安装Openstack时keystone的配置

作者：聪VS霞_539 | 来源：互联网 | 2014-05-27 20:14

(controller)keystone的工作细节：1.创建tenantopenstackDemo$keystone--token558ec87e86aa43b11798--endpointhttp://10.10.4.47:35357/v2.0tenant-create--nameopenstackDemo--des

(controller)keystone的工作细节：

1.创建tenant openstackDemo
$ keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 tenant-create --name openstackDemo --description "Default Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Default Tenant |
| enabled | True |
| id | ac0da7079c8d4bc2b95009175b21fa66 |
| name | openstackDemo |
+-------------+----------------------------------+

2.创建用户admin
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-create --tenant-id ac0da7079c8d4bc2b95009175b21fa66 --name admin --pass keystoneadmin
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | |
| enabled | True |
| id | 264de00cea3348cda1b968f31b369e92 |
| name | admin |
| password | $6$rounds=40000$cjEp2NZMf67VgeML$qognuEx/idO5meuCN0VQZfD4t9skm9K25ymF8XWt.4UYaFteJZHQQCUpd6oLYswHdliTKNJT9NNysbT8ozTlm. |
| tenantId | ac0da7079c8d4bc2b95009175b21fa66 |
+----------+-------------------------------------------------------------------------------------------------------------------------+

3.创建role,admin和member
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 role-create --name admin
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 role-create --name Member
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 role-list
+----------------------------------+--------+
| id | name |
+----------------------------------+--------+
| 13253694d6704b19bbcbdc96877d9262 | Member |
| 25f36f99603c4c95888e71793365826e | admin |
+----------------------------------+--------+

4.在租户openStackDemo中，将角色admin赋予用户admin。user-role-add
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-role-add --user-id 264de00cea3348cda1b968f31b369e92 --tenant-id ac0da7079c8d4bc2b95009175b21fa66 --role-id 25f36f99603c4c95888e71793365826e
这个命令没有任何输出。
通过以上四步，keystone的基本使用方法明了了。

------------------------------------------------------分割线---------------------------------------------------------------------------------------------------------

现在为几个组建创建租户、用户、角色。
一、Glance
1.创建租户service
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 tenant-create --name service --description "Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | a295e1962f124d2992beacbec452d9c4 |
| name | service |
+-------------+----------------------------------+

2.在租户service中创建用户glance
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-create --tenant-id a295e1962f124d2992beacbec452d9c4 --name glance --pass glance
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | |
| enabled | True |
| id | b6edb3ec9e2e49d39f3a01d4f8981772 |
| name | glance |
| password | $6$rounds=40000$5lWn2BruhOqK/O.6$JBpB8DGl8IMEDjbdp9YEGid5r4I96g/qkimZ1zGjNkE8EJJZL7JQBV2A4tLRa/wDBAWXiTCl.RtO/G2RJJtUR. |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+----------+-------------------------------------------------------------------------------------------------------------------------+

3.在租户service中，将角色admin赋予用户glance。
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-role-add --user-id b6edb3ec9e2e49d39f3a01d4f8981772 --tenant-id a295e1962f124d2992beacbec452d9c4 --role-id 25f36f99603c4c95888e71793365826e

二、Nova
1.在租户service中创建用户nova
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-create --tenant-id a295e1962f124d2992beacbec452d9c4 --name nova --pass nova
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | |
| enabled | True |
| id | d746324fe1aa436087e87e92b38ed2d8 |
| name | nova |
| password | $6$rounds=40000$.xbXsBlZ3cgkRJe6$j8d.p/6GstU3S5RCbSt5iEBIgXeK9QArjDiIyCW5.j/uZoB2hG3YbKspf0uSfV2UKvvhg/04WgOFGLorZiv7p0 |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+----------+-------------------------------------------------------------------------------------------------------------------------+

2.在租户service中，将角色admin赋予用户nova。
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-role-add --user-id d746324fe1aa436087e87e92b38ed2d8 --tenant-id a295e1962f124d2992beacbec452d9c4 --role-id 25f36f99603c4c95888e71793365826e

三、EC2 Service
1.在租户service中创建用户ec2
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-create --tenant-id a295e1962f124d2992beacbec452d9c4 --name ec2 --pass ec2
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | |
| enabled | True |
| id | e88417ed8c394d73a52f7709a113bb9a |
| name | ec2 |
| password | $6$rounds=40000$ki7fxWVrFhEeQclE$BPelQcPtikG4x/yQg26QtnWA4Z1A.Bj7VwALxjMUotPf5syivhj7IgqCuIExZRsNniopKjfGSt.yXgCkIesWc/ |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+----------+-------------------------------------------------------------------------------------------------------------------------+

