5672
(3)添加openstack用户
[root@linux-node1 src]# rabbitmqctl add_user openstack openstack Creating user "openstack" ...
(4)给openstack用户配置读写权限
[root@linux-node1 src]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
(5)打开rabbitmq管理插件
rabbitmq提供不少插件
[root@linux-node1 src]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@linux-node1 |/ [ ] amqp_client 3.6.5 [ ] cowboy 1.0.3 [ ] cowlib 1.0.1 [ ] mochiweb 2.13.1 [ ] rabbitmq_amqp1_0 3.6.5 [ ] rabbitmq_auth_backend_ldap 3.6.5 [ ] rabbitmq_auth_mechanism_ssl 3.6.5 [ ] rabbitmq_consistent_hash_exchange 3.6.5 [ ] rabbitmq_event_exchange 3.6.5 [ ] rabbitmq_federation 3.6.5 [ ] rabbitmq_federation_management 3.6.5 [ ] rabbitmq_jms_topic_exchange 3.6.5 [ ] rabbitmq_management 3.6.5 [ ] rabbitmq_management_agent 3.6.5 [ ] rabbitmq_management_visualiser 3.6.5 [ ] rabbitmq_mqtt 3.6.5 [ ] rabbitmq_recent_history_exchange 1.2.1 [ ] rabbitmq_sharding 0.1.0 [ ] rabbitmq_shovel 3.6.5 [ ] rabbitmq_shovel_management 3.6.5 [ ] rabbitmq_stomp 3.6.5 [ ] rabbitmq_top 3.6.5 [ ] rabbitmq_tracing 3.6.5 [ ] rabbitmq_trust_store 3.6.5 [ ] rabbitmq_web_dispatch 3.6.5 [ ] rabbitmq_web_stomp 3.6.5 [ ] rabbitmq_web_stomp_examples 3.6.5 [ ] sockjs 0.3.4 [ ] webmachine 1.10.3
打开management插件,就能够经过web界面管理rebbitmq
[root@linux-node1 src]# rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
rabbitmq-management启动后会监听15672端口
访问http://192.168.56.11:15672,用户名和密码都是guest,进去后就能够进行管理了
五、网络时间协议(NTP)
在生产环境中,全部的OpenStack节点的时间必须一致。
因此必须安装ntp进行时间同步。
yum -y install ntp systemctl enable ntpd systemctl start ntpd
六、OpenStack服务安装
(2)Glance部署
[root@linux-node1 ~]# yum install -y openstack-glance
(3)Nova控制节点安装
在控制节点linux-node1上安装除nova-compute以外的其余必备的服务
[root@linux-node1 ~]# yum install -y openstack-nova-api openstack-nova-cert \ openstack-nova-conductor openstack-nova-console \ openstack-nova-novncproxy openstack-nova-scheduler
(4)Nova计算节点安装
在计算节点linux-node2上安装
[root@linux-node2 ~]# yum install -y openstack-nova-compute sysfsutils
(5)Neutron控制节点部署
Neutron控制节点部署在linux-node1
[root@linux-node1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
(6)Neutron在计算节点中的部署
Neutron在计算节点中的部署 linux-node2
[root@linux-node2 ~]# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables
3、OpenStack验证服务keystone
一、安装keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached #使用带有mod_wsgi的Apache HTTP服务器来服务认证服务请求,端口为5000和35357。缺省状况下,Kestone服务仍然监听这些端口 #memcached缓存,memcached能够设置key的超时时间,到时能够自动清理 #python-memcached python链接memcached的模块
二、编辑文件keystone.conf 并完成配置
使用openssl生成一个token,用于定义初始管理令牌的值
[root@linux-node1 ~]# openssl rand -hex 10 fb373c742a49db0bd7af
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf [DEFAULT] admin_token = fb373c742a49db0bd7af [database] connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone [token] provider = fernet driver = memcache [memcache] servers = 192.168.56.11:11211
三、初始化身份认证服务的数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
验证数据库的初始化
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;" +------------------------+ | Tables_in_keystone | +------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | domain | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | whitelisted_config | +------------------------+
四、初始化Fernet keys
初始化key,建立证书
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
在keystone的目录下存放key
[root@linux-node1 fernet-keys]# pwd /etc/keystone/fernet-keys [root@linux-node1 fernet-keys]# ls 0 1
五、启动memcache
