OpenStack基础学习及keystone服务配置-创新互联
一、openstack基础学习
OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目。 OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供API以进行集成。
二、环境准备
1、虚拟机准备
IP地址 主机名 操作系统 192.168.56.11 linux-node1 CentOS7 192.168.56.12 linux-node2 CentOS7
其中,linux-node1当作控制节点
创新互联建站长期为上千客户提供的网站建设服务,团队从业经验10年,关注不同地域、不同群体,并针对不同对象提供差异化的产品和服务;打造开放共赢平台,与合作伙伴共同营造健康的互联网生态环境。为和平企业提供专业的成都做网站、网站建设,和平网站改版等技术服务。拥有十年丰富建站经验和众多成功案例,为您定制开发。linux-node2当作计算节点
2、基础软件包安装
基础软件包需要安装在所有的OpenStack节点上进行安装,包括控制节点和计算节点
(1)安装EPEL仓库
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
(2)安装OpenStack仓库
yum install -y centos-release-openstack-mitaka
安装完成后,会在/etc/yum.repos.d目录下生成一个CentOS-OpenStack-mitaka.repo [root@linux-node1 yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-OpenStack-mitaka.repo CentOS-Vault.repo CentOS-Ceph-Hammer.repo CentOS-fasttrack.repo CentOS-QEMU-EV.repo epel.repo CentOS-CR.repo CentOS-Media.repo CentOS-Sources.repo epel-testing.repo [root@linux-node1 yum.repos.d]#
(3)安装OpenStack客户端
yum install -y python-openstackclient
(4)安装Openstack SELinux管理包
yum install -y openstack-selinux
3、MySQL数据库部署
除了Horizon,OpenStack其他组件都需要连接数据库。
(1)安装数据库
[root@linux-node1 ~]# yum install -y mariadb mariadb-server python2-PyMySQL
查看mariadb的配置文件,可以看到配置目录为/etc/my.cnf.d
[root@linux-node1 ~]# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # include all files from the config directory !includedir /etc/my.cnf.d
(2)创建openstack.cnf配置文件
创建并编辑 /etc/my.cnf.d/openstack.cnf,然后完成如下动作:
#设置 bind-address值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库; [mysqld] bind-address = 192.168.56.11 default-storage-engine = innodb #默认存储引擎 innodb_file_per_table #独享表空间 max_connections = 4096 #大连接数 collation-server = utf8_general_ci #数据库字符集 character-set-server = utf8 #数据库安装时指定的字符集
(3)启动数据库
启动数据库服务,并将其配置为开机自启:
systemctl enable mariadb.service systemctl start mariadb.service
为了保证数据库服务的安全性,运行mysql_secure_installation
脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。
[root@linux-node1 my.cnf.d]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@linux-node1 my.cnf.d]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.56.11:3306 0.0.0.0:* LISTEN 2764/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1324/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2479/master tcp6 0 0 :::22 :::* LISTEN 1324/sshd tcp6 0 0 ::1:25 :::*
(4)创建数据库并授权
一次性创建完所需要的数据库,在实际生产中,可以写个脚本一键执行。
MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'localhost' identified by 'glance'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to 'glance'@'%' identified by 'glance'; MariaDB [(none)]> create database nova; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database nova_api; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on neutron.* to 'neutron'@'%' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec)
4、消息代理RabbitMQ
(1)安装RabbitMQ
除了Horizon和KeyStone,其他组件都需要连接RabbitMQ
OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上。
[root@linux-node1 ~]# yum install -y rabbitmq-server
用到RabbitMQ最多的是Nova,Nova会启动很多服务,服务之间的通信也是通过消息队列进行通信的。
(2)启动消息队列服务并将其配置为开机自动启动
[root@linux-node1 src]# systemctl enable rabbitmq-server [root@linux-node1 src]# systemctl start rabbitmq-server
rabbitmq监听端口是5672
(3)添加openstack用户
[root@linux-node1 src]# rabbitmqctl add_user openstack openstack Creating user "openstack" ...
