openstack学习笔记六 多节点部署之keystone

本文涉及的产品
云数据库 RDS MySQL,集群版 2核4GB 100GB
推荐场景:
搭建个人博客
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
RDS MySQL Serverless 高可用系列,价值2615元额度,1个月
简介:

keystone    对用户进行验证,每个组件必须得实用一个用户向keystone进行注册,只有成功了,那么这个组件才能正常工作。所以当我们在创建其他组件的时候,也包括keystone本身,都得为这个组件创建一个用户名和密码


keystone也必须知道这些组件到底在什么地方,比如在那台主机上。


wKioL1d7wsrRg91LAAJhGY7B4eM943.png

User 住宾馆的人
Credentials 开启房间的钥匙
Authentication 宾馆为了拒绝不必要的人进出宾馆,专门设置的机制,只有拥有钥匙的人才能进出
Token 也是一种钥匙,有点特别
Tenant 宾馆
Service 宾馆可以提供的服务类别,比如,饮食类,娱乐类
Endpoint 具体的一种服务,比如吃烧烤,打羽毛球
Role VIP 等级,VIP越高,享有越高的权限


wKioL1d7wtuQjIIKAAL5H8-n9Ow961.png

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@h1 ~] # source  keystonerc_admin
[root@h1 ~(keystone_admin)] # keystone  endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
|                 id                 |   region  |                    publicurl                    |                   internalurl                   |                  adminurl                  |            service_id            |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
| 03bf88d48e2648149242a571684fbfce | RegionOne |            http: //192 .168.1.201:9696            |            http: //192 .168.1.201:9696            |         http: //192 .168.1.201:9696          | 1100243c5a694bc5857218dd0543297b |
| 1b5ccdf306484fefadc63d1eeb20de5d | RegionOne |             http: //127 .0.0.1:8774 /v3             |             http: //127 .0.0.1:8774 /v3             |          http: //127 .0.0.1:8774 /v3           | 4bda82ded4db46f68428d4e00247c14c |
| 2408bc6cb5164053b86c0983fd39961a | RegionOne | http: //192 .168.1.201:8080 /v1/AUTH_ %(tenant_id)s | http: //192 .168.1.201:8080 /v1/AUTH_ %(tenant_id)s |         http: //192 .168.1.201:8080          | 30c62c3c0797462a8bd4ff059a71296e |
| 432e655e85614a5eb69b7de5c5aacf34 | RegionOne |    http: //192 .168.1.201:8776 /v2/ %(tenant_id)s   |    http: //192 .168.1.201:8776 /v2/ %(tenant_id)s   | http: //192 .168.1.201:8776 /v2/ %(tenant_id)s | 5d60cb24769e403cb10bb70cb1077f2b |
| 4d5c1e505b30467c9966a5e5e93feef0 | RegionOne |            http: //192 .168.1.201:9292            |            http: //192 .168.1.201:9292            |         http: //192 .168.1.201:9292          | 87d30bb0dd8e44ccba00127f77831e9e |
| 8683d84884d74e7c8a73513260aec774 | RegionOne |            http: //192 .168.1.201:8080            |            http: //192 .168.1.201:8080            |         http: //192 .168.1.201:8080          | e6ced100d94e4f3b86cccfc82e12b83a |
| 8fa0e177bac746f79e229f16954506fb | RegionOne |    http: //192 .168.1.201:8776 /v1/ %(tenant_id)s   |    http: //192 .168.1.201:8776 /v1/ %(tenant_id)s   | http: //192 .168.1.201:8776 /v1/ %(tenant_id)s | dc75a046272548db99e1cbbe93c2025c |
| 9006207b29a04700922ee55905a7f445 | RegionOne |    http: //192 .168.1.201:8774 /v2/ %(tenant_id)s   |    http: //192 .168.1.201:8774 /v2/ %(tenant_id)s   | http: //192 .168.1.201:8774 /v2/ %(tenant_id)s | 1c9e6e4d00824327bfe4e8e7175317e1 |