[root@linux-node1 ~]# systemctl enable memcached Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [root@linux-node1 ~]# systemctl start memcached
查看memcached的配置文件
[root@linux-node1 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS=""
六、配置 Apache HTTP 服务器
(1)编辑httpd.conf文件
编辑/etc/httpd/conf/httpd.conf文件,配置ServerName选项为控制节点:
ServerName 192.168.56.11:80
(2)建立keystone配置文件
建立/etc/httpd/conf.d/wsgi-keystone.conf并写入以下内容:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
三、启动apache
启动apache并设置开机自动启动
systemctl enable httpd.service systemctl start httpd.service
七、建立域、项目、用户和角色
使用OS_TOKEN建立
OSTOKEN为刚才写入keystone.conf配置文件中的ADMINTOKEN
[root@linux-node1 ~]# export OS_TOKEN=fb373c742a49db0bd7af [root@linux-node1 ~]# export OS_URL=http://192.168.56.11:35357/v3 #35357是keystone的admin端口 [root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
(1)建立域default
身份认证服务为每一个OpenStack服务提供认证服务。
[root@linux-node1 ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | d113572e8fe84cec9a3b1fded9104df2 | | name | default | +-------------+----------------------------------+
(2)为进行管理操做,建立管理的项目、用户和角色:
建立admin项目
[root@linux-node1 ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 53f72af1420a4d098d48f2c82d7e9ec7 | | is_domain | False | | name | admin | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
建立admin用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 9b37ce41341347f68e8d84849ac62365 | | name | admin | +-----------+----------------------------------+
建立admin的角色
[root@linux-node1 ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 1f97f158bc6b4e638b1414000ae77f03 | | name | admin | +-----------+----------------------------------+
添加admin角色到admin项目和用户上:
[root@linux-node1 ~]# openstack role add --project admin --user admin admin
(3)建立demo项目和用户
常规任务应该使用无特权的项目和用户。这里建立demo项目和用户
建立demo项目
[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 81e76ab533b14b448b1c6394bc5e4d86 | | is_domain | False | | name | demo | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
建立demo用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 6762a6adffd140b1906bbe69dbf42518 | | name | demo | +-----------+----------------------------------+
建立user角色
[root@linux-node1 ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 118d541af78d4424bd5f106a6b725920 | | name | user | +-----------+----------------------------------+
添加user角色到demo项目和组
[root@linux-node1 ~]# openstack role add --project demo --user demo user
(4)建立service项目
各个服务须要访问keystone,访问keystone须要作认证,须要建立用户,用户属于某个项目;每一个服务包含独有用户的service项目
[root@linux-node1 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | e219752e19c34656898ed443fa63d6f0 | | is_domain | False | | name | service | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
每一个用户都须要用户名和密码来链接keystone,所以在这里一次性建立所须要的用户
建立glance用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 492126a5ad204a6896335843429e1a62 | | name | glance | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user glance admin #把glance添加到service项目并授予admin角色
建立nova用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | b80c0e958b1b46dda783d892fa8e5004 | | name | nova | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user nova admin
建立neutron用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 937c94f2d2554dc190d24d95bdd403f3 | | name | neutron | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user neutron admin
八、建立服务实体和API端点
在Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定环境中可用的服务。
(1)建立服务实体