2.在租户service中，将角色admin赋予用户ec2
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-role-add --user-id e88417ed8c394d73a52f7709a113bb9a --tenant-id a295e1962f124d2992beacbec452d9c4 --role-id 25f36f99603c4c95888e71793365826e

四、Object Storage Service （swift）
1.在租户service中创建用户swift
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-create --tenant-id a295e1962f124d2992beacbec452d9c4 --name swift --pass swift
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | |
| enabled | True |
| id | 3a8ccf71549f491b8eccc31b4b04d80e |
| name | swift |
| password | $6$rounds=40000$SthEV8h8scvp9hBJ$r6oCf8J1OGb39QymElLJr79XD6suL4jKimUHLrz8VWz3W2Wxl8EqCYmYZUBs8LigGUNGDrG.9mrhJQ86/AgKH1 |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+----------+-------------------------------------------------------------------------------------------------------------------------+

2.在租户service中，将角色admin赋予用户swift
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-role-add --user-id 3a8ccf71549f491b8eccc31b4b04d80e --tenant-id a295e1962f124d2992beacbec452d9c4 --role-id 25f36f99603c4c95888e71793365826e

查看用户：
keystone --token 558ec87e86aa43b11798 --endpoint http://10.10.4.47:35357/v2.0 user-list
+----------------------------------+--------+---------+-------+
| id | name | enabled | email |
+----------------------------------+--------+---------+-------+
| 264de00cea3348cda1b968f31b369e92 | admin | True | |
| 3a8ccf71549f491b8eccc31b4b04d80e | swift | True | |
| b6edb3ec9e2e49d39f3a01d4f8981772 | glance | True | |
| d746324fe1aa436087e87e92b38ed2d8 | nova | True | |
| e88417ed8c394d73a52f7709a113bb9a | ec2 | True | |
+----------------------------------+--------+---------+-------+
---------------------------------------------------分割线-------------------------------------------------------------

为了在命令中少两个参数：
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=558ec87e86aa43b11798

为各组件配置服务
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone service-create --name=nova --type=compute --description="Nova Compute Service"
keystone service-create --name=volume --type=volume --description="Nova Volume Service"
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
keystone service-create --name=swift --type=object-store --description="Object Storage Service"
$ keystone service-list
+----------------------------------+----------+--------------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+---------------------------+
| 0ef9d77e2ca44d2e94a58f98eaea46fc | keystone | identity | Keystone Identity Service |
| 1ab16c3a56314f81bf6d7ab4c96cf9ba | volume | volume | Nova Volume Service |
| 2e7c422762a24306879dc3459c8d4ac0 | ec2 | ec2 | EC2 Compatibility Layer |
| b0753c9823ec43bba5f44a431df108f4 | swift | object-store | Object Storage Service |
| ec5b17f444ed49a9b5f785eff16be656 | nova | compute | Nova Compute Service |
| f3e375536aac48fa8463660bbe91c12a | glance | image | Glance Image Service |
+----------------------------------+----------+--------------+---------------------------+

为各组件配置服务endpoint

1.keystone
keystone endpoint-create --region RegionOne --service-id=0ef9d77e2ca44d2e94a58f98eaea46fc \
--publicurl=http://10.10.4.47:5000/v2.0 \
--internalurl=http://192.168.1.2:5000/v2.0 \
--adminurl=http://10.10.4.47:35357/v2.0

2.nova
keystone endpoint-create \
--region RegionOne \
--service-id=ec5b17f444ed49a9b5f785eff16be656 \
--publicurl='http://10.10.4.47:8774/v2/%(tenant_id)s' \
--internalurl='http://192.168.1.2:8774/v2/%(tenant_id)s' \
--adminurl='http://10.10.4.47:8774/v2/%(tenant_id)s'

3.volume
keystone endpoint-create \
--region RegionOne \
--service-id=1ab16c3a56314f81bf6d7ab4c96cf9ba \
--publicurl='http://10.10.4.47:8776/v1/%(tenant_id)s' \
--internalurl='http://192.168.1.2:8776/v1/%(tenant_id)s' \
--adminurl='http://10.10.4.47:8776/v1/%(tenant_id)s'

4.glance
keystone endpoint-create \
--region RegionOne \
--service-id=f3e375536aac48fa8463660bbe91c12a \
--publicurl=http://10.10.4.47:9292/v1 \
--internalurl=http://192.168.1.2:9292/v1 \
--adminurl=http://10.10.4.47:9292/v1

