（2）KeyStone

1. 安装keystone

# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

2. Memcache配置

设置Memcache开启启动并启动Memcached

[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[memcache]
servers = 192.168.8.11:11211
[token]
2655# provider = fernet
2665# driver = memcache
[root@linux-node1 ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.8.11,::1"
[root@linux-node1 ~]# systemctl enable memcached.service
[root@linux-node1 ~]# systemctl start memcached.service

3. Keystone配置

1）配置KeyStone数据库

[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[database]
640# connection = mysql+pymysql://keystone:keystone@192.168.8.11/keystone

2）.同步数据库：

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.8.11 -ukeystone -pkeystone -e " use keystone;show tables;"

3）初始化fernet keys

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
在etc/keystone/创建fernet-keys目录，生成它相关的key，验证的时候生成token用的
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

4）初始化keystone

[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \
 --bootstrap-admin-url http://192.168.8.11:35357/v3/ \
 --bootstrap-internal-url http://192.168.8.11:35357/v3/ \
 --bootstrap-public-url http://192.168.8.11:5000/v3/ \
 --bootstrap-region-id RegionOne

# mysql -h 192.168.8.11 -ukeystone -pkeystone -e "use keystone;select * from endpoint\G;"

5）.验证Keystone配置

[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.8.11/keystone
servers = 192.168.8.11:11211 
provider = fernet
driver = memcache

4. Apache配置

编辑 httpd [root@linux-node1 ~]# vim /etc/httpd/conf/httpd.conf

ServerName 192.168.8.11:80
软连接配置文件
[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# less /etc/httpd/conf.d/wsgi-keystone.conf
# less /usr/bin/keystone-wsgi-admin

启动keystone，并查看端口。

[root@linux-node1 ~]# systemctl enable httpd.service
[root@linux-node1 ~]# systemctl start httpd.service

设置环境变量来连接keystone

# openstack user list
Missing value auth-url required for auth plugin password

#
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.8.11:35357/v3
export OS_IDENTITY_API_VERSION=3

# openstack user list
# openstack endpoint list

5.  创建域、项目、用户和角色

5.1 创建项目和demo用户

#
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password demo demo
openstack role create user
创建一个user的角色
#
openstack role add --project demo --user demo user
把demo用户加入到demo项目并赋予user的角色

5.2 创建Service项目

openstack project create --domain default --description "Service Project" service

创建glance用户

openstack user create --domain default --password glance glance
openstack role add --project service --user glance admin

创建nova用户

openstack user create --domain default --password nova nova
openstack role add --project service --user nova admin

创建Neutron用户

openstack user create --domain default --password neutron neutron
openstack role add --project service --user neutron admin

创建cinder用户

openstack user create --domain default --password cinder cinder
openstack role add --project service --user cinder admin

# openstack project list 
查看项目
# openstack user list
查看用户
# openstack role list
查看角色

5.3 验证Keystone

[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.8.11:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
…
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.8.11:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:

token： 拿用户名密码验证通过，返回的

6. 创建环境变量脚本

[root@linux-node1 ~]# vim /root/admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.8.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@linux-node1 ~]# vim /root/demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.8.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# openstack token issue
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack token issue

转载请注明来源，谢谢：Linux备忘录 » （2）KeyStone