部署 Openstack Havana – 2 安装 Keystone
安装 Keystone
废话不说$ sudo apt-get install keystone
安装 Mysql
Keystone 默认使用 sqlite 作为数据库,一般来说都推荐改为 Mysql。我觉得在小压力的内部环境下用 sqlite 其实也无所谓,不过还是随大流改成 Mysql 吧。$ sudo apt-get install python-mysqldb mysql-server
配置 Mysql
把 Mysql 的绑定地址从本机 127.0.0.1 改成 全网 0.0.0.0
手动编辑 /etc/mysql/my.cnf
或者用 sed 直接把 127.0.0.1 替换为 0.0.0.0
$ sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
重启 Mysql 服务
$ sudo service mysql restart
新建 Keystone 数据库
在 Mysql 里创建 Keystone 库,并授权 Keystone 用户访问:$ mysql -uroot -p mysql> CREATE DATABASE keystone; mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]'; mysql> GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]’; mysql> EXIT;
配置 keystone.conf
Keystone 默认使用 sqlite 作为数据库。让它使用 Mysql 数据库需要编辑 /etc/keystone/keystone.conf,把 connection 项改为:connection = mysql://keystone:[YOUR_KEYSTONEDB_PASSWORD]@[YOUR_IP_ADDRESS]/keystone
把 /etc/keystone/keystone.conf 里的下列行的注释符删掉:
admin_token = ADMIN bind_host = 0.0.0.0 public_port = 5000 admin_port = 35357
重启 Keystone 服务
$ sudo service keystone restart
同步 Keystone 表数据到 db 中
$ sudo keystone-manage db_sync
配置环境变量
在 ~/.bashrc 里加入下面两行
export SERVICE_TOKEN=ADMIN export SERVICE_ENDPOINT=http://[YORE_IP_ADDRESS]:35357/v2.0
重新加载 .bashrc
$ . ~/.bashrc
添加 Admin Tenant
注:你的 tenant id, user id, service id, 等等的一些列 id 肯定和我的不一样啊!$ keystone tenant-create --name admin --description "Admin Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | 3e8d46120c4e4233be3cc323d8547743 | | name | admin | +-------------+----------------------------------+
记住这个 tenant id,一会儿有用。
添加 User
用刚才的 tenant id 创建一个用户,用户名密码都是 admin。同样的,user id 我们一会儿也会用到。$ keystone user-create --tenant_id 3e8d46120c4e4233be3cc323d8547743 --name admin --pass admin --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 19ae15e12f1c4c0fb02ee21afe121088 | | name | admin | | tenantId | 3e8d46120c4e4233be3cc323d8547743 | +----------+----------------------------------+
添加 Admin 角色
对,还得记下这个 role id。$ keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | df19766520f94f599163384864eefbef | | name | admin | +----------+----------------------------------+
将 tenant,user,role 关联起来
上面我们创建了一个 tenant, 一个 user 和一个 role,现在我们要用到它们的 id 来把它们关联起来。你的 id 和我的肯定不一样,别照抄!$ keystone user-role-add --user 19ae15e12f1c4c0fb02ee21afe121088 --tenant_id 3e8d46120c4e4233be3cc323d8547743 --role df19766520f94f599163384864eefbef
查收
我们需要用到 curl 命令来检验 tenant,user,role 是不是都能用。
安装 curl (Ubuntu 13.10 已经自带 curl 了,安装可以省略。)
$ sudo apt-get install curl
运行命令:
$ curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://[YORE_IP_ADDRESS]:35357/v2.0/tokens | python -mjson.tool
一切正常的话,结果应该类似于:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1940 100 1841 100 99 5702 306 --:--:-- --:--:-- --:--:-- 5717
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"9fe2ff9ee4384b1894a90878d3e92bab",
"df19766520f94f599163384864eefbef"
]
},
"serviceCatalog": [],
"token": {
"expires": "2013-10-30T23:26:03Z",
"id": "MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQExCTAHBgUrDgMCGjCCAisGCSqGSIb3DQEHAaCCAhwEggIYeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0xMC0yOVQyMzoyNjowMy4xMzgwNzEiLCAiZXhwaXJlcyI6ICIyMDEzLTEwLTMwVDIzOjI2OjAzWiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogIkFkbWluIFRlbmFudCIsICJlbmFibGVkIjogdHJ1ZSwgImlkIjogIjNlOGQ0NjEyMGM0ZTQyMzNiZTNjYzMyM2Q4NTQ3NzQzIiwgIm5hbWUiOiAiYWRtaW4ifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFtdLCAidXNlciI6IHsidXNlcm5hbWUiOiAiYWRtaW4iLCAicm9sZXNfbGlua3MiOiBbXSwgImlkIjogIjE5YWUxNWUxMmYxYzRjMGZiMDJlZTIxYWZlMTIxMDg4IiwgInJvbGVzIjogW3sibmFtZSI6ICJfbWVtYmVyXyJ9LCB7Im5hbWUiOiAiYWRtaW4ifV0sICJuYW1lIjogImFkbWluIn0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbIjlmZTJmZjllZTQzODRiMTg5NGE5MDg3OGQzZTkyYmFiIiwgImRmMTk3NjY1MjBmOTRmNTk5MTYzMzg0ODY0ZWVmYmVmIl19fX0xggGBMIIBfQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEAbP+z-UoMxggvd2ewx0xTef6IU-CAks-tYHAR0ckcIZQcCkYQGYCUp7AIX6BxjABGdyd+EO7U7l+LGz7vv0Qoj8y4YX7IO1teGvUk6yyJhGUdCK59yl89tRPCWQxnyj6N8lQqJj0lpo9fMYpR5pK50IIFOEHzutGFBliKY-EPn6bPu+0r3Fo+MB7Ydyiniz-Us6Mgd6PcU81Ga9H5NSFOLzNL9-Ywv9FBF-bu+7ZCHEJqHG5eWATXxTRVB-SmlBjZfTQHLD6dy5nbZvA+VoUjn+rWTqQribRO11LA-pzw0PctrUK-YAhss2PDxXWYMNgaFXl8vEv6xtrhNUIDvD-zUA==",
"issued_at": "2013-10-29T23:26:03.138071",
"tenant": {
"description": "Admin Tenant",
"enabled": true,
"id": "3e8d46120c4e4233be3cc323d8547743",
"name": "admin"
}
},
"user": {
"id": "19ae15e12f1c4c0fb02ee21afe121088",
"name": "admin",
"roles": [
{
"name": "_member_"
},
{
"name": "admin"
}
],
"roles_links": [],
"username": "admin"
}
}
}
因为我们还没有建立任何的服务,所以 serviceCatalog 目前还是空的。
没有评论:
发表评论