OpenstackKeystone跟Swift的集成操作

Openstack Keystone和Swift的集成操作
因为机器有限，此次此时仅仅使用swift的ALL IN ONE安装模式.Keystone的安装和swift安装都在同一机器上运行。
此次的记录并未记录swift ALL IN ONE的安装方法,仅仅记录keystone如何与swift all in ONe方式进行集成完成鉴权

系统：Ubuntu 10.04

/**拷贝项目到本地**/                    --需要安装git  sudo apt-get install git
git clone https://github.com/openstack/keystone.git
git clone https://github.com/openstack/python-keystoneclient.git

/**下载所需工具包**/
sudo apt-get install python-dev libxml2-dev libxslt1-dev libsasl2-dev libsqlite3-dev libssl-dev libldap2-dev   [同时下载镜像慢会报错，最好分开下载]
sudo apt-get install sqlitebrowser

/**创建用户或者使用root用户进行操作/
sudo su

/**进入keystone文件夹下**/  
cd keystone

/**安装VirtualEnv **/
sudo python tools/install_venv.py           [无异常就生成成功，操作最好以root]
(这步操作也同时下载了pip-requires和test-requires所需的包)

/**切换到新创建的虚拟环境中**/
source .vent/bin/activate
[停用虚拟环境] deactivate

/**安装KeyStone**/
如需在虚拟环境外也可使用keystone命令行
sudo pip tools/pip-requires
sudo pip tools/test-requires

sudo python setup.py develop

/**测试keystone引用**/
sudo python
>>> import keystone    
>>>

/** 将示例用来启动keystone的配置文件还原**/[当前还在keystone文件目录下，目录下有etc]
cp etc/keystone.conf.sample etc/keystone.conf

*******************这里我选择的是SQLite存储方式,可以更换为其他数据库或者是基于文件的存储。 记住更改内面引用的user**********

/** 测试以前的swift是否能够跑通 (鉴权方式并非keystone的时候)**/
swift-init main start
curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0
(能够返回200或者204的话,说明运行通畅,可以先暂时停掉swift了,因为后续要修改proxy-server.conf)

/**开启keystone**/
cd ~/keystone
bin/keystone-all

/**运行数据库初始化**/
sudo bin/keystone-manage db_sync

/**根据配置文件的token的来创建租户，用户，角色**/
(使用的是python-keystoneclient.git 项目)
export SERVICE_TOKEN="在keystone安装目录下etc/keystone.conf中的Token值"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"

/**创建租户**/ [ROOT]
keystone tenant-create --name=service
信息: id=d871847839fa4fbabd08950221917028
/**创建用户**/ [ROOT]
keystone user-create --name=admin --pass=admin --email=si.li@boventech.com                 
信息: id=1071f434270e4f7aa36f433be788d17b

/**创建ROLE**/
keystone role-create --name=admin
信息: id=07c69b2da1e041c1800238f0120db2a9
keystone role-create --name=Member
信息: id=460e5db0aeb54d9e9c6c446f778e64f6

/**Add Roles to Users IN Tenants**/
keystone user-role-add --user [这里放用户ID] --role [这里放角色ID] --tenant_id [这里放tenantID]

/**配置KeyStone的Service **/
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Keystone Identity Service        |
| id          | b6b28e55990f428bacd2ca45f64799ce|
| name        | keystone                         |
| type        | identity                         |
//+-------------+----------------------------------+
//配置Keystone  Service的endpoint 
keystone endpoint-create --region RegionOne
--service_id b6b28e55990f428bacd2ca45f64799ce
--publicurl 'http://localhost:5000/v2.0'
--adminurl 'http://localhost:35357/v2.0'
--internalurl 'http://localhost:5000/v2.0'

/**配置Swift的Service **/
keystone service-create --name=swift --type="object-store" --description="Swift Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Swift Service                    |
| id          | 004608f103714d81aa3e01b79913789b |
| name        | swift                            |
| type        | object-store                     |
+-------------+----------------------------------+

//创建管理Swift的User
keystone user-create --name=swift --pass=admin --tenant_id d871847839fa4fbabd08950221917028 --email=si.li@boventech.com
信息： id=8651d459557c474389bca64a9346f70a
//将名称为"admin"的角色权限配置给用户名为"swift"的用户到"service"的租户管理中
keystone user-role-add --tenant_id {tenant_id} --user {user_id} --role {rule_id}

//为Swift Service 配置endpoint
keystone endpoint-create --region RegionOne
--service_id 004608f103714d81aa3e01b79913789b
--publicurl 'http://localhost:8080/v1/AUTH_{tenantID}'
--adminurl 'http://localhost:8080/'
--internalurl 'http://localhost:8080/v1/AUTH_{tenantID}'

/**创建完毕后检查Sqlite3内存储的信息是否已经加进去了**/
sqlite3 keystone.db

SQLite version 3.6.22
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite>.tables
sqlite>select  * from service;
sqlite>select  * from user;
sqlite>select  * from ....;

或者打开图形界面
sudo sqlitebrowser

*************************************配置swift/proxy-server.conf*********************

[DEFAULT]
bind_port = 8080
user =sili

[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin,Member

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision =0
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_uri=http://127.0.0.1:5000/
auth_token = ADMIN
admin_token = ADMIN
auth_protocol = http 

[filter:cache]
use = egg:swift#memcache
set log_name = cache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:healthcheck]
use = egg:swift#healthcheck

**************************************************************************************

//开启swift
swift-init proxy start
swift-init all start

//测试

/**测试keystone在节点上是否完好**/
curl -d '{"auth": {"tenantName": "service", "passwordCredentials":{"username": "swift", "password": "admin"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

/**测试swift集成**/
swift  -A  http://localhost:5000/v2.0 -U service:swift -K admin stat -V 2