5.ec2
keystone endpoint-create \
--region RegionOne \
--service-id=2e7c422762a24306879dc3459c8d4ac0 \
--publicurl=http://10.10.4.47:8773/services/Cloud \
--internalurl=http://192.168.1.2:8773/services/Cloud \
--adminurl=http://10.10.4.47:8773/services/Admin

6.swift
keystone endpoint-create \
--region RegionOne \
--service-id=b0753c9823ec43bba5f44a431df108f4 \
--publicurl 'http://10.10.4.47:8888/v1/AUTH_%(tenant_id)s' \
--adminurl 'http://10.10.4.47:8888/v1' \
--internalurl 'http://192.168.1.2:8888/v1/AUTH_%(tenant_id)s'
+----------------------------------+-----------+----------------------------------------------+-----------------------------------------------+-----------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+----------------------------------------------+-----------------------------------------------+-----------------------------------------+----------------------------------+
| 213af135dbf74933a24872b3a2d6c4b8 | RegionOne | http://10.10.4.47:8888/v1/AUTH_%(tenant_id)s | http://192.168.1.2:8888/v1/AUTH_%(tenant_id)s | http://10.10.4.47:8888/v1 | b0753c9823ec43bba5f44a431df108f4 |
| 2e80ec27f90d48648ae6326ca34eeba7 | RegionOne | http://10.10.4.47:8774/v2/%(tenant_id)s | http://192.168.1.2:8774/v2/%(tenant_id)s | http://10.10.4.47:8774/v2/%(tenant_id)s | ec5b17f444ed49a9b5f785eff16be656 |
| 6a97f8e4d265421baa757ce262333bf2 | RegionOne | http://10.10.4.47:9292/v1 | http://192.168.1.2:9292/v1 | http://10.10.4.47:9292/v1 | f3e375536aac48fa8463660bbe91c12a |
| b4ab7b18688a461dbdb375ade57c7f22 | RegionOne | http://10.10.4.47:8776/v1/%(tenant_id)s | http://192.168.1.2:8776/v1/%(tenant_id)s | http://10.10.4.47:8776/v1/%(tenant_id)s | 1ab16c3a56314f81bf6d7ab4c96cf9ba |
| bbd0e9146ccd4a3aa329c2379960efa7 | RegionOne | http://10.10.4.47:5000/v2.0 | http://192.168.1.2:5000/v2.0 | http://10.10.4.47:35357/v2.0 | 0ef9d77e2ca44d2e94a58f98eaea46fc |
| fadb5bb02f364e838781179b3909afc2 | RegionOne | http://10.10.4.47:8773/services/Cloud | http://192.168.1.2:8773/services/Cloud | http://10.10.4.47:8773/services/Admin | 2e7c422762a24306879dc3459c8d4ac0 |
+----------------------------------+-----------+----------------------------------------------+-----------------------------------------------+-----------------------------------------+----------------------------------+

验证
keystone --os-username=admin --os-password=keystoneadmin --os-auth-url=http://10.10.4.47:35357/v2.0 token-get No handlers could be found for logger "keystoneclient.v2_0.client"
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| expires | 2013-03-02T01:25:40Z |
| id | 00d71cef161a467ebb3ef3646172906c |
| user_id | 264de00cea3348cda1b968f31b369e92 |
+----------+----------------------------------+
keystone --os-username=admin --os-password=keystoneadmin --os-tenant-name=openstackDemo --os-auth-url=http://10.10.4.47:35357/v2.0 token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2013-03-02T01:28:12Z |
| id | 16caeb836e75416d9ab2b09d38228022 |
| tenant_id | ac0da7079c8d4bc2b95009175b21fa66 |
| user_id | 264de00cea3348cda1b968f31b369e92 |
+-----------+----------------------------------+

go
swift

推荐阅读

ip
2023年，Android开发前景如何？25岁还能转行吗？

近期，关于Android开发行业的讨论在多个平台上热度不减，许多人担忧其未来发展。本文将探讨当前Android开发市场的现状、薪资水平及职业选择建议。 ... [详细]

蜡笔小新 2024-11-21 18:08:07
ip
全栈工程师在当今技术领域的角色与价值探析

当前，众多初创企业对全栈工程师的需求日益增长，但市场中却存在大量所谓的“伪全栈工程师”，尤其是那些仅掌握了Node.js技能的前端开发人员。本文旨在深入探讨全栈工程师在现代技术生态中的真实角色与价值，澄清对这一角色的误解，并强调真正的全栈工程师应具备全面的技术栈和综合解决问题的能力。 ... [详细]

