作者:手机用户2502869895 | 来源:互联网 | 2014-05-27 20:14
keystone是openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。具体作用请看相关官方文档。这里我使用的是mysql来存储keystone的数据。keystoneHost:keystoneip:192.168.0.106mysql,keystone1、安装1)安装数据库s
keystone是openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。具体作用请看相关官方文档。这里我使用的是mysql来存储keystone的数据。
|
keystone
|
Host:keystone
ip:192.168.0.106
|
mysql, keystone
|
1、安装
1)安装数据库
sudoapt-get install mysql-server mysql-client python-mysqldb
进/etc/mysql/my.cnf里,将bind-address=127.0.0.1改成
0.0.0.0。这样远程主机就可以连接上这个mysql。
重启mysql服务。sudo service mysql restart
2)安装keystone
安装软件
sudoapt-get install keystone
创建keystone数据库,并创建用户以及分配权限。
create database keystone;
grant all on keystone.* to 'keystone'@'%' identified by
'keystonepwd';
配置keystone
配置keystone,修改/etc/keystone/keystone.conf文件:
[sql]
#cOnnection= sqlite:////var/lib/keystone/keystone.db
cOnnection=
mysql://keystone:keystonepwd@192.168.0.106/keystone
这里注意一下该文件里的这部份信息,记住admin_token参数,以后会用的上,这个参数是用来访问keystone服务的。默认是ADMIN,也可以改成别的。
[DEFAULT]
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_cOnfig=/etc/keystone/logging.conf
重启keystone服务
sudoservice keystone restart
同步数据库,
sudokeystone-manage db_sync
然后去数据库里看,
mysql>show tables;
+------------------------+
|Tables_in_keystone |
+------------------------+
|ec2_credential |
|endpoint |
|metadata |
|migrate_version |
|role
|
|service
|
|tenant
|
|token
|
|user
|
|user_tenant_membership |
+------------------------+
2、使用keystone
导入环境变量,当然也可以在每次执行keystone命令时加上这方面的参数,keystone 命令格式参见它的help
export SERVICE_TOKEN=ADMIN
exportSERVICE_ENDPOINT=http://192.168.0.106:35357/v2.0
添加tenant:
keystonetenant-create --name adminTenant --description "Admin
Tenant"--enabled true
keystone@keystone:~$keystone tenant-list
+----------------------------------+-------------+---------+
| id
|
name | enabled |
+----------------------------------+-------------+---------+
|72a95ab302cc42d59e6f414769dcfec7 | adminTenant | True
|
+----------------------------------+-------------+---------+
添加user:
keystoneuser-create --tenant_id 72a95ab302cc42d59e6f414769dcfec7
--name admin --passopenstack --enabled true
keystone@keystone:~$ keystone user-list
+----------------------------------+---------+-------+-------+
| id
| enabled |
email | name |
+----------------------------------+---------+-------+-------+
|4fd5ba059a6945c0a43ff63b0140b0a9 | True | None |
admin |
+----------------------------------+---------+-------+-------+
添加role
keystonerole-create --name adminRole
keystone@keystone:~$ keystone role-list
+----------------------------------+-----------+
| id
|
name |
+----------------------------------+-----------+
|675b96a12d834021b519ef50502a5e5e | adminRole |
+----------------------------------+-----------+
将这三者关联
keystoneuser-role-add --user 4fd5ba059a6945c0a43ff63b0140b0a9
--tenant_id72a95ab302cc42d59e6f414769dcfec7 --role
675b96a12d834021b519ef50502a5e5e
这样就ok了。测试一下,用curl工具测试。
sudo apt-get install curl
我们先输入一个错误的密码试试
curl-d '{"auth": {"tenantName":
"adminTenant","passwordCredentials":{"username":
"admin","password": "wrong"}}}' -H"Content-type: application/json"
http://192.168.0.106:35357/v2.0/tokens| python -mjson.tool
返回结果
{
"error":{
"code":401,
"message":"Invalid user /
password",
"title":"Not Authorized"
}
}
如果用户名/密码都正确的话
curl -d'{"auth": {"tenantName":
"adminTenant","passwordCredentials":{"username":
"admin","password": "openstack"}}}' -H
"Content-type:application/json"
http://192.168.0.106:35357/v2.0/tokens | python-mjson.tool
就会返回很多信息,如token、user等,内容太多了,这里我就不贴了。
京公网安备 11010802041100号