| a9ec253a705c4b3c9848b5bed32e9768 | RegionOne |     http: //192 .168.1.201:8773 /services/Cloud     |     http: //192 .168.1.201:8773 /services/Cloud     |  http: //192 .168.1.201:8773 /services/Admin   | 81bbcf83509a42e9a867914cde84e9d4 |
| bcab3bbc3281451494428315b24b0dba | RegionOne |            http: //192 .168.1.201:8777            |            http: //192 .168.1.201:8777            |         http: //192 .168.1.201:8777          | 8f54fc4364de49efbeb72020bf2aa176 |
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne |          http: //192 .168.1.201:5000 /v2 .0         |          http: //192 .168.1.201:5000 /v2 .0         |      http: //192 .168.1.201:35357 /v2 .0       | 02ce8247c5924913a73422bcf5275c40 |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@h1 ~(keystone_admin)] # keystone service-list     服务
+----------------------------------+------------+--------------+--------------------------------+
|                 id                 |    name    |      type      |          description           |
+----------------------------------+------------+--------------+--------------------------------+
| 8f54fc4364de49efbeb72020bf2aa176 | ceilometer |   metering   |   Openstack Metering Service   |
| dc75a046272548db99e1cbbe93c2025c |   cinder   |    volume    |         Cinder Service         |
| 5d60cb24769e403cb10bb70cb1077f2b |  cinderv2  |   volumev2   |       Cinder Service v2        |
| 87d30bb0dd8e44ccba00127f77831e9e |   glance   |    image     |    OpenStack Image Service     |
| 02ce8247c5924913a73422bcf5275c40 |  keystone  |   identity   |   OpenStack Identity Service   |
| 1100243c5a694bc5857218dd0543297b |  neutron   |   network    |   Neutron Networking Service   |
| 1c9e6e4d00824327bfe4e8e7175317e1 |    nova    |   compute    |   Openstack Compute Service    |
| 81bbcf83509a42e9a867914cde84e9d4 |  nova_ec2  |     ec2      |          EC2 Service           |
| 4bda82ded4db46f68428d4e00247c14c |   novav3   |  computev3   |  Openstack Compute Service v3  |
| 30c62c3c0797462a8bd4ff059a71296e |   swift    | object-store | Openstack Object-Store Service |
| e6ced100d94e4f3b86cccfc82e12b83a |  swift_s3  |      s3      |      Openstack S3 Service      |
+----------------------------------+------------+--------------+--------------------------------+
1
2
3
4
5
6
7
8
9
[root@h1 ~(keystone_admin)] # keystone  role-list            角色
+----------------------------------+---------------+
|                 id                 |      name     |
+----------------------------------+---------------+
| 7455105a501842e097e7825257eb5be4 | ResellerAdmin |
| 5d2a5d2f80d442e09b9c3d514ded412e | SwiftOperator |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 794f590d02344bafb280f37ff29433ae |     admin     |
+----------------------------------+---------------+