(4)给openstack用户配置读写权限
[root@linux-node1 src]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
(5)打开rabbitmq管理插件
rabbitmq提供很多插件
[root@linux-node1 src]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@linux-node1 |/ [ ] amqp_client 3.6.5 [ ] cowboy 1.0.3 [ ] cowlib 1.0.1 [ ] mochiweb 2.13.1 [ ] rabbitmq_amqp1_0 3.6.5 [ ] rabbitmq_auth_backend_ldap 3.6.5 [ ] rabbitmq_auth_mechanism_ssl 3.6.5 [ ] rabbitmq_consistent_hash_exchange 3.6.5 [ ] rabbitmq_event_exchange 3.6.5 [ ] rabbitmq_federation 3.6.5 [ ] rabbitmq_federation_management 3.6.5 [ ] rabbitmq_jms_topic_exchange 3.6.5 [ ] rabbitmq_management 3.6.5 [ ] rabbitmq_management_agent 3.6.5 [ ] rabbitmq_management_visualiser 3.6.5 [ ] rabbitmq_mqtt 3.6.5 [ ] rabbitmq_recent_history_exchange 1.2.1 [ ] rabbitmq_sharding 0.1.0 [ ] rabbitmq_shovel 3.6.5 [ ] rabbitmq_shovel_management 3.6.5 [ ] rabbitmq_stomp 3.6.5 [ ] rabbitmq_top 3.6.5 [ ] rabbitmq_tracing 3.6.5 [ ] rabbitmq_trust_store 3.6.5 [ ] rabbitmq_web_dispatch 3.6.5 [ ] rabbitmq_web_stomp 3.6.5 [ ] rabbitmq_web_stomp_examples 3.6.5 [ ] sockjs 0.3.4 [ ] webmachine 1.10.3
打开management插件,就可以通过web界面管理rebbitmq
[root@linux-node1 src]# rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
rabbitmq-management启动后会监听15672端口
访问http://192.168.56.11:15672,用户名和密码都是guest,进去后就可以进行管理了
5、网络时间协议(NTP)
在生产环境中,所有的OpenStack节点的时间必须一致。
所以必须安装ntp进行时间同步。
yum -y install ntp systemctl enable ntpd systemctl start ntpd
6、OpenStack服务安装
(2)Glance部署
[root@linux-node1 ~]# yum install -y openstack-glance
(3)Nova控制节点安装
在控制节点linux-node1上安装除nova-compute之外的其他必备的服务
[root@linux-node1 ~]# yum install -y openstack-nova-api openstack-nova-cert \ openstack-nova-conductor openstack-nova-console \ openstack-nova-novncproxy openstack-nova-scheduler
(4)Nova计算节点安装
在计算节点linux-node2上安装
[root@linux-node2 ~]# yum install -y openstack-nova-compute sysfsutils
(5)Neutron控制节点部署
Neutron控制节点部署在linux-node1
[root@linux-node1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
(6)Neutron在计算节点中的部署
Neutron在计算节点中的部署 linux-node2
[root@linux-node2 ~]# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables
三、OpenStack验证服务keystone
1、安装keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached #使用带有mod_wsgi的Apache HTTP服务器来服务认证服务请求,端口为5000和35357。缺省情况下,Kestone服务仍然监听这些端口 #memcached缓存,memcached可以设置key的超时时间,到时可以自动清理 #python-memcached python连接memcached的模块
2、编辑文件keystone.conf 并完成配置
使用openssl生成一个token,用于定义初始管理令牌的值
[root@linux-node1 ~]# openssl rand -hex 10 fb373c742a49db0bd7af
[root@linux-node1 ~]# vim /etc/keystone/keystone.conf [DEFAULT] admin_token = fb373c742a49db0bd7af [database] connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone [token] provider = fernet driver = memcache [memcache] servers = 192.168.56.11:11211
3、初始化身份认证服务的数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
验证数据库的初始化
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;" +------------------------+ | Tables_in_keystone | +------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | domain | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | whitelisted_config | +------------------------+
4、初始化Fernet keys
初始化key,创建证书
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
在keystone的目录下存放key
[root@linux-node1 fernet-keys]# pwd /etc/keystone/fernet-keys [root@linux-node1 fernet-keys]# ls 0 1
5、启动memcache
[root@linux-node1 ~]# systemctl enable memcached Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [root@linux-node1 ~]# systemctl start memcached
查看memcached的配置文件
[root@linux-node1 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS=""
6、配置 Apache HTTP 服务器
(1)编辑httpd.conf文件
编辑/etc/httpd/conf/httpd.conf文件,配置ServerName选项为控制节点:
ServerName 192.168.56.11:80
(2)创建keystone配置文件
创建/etc/httpd/conf.d/wsgi-keystone.conf并写入如下内容:
Listen 5000 Listen 35357WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted
3、启动apache
启动apache并设置开机自动启动
systemctl enable httpd.service systemctl start httpd.service
7、创建域、项目、用户和角色
使用OS_TOKEN创建
OSTOKEN为刚才写入keystone.conf配置文件中的ADMINTOKEN
[root@linux-node1 ~]# export OS_TOKEN=fb373c742a49db0bd7af [root@linux-node1 ~]# export OS_URL=http://192.168.56.11:35357/v3 #35357是keystone的admin端口 [root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
(1)创建域default
身份认证服务为每个OpenStack服务提供认证服务。
[root@linux-node1 ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | d113572e8fe84cec9a3b1fded9104df2 | | name | default | +-------------+----------------------------------+
(2)为进行管理操作,创建管理的项目、用户和角色:
创建admin项目
[root@linux-node1 ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 53f72af1420a4d098d48f2c82d7e9ec7 | | is_domain | False | | name | admin | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
创建admin用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 9b37ce41341347f68e8d84849ac62365 | | name | admin | +-----------+----------------------------------+
创建admin的角色
[root@linux-node1 ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 1f97f158bc6b4e638b1414000ae77f03 | | name | admin | +-----------+----------------------------------+
添加admin角色到admin项目和用户上:
[root@linux-node1 ~]# openstack role add --project admin --user admin admin