[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | f7b1c26dfb904b989dcfe3395fe713d2 | | name | keystone | | type | identity | +-------------+----------------------------------+
(2)建立身份认证服务
OpenStack使用三个API endpoint变种表明每种服务:admin,internal和public
建立认证服务的endpoint:
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity public http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a951006c07004a43988e96e4abbf8508 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7ef6020325e540ad9bc945f8d2662fec | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://192.168.56.11:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 72766f8216a247aaa2a9b8b3653773d8 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:35357/v3 | +--------------+----------------------------------+
九、验证keystone可否进行权限管理
使用上面建立的admin用户和密码,去链接keystone,看可否获取token
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name admin --os-username admin token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:47:54.303027Z | | id | gAAAAABYEdtboSYe9F0Njoa2kRZCy2cNbqOpaDmvluRTaCdDmkQWWmRRrxO19lMGO0UZbdxXEf8kDmEpUSrRCTRX | | | ajdKkDQDtolJK2y5azPe5SzphyHC7APdlRKhMfe6ce9eESv5O0g1VjzLJAQibc_i9R98sLN3QANonY0H1urx- | | | gppQBC0RXU | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
能够获取到值,说明keystone安装配置成功,keystone能够干活了。从结果中咱们还能够看到token的失效时间。
测试demo用户
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name demo --os-username demo token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:50:37.112377Z | | id | gAAAAABYEdv-iLmz3HgAsFppyQH_YBAuB-1jzDMZ1gf51omg6LLchrxf3R2gaGTHEXRQH3XLYEL- | | | EokfLGqd6zAmlGH-8S7x40DZtcpDp4vxDGfhBlL3RgUl_CHCJ8EA1lcIr8_xxIF96V4UjluHErzPcXVP83q6QTq7 | | | RGZIgPZX323YVf4j6j4 | | project_id | 81e76ab533b14b448b1c6394bc5e4d86 | | user_id | 6762a6adffd140b1906bbe69dbf42518 | +------------+------------------------------------------------------------------------------------------
九、建立OpenStack客户端环境脚本
为了提升客户端客户端操做的效率,OpenStack支持简单的客户端环境变量脚本即OpenRC文件。
建立脚本
[root@linux-node1 ~]# cat admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.56.11:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
执行脚本后,请求认证token
[root@linux-node1 ~]# openstack token issue +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:57:19.242157Z | | id | gAAAAABYEd2PEZRtxO9VKvl-DISZFfhsbYIufeOhB7GwN5j-Gva_sGpkkert4RkkKl-xRqbDnX5DCGtOEOrzGyiY | | | mDMUYzslUgtMT3edHeAdl97vrra6F_XVZ5GXRGIENC66HPNIvfmTnCBcELD8gfSgWwTsHkeuXhuZM7Cjo_Xhpt9b | | | LxvAG9g | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
建立demo环境变量脚本
[root@linux-node1 ~]# cat demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
相关文章
- 1. OpenStack Keystone架构一:Keystone基础
- 2. ##3.Keystone 验证服务--openstack
- 3. OpenStack----keystone 认证服务
- 4. OpenStack 认证服务 KeyStone [二]
- 5. openstack学习-KeyStone安装(二)
- 6. OpenStack基础学习
- 7. FTP服务基础及安全配置
- 8. OpenStack之keystone(身份认证服务)
- 9. openstack认证服务Keystone 介绍(二)
- 10. Openstack Queens 环境搭建(三)Keystone服务
- 更多相关文章...
- • Hibernate事务的配置 - Hibernate教程
- • Spring Bean的配置及常用属性 - Spring教程
- • Kotlin学习(二)基本类型
- • Kotlin学习(一)基本语法
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 升级Gradle后报错Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地环境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中关键字前后几行的内容
- 5. XXE萌新进阶全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通过agent监控winserve12
- 8. IT行业UI前景、潜力如何?
- 9. Mac Swig 3.0.12 安装
- 10. Windows上FreeRDP-WebConnect是一个开源HTML5代理,它提供对使用RDP的任何Windows服务器和工作站的Web访问
欢迎关注本站公众号,获取更多信息
相关文章