1
2
3
4
5
6
7
8
[root@h1 ~(keystone_admin)] #  keystone  role-create  --name  test1 
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|     id     | 467d36315d9c4e529e9400c606f8d7a2 |
|   name   |              test1               |
+----------+----------------------------------+
[root@h1 ~(keystone_admin)] #  keystone  role-delete  test1



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@h1 ~(keystone_admin)] # keystone  user-list    用户
+----------------------------------+------------+---------+----------------------+
|                 id                 |    name    | enabled |        email         |
+----------------------------------+------------+---------+----------------------+
| 1627cc3d61c04f9db9608e9703a01371 |   admin    |   True  |    root@localhost    |
| 04247710cdf34914a7f5b315ab166731 | ceilometer |   True  | ceilometer@localhost |
| cb5e12e30a4a4c1dae57255c184b8b30 |   cinder   |   True  |   cinder@localhost   |
| 632fb20205ea4c40988d7d65b2844ff6 |   glance   |   True  |   glance@localhost   |
| 23c4fb48a5a247d68e50c6b74fb6f035 |    http    |   True  |                      |
| 80069f5c8edc454b8038e7f116df4ff5 |  neutron   |   True  |  neutron@localhost   |
| adbcaaf58d09495988b57be8e82b4e6b |    nova    |   True  |    nova@localhost    |
| 4f488ff4859e4973afefea6e7872ed83 |   swift    |   True  |   swift@localhost    |
+----------------------------------+------------+---------+----------------------+
[root@h1 ~(keystone_admin)] #  keystone  user-create  --name hequan  --pass hequan  --email  hequan2011@sina.com
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |       hequan2011@sina.com        |
| enabled  |               True               |
|     id     | 9d12907283b64b02a80f1e98074a9c84 |
|   name   |              hequan              |
| username |              hequan              |
+----------+----------------------------------+
1
2
3
4
[root@h1 ~(keystone_admin)] #  keystone  user-get     hequan              ##查看信息
[root@h1 ~(keystone_admin)] #  keystone  user-delete    hequan
[root@h1 ~(keystone_admin)] #  keystone  user-password-update    --pass  hequan1 hequan   ##密码更新
[root@h1 ~(keystone_admin)] #   keystone  user-role-add  --user hequan  --role  _member_  --tenant=http  #划分角色和租户
1
2
3
4
5
6
7
8
[root@h1 ~(keystone_admin)] # keystone tenant-list                租户
+----------------------------------+----------+---------+
|                 id                 |   name   | enabled |
+----------------------------------+----------+---------+
| 43986fb013804aa0a04ca277e4d0e69c |  admin   |   True  |
| 1af10fa8077e4b52b3427786bb15e968 |   http   |   True  |
| 842da711a1b740ddbf006a9f0a7ee116 | services |   True  |        ##内置服务默认都属于services
+----------------------------------+----------+---------+
1
2
3
4
5
6
7
8
9
10
[root@h1 ~(keystone_admin)] # keystone tenant-create --name  123    ###创建租户123
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|       id      | c2a2e3aadf614bb08b1fc943157b668e |
|     name    |               123                |
+-------------+----------------------------------+
[root@h1 ~(keystone_admin)] # keystone tenant-delete   123





配置安装keystone

  1. 首先创建数据库

  2. 使用token登陆keystone

  3. 创建服务   endpoint

  4. 创建用户

  5. 关闭token登陆,使用admin登陆


基本环境

1
2
3
4
5
6
7
192.168.1.204       h4.hequan.com     h4                      ##  keystone
 
systemctl   stop    NetworkManager
systemctl   disable  NetworkManager
 
 
[root@h4 ~] # yum install centos-release-openstack-liberty
1
2
3
4
5
6
7
8
9
[root@h4 ~] # yum install  openstack-keystone openstack-utils  openstack-selinux  -y
[root@h4 ~] # openstack-db --init --service  keystone  --rootpw  123456    --password  keystone
keystone default DB is not mysql. Would you like to reset to mysql now? (y /n ): y
mysql-server is not installed.  Would you like to  install  it now? (y /n ): y
mysqld is not running.  Would you like to start it now? (y /n ): y
Verified connectivity to MySQL.
Creating  'keystone'  database.
Initializing the keystone database, please wait...
Complete!
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@h4 ~] # mysql -uroot -p123456
MariaDB [(none)]> show databases;
 
[root@h4 keystone] # openssl   rand -hex 10
73fa731f6fa567630fdd
 
[root@h4 keystone] # pwd
/etc/keystone
[root@h4 keystone] # vim keystone.conf
  
admin_token = 73fa731f6fa567630fdd
rabbit_host = localhost
rabbit_port = 5672
rabbit_hosts = $rabbit_host:$rabbit_port
rabbit_use_ssl =  false
rabbit_userid = guest
rabbit_password = guest
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /
connection = mysql: //keystone :keystone@192.168.1.204 /keystone          ###用到上面写的用户名和密码

启动服务

1
2
3
4
5
6
[root@h4 keystone] # systemctl   list-unit-files  | grep keyston
openstack-keystone.service             disabled
 
 
[root@h4 keystone] # systemctl  start  openstack-keystone.service
[root@h4 keystone] # systemctl  enable  openstack-keystone.service


现在没有用户,只有token

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
cat  keystone_token                ##创建文件
export    SERVICE_TOKEN=73fa731f6fa567630fdd
export    SERVICE_ENDPOINT=http: //192 .168.1.204:35357/ v2.0
export  PS1= '[\u@\h \W(keystone_token)]\$ '
 
 
source  keystone_token
 
 
ps  aux |  grep  keystone
 
keystone  3343  1.5  1.6 321844 68704 ?        Ss   20:10   0:05  /usr/bin/python2  /usr/bin/keystone-all 
 
netstat  -lntup |  grep  35357
tcp        0      0 0.0.0.0:35357           0.0.0.0:*               LISTEN      3343 /python2 
 
keystone service-list
 
 
[root@h4 ~] # keystone service-create --name keystone --type identity  --description="keystone"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |             keystone             |
|   enabled   |               True               |
|       id      | e0c6163cb7dd42098225f13a3fa4220e |
|     name    |             keystone             |
|      type     |             identity             |
+-------------+----------------------------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@h4 ~] # keystone  endpoint-create  --service-id  e0c6163cb7dd42098225f13a3fa4220e  --publicurl  ''  --internalurl  ''  --adminurl  ''
可以找一个模板去抄
 