(3)创建demo项目和用户
常规任务应该使用无特权的项目和用户。这里创建demo项目和用户
创建demo项目
[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 81e76ab533b14b448b1c6394bc5e4d86 | | is_domain | False | | name | demo | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
创建demo用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 6762a6adffd140b1906bbe69dbf42518 | | name | demo | +-----------+----------------------------------+
创建user角色
[root@linux-node1 ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 118d541af78d4424bd5f106a6b725920 | | name | user | +-----------+----------------------------------+
添加user角色到demo项目和组
[root@linux-node1 ~]# openstack role add --project demo --user demo user
(4)创建service项目
各个服务需要访问keystone,访问keystone需要做认证,需要创建用户,用户属于某个项目;每个服务包含独有用户的service项目
[root@linux-node1 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | e219752e19c34656898ed443fa63d6f0 | | is_domain | False | | name | service | | parent_id | d113572e8fe84cec9a3b1fded9104df2 | +-------------+----------------------------------+
每个用户都需要用户名和密码来连接keystone,因此在这里一次性创建所需要的用户
创建glance用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 492126a5ad204a6896335843429e1a62 | | name | glance | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user glance admin #把glance添加到service项目并授予admin角色
创建nova用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | b80c0e958b1b46dda783d892fa8e5004 | | name | nova | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user nova admin
创建neutron用户
[root@linux-node1 ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d113572e8fe84cec9a3b1fded9104df2 | | enabled | True | | id | 937c94f2d2554dc190d24d95bdd403f3 | | name | neutron | +-----------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user neutron admin
8、创建服务实体和API端点
在Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定环境中可用的服务。
(1)创建服务实体
[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | f7b1c26dfb904b989dcfe3395fe713d2 | | name | keystone | | type | identity | +-------------+----------------------------------+
(2)创建身份认证服务
OpenStack使用三个API endpoint变种代表每种服务:admin,internal和public
创建认证服务的endpoint:
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity public http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a951006c07004a43988e96e4abbf8508 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://192.168.56.11:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7ef6020325e540ad9bc945f8d2662fec | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:5000/v3 | +--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://192.168.56.11:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 72766f8216a247aaa2a9b8b3653773d8 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f7b1c26dfb904b989dcfe3395fe713d2 | | service_name | keystone | | service_type | identity | | url | http://192.168.56.11:35357/v3 | +--------------+----------------------------------+
9、验证keystone能否进行权限管理
使用上面创建的admin用户和密码,去连接keystone,看能否获取token
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name admin --os-username admin token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:47:54.303027Z | | id | gAAAAABYEdtboSYe9F0Njoa2kRZCy2cNbqOpaDmvluRTaCdDmkQWWmRRrxO19lMGO0UZbdxXEf8kDmEpUSrRCTRX | | | ajdKkDQDtolJK2y5azPe5SzphyHC7APdlRKhMfe6ce9eESv5O0g1VjzLJAQibc_i9R98sLN3QANonY0H1urx- | | | gppQBC0RXU | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
可以获取到值,说明keystone安装配置成功,keystone可以干活了。从结果中我们还可以看到token的失效时间。
测试demo用户
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name demo --os-username demo token issue Password: +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:50:37.112377Z | | id | gAAAAABYEdv-iLmz3HgAsFppyQH_YBAuB-1jzDMZ1gf51omg6LLchrxf3R2gaGTHEXRQH3XLYEL- | | | EokfLGqd6zAmlGH-8S7x40DZtcpDp4vxDGfhBlL3RgUl_CHCJ8EA1lcIr8_xxIF96V4UjluHErzPcXVP83q6QTq7 | | | RGZIgPZX323YVf4j6j4 | | project_id | 81e76ab533b14b448b1c6394bc5e4d86 | | user_id | 6762a6adffd140b1906bbe69dbf42518 | +------------+------------------------------------------------------------------------------------------
9、创建OpenStack客户端环境脚本
为了提高客户端客户端操作的效率,OpenStack支持简单的客户端环境变量脚本即OpenRC文件。
创建脚本
[root@linux-node1 ~]# cat admin-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.56.11:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
执行脚本后,请求认证token
[root@linux-node1 ~]# openstack token issue +------------+------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------+ | expires | 2016-10-27T11:57:19.242157Z | | id | gAAAAABYEd2PEZRtxO9VKvl-DISZFfhsbYIufeOhB7GwN5j-Gva_sGpkkert4RkkKl-xRqbDnX5DCGtOEOrzGyiY | | | mDMUYzslUgtMT3edHeAdl97vrra6F_XVZ5GXRGIENC66HPNIvfmTnCBcELD8gfSgWwTsHkeuXhuZM7Cjo_Xhpt9b | | | LxvAG9g | | project_id | 53f72af1420a4d098d48f2c82d7e9ec7 | | user_id | 9b37ce41341347f68e8d84849ac62365 | +------------+------------------------------------------------------------------------------------------
创建demo环境变量脚本
[root@linux-node1 ~]# cat demo-openstack.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
文章标题:OpenStack基础学习及keystone服务配置-创新互联
标题URL:http://scjbc.cn/article/ceojph.html