蜡笔小新 2024-10-31 10:28:12
ip
PyThon_Swift 势必取代 Python？

篇首语：本文由编程笔记#小编为大家整理，主要介绍了Swift势必取代Python？相关的知识，希望对你有一定的参考价值。 ... [详细]

蜡笔小新 2024-10-14 14:20:18
list
日历列表快速返回空数组

我正在尝试获取日历事件和提醒，但有些却不返回事件，提醒，日历，事件源的 ... [详细]

蜡笔小新 2024-10-13 08:00:41
list
[Swift]LeetCode688. “马”在棋盘上的概率 | Knight Probability in Chessboard

★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★➤微信公众号：山青咏芝（shanqingyongzhi）➤ ... [详细]

蜡笔小新 2024-10-11 13:22:48
text
iOS Swift中如何实现自动登录？

本文介绍了在iOS Swift中如何实现自动登录的方法，包括使用故事板、SWRevealViewController等技术，以及解决用户注销后重新登录自动跳转到主页的问题。 ... [详细]

蜡笔小新 2023-12-12 11:13:05
select
深入解析Swift中重载方法调用父类同名方法引发崩溃的原因与解决方案

在Swift编程中，派生类中重写方法时调用其父类的同名方法是一种常见的做法。然而，如果不正确地处理这种调用，可能会导致程序崩溃。本文详细分析了这一问题的根源，并提供了有效的解决策略，帮助开发者避免此类错误。例如，在一个自定义的`ViewController`类中继承自`UITableViewController`时，如果重写了某个方法而未恰当调用父类的实现，就可能引发运行时异常。通过本文的指导，读者将能够更好地理解Swift中的方法重载机制，确保代码的稳定性和安全性。 ... [详细]

蜡笔小新 2024-10-31 09:15:49
select
Swift 3中为何默认不自动关闭转义闭包，以及为何需明确使用“self”？

在Swift 3中，默认情况下不自动关闭转义闭包的原因是为了避免潜在的内存管理和生命周期问题。明确使用“self”则是为了提高代码的可读性和安全性，确保开发者清楚地意识到闭包捕获了外部变量，从而避免意外的引用循环和资源泄漏。 ... [详细]

蜡笔小新 2024-10-30 11:55:53
version
Struts2进阶指南：实现自定义拦截器详解

在Struts2框架中，自定义拦截器的运用至关重要。通过定义拦截器或拦截器栈，可以灵活地扩展和控制应用程序的行为。本文将详细介绍如何创建和配置自定义拦截器，以实现更高效的功能管理和维护。 ... [详细]

蜡笔小新 2024-10-26 14:11:16
list
[Swift] LeetCode 1019: 链表中每个节点的下一个更大值 | Next Greater Node in Linked List Analysis

本文详细分析了 LeetCode 1019 题目“链表中每个节点的下一个更大值”，探讨了如何在链表中找到每个节点右侧第一个比其值更大的节点。通过使用栈的数据结构，我们可以高效地解决这一问题，并提供了详细的代码实现和复杂度分析。 ... [详细]

蜡笔小新 2024-10-24 00:34:35
ip
在swift中用正则表达式替换字符串 - Replace string with regex in swift

Iwanttoreplaceaportionofastringthatmatchesaregexpattern.我想替换匹配正则表达式模式的字符串的一部分。Ihav ... [详细]

蜡笔小新 2024-10-21 12:50:14
list
[译] OS X 和 iOS 的测绘框架Core Plot 入门教程

[译] OS X 和 iOS 的测绘框架Core Plot 入门教程 ... [详细]

蜡笔小新 2024-10-16 09:58:13
list
如何使用Swift制作子弹列表？ - How to make a bullet list with Swift?

SoIwanttomakesomethinglikethisusingswiftandxcode:所以我想用swift和xcode制作这样的东西:WhereIget ... [详细]

蜡笔小新 2024-10-15 11:20:06
text
SwiftUI按钮图像显示为黑色

我正在尝试使SwiftUI中的按钮在文本旁边显示图像。但是，即使不在按钮中时图像 ... [详细]

蜡笔小新 2024-10-13 21:50:40
list
python l类移除一个元素_Python 基础知识全篇列表元素移除操作

现在我们已经知道列表是一种动态的数据结构。我们可以定义一个空的列表，然后动态的添加元素。但是真正的动态不光是能动态添加数据，还要能在不需要元素的时候&# ... [详细]

蜡笔小新 2024-10-09 19:29:40

聪VS霞_539

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章