 
[root@h1 ~(keystone_admin)] # keystone  endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+
|                 id                 |   region  |                    publicurl                    |                   internalurl                   |                  adminurl                  |            service_id            |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+--------------------------------------------+----------------------------------+ 
| e3d9a4fa64bd441ea3fe143b1d72b8a4 | RegionOne |          http: //192 .168.1.201:5000 /v2 .0         |          http: //192 .168.1.201:5000 /v2 .0         |      http: //192 .168.1.201:35357 /v2 .0       | 02ce8247c5924913a73422bcf5275c40 |
[root@h1 ~(keystone_admin)] # keystone service-list
| 02ce8247c5924913a73422bcf5275c40 |  keystone  |   identity   |   OpenStack Identity Service   |
 
 
 
 
[root@h4 ~] # keystone  endpoint-create  --service-id  e0c6163cb7dd42098225f13a3fa4220e  --publicurl  'http://192.168.1.201:5000/v2.0'  --internalurl  ''  --adminurl  ''   --publicurl  'http://192.168.1.204:5000/v2.0'  --internalurl  'http://192.168.1.204:5000/v2.0'  --adminurl  'http://192.168.1.204:35357/v2.0' 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  | http: //192 .168.1.204:35357 /v2 .0  |
|       id      | 810e5faef22f44aebd17f55d1808e3c5 |
| internalurl |  http: //192 .168.1.204:5000 /v2 .0  |
|  publicurl  |  http: //192 .168.1.204:5000 /v2 .0  |
|    region   |            regionOne             |
|  service_id | e0c6163cb7dd42098225f13a3fa4220e |
+-------------+----------------------------------+



创建管理员

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@h4 ~] # keystone tenant-create  --name  admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|       id      | 3a331dd90062458b8fcc259ce84be0e5 |
|     name    |              admin               |
+-------------+----------------------------------+
[root@h4 ~] # keystone role-create --name admin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|     id     | c63ed09a433144108a23a592632e2e08 |
|   name   |              admin               |
+----------+----------------------------------+
 
 
[root@h4 ~] # keystone  user-create --name admin --pass 123456
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|     id     | 172b6a61991e4fbeafe9039688eb2afc |
|   name   |              admin               |
| username |              admin               |
+----------+----------------------------------+
 
 
[root@h4 ~] # keystone  user-role-add  --user admin --tenant admin --role admin


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@h4 ~] # cp keystone_token keystone_token_admin
[root@h4 ~(keystone_admin)] # cat keystone_token_admin
unset    SERVICE_TOKEN
unset    SERVICE_ENDPOINT
export  OS_TENANT_NAME=admin
export  OS_USERNAME=admin
export  OS_PASSWORD=123456
export  OS_AUTH_URL=http: //192 .168.1.204:35357 /v2 .0
export  PS1= '[\u@\h \W(keystone_admin)]\$ '
 
 
 
[root@h4 ~(keystone_admin)] # keystone user-list         ##可以看到就表示成功了
+----------------------------------+-------+---------+-------+
|                 id                 |  name | enabled | email |
+----------------------------------+-------+---------+-------+
| 172b6a61991e4fbeafe9039688eb2afc | admin |   True  |       |
+----------------------------------+-------+---------+-------+



关闭token验证

1
2
   12  #admin_token = 73fa731f6fa567630fdd                                               
   13


至此安装完成。










本文转自 295631788 51CTO博客,原文链接:http://blog.51cto.com/hequan/1796108,如需转载请自行联系原作者
相关实践学习
如何在云端创建MySQL数据库
开始实验后,系统会自动创建一台自建MySQL的 源数据库 ECS 实例和一台 目标数据库 RDS。
全面了解阿里云能为你做什么
阿里云在全球各地部署高效节能的绿色数据中心,利用清洁计算为万物互联的新世界提供源源不断的能源动力,目前开服的区域包括中国(华北、华东、华南、香港)、新加坡、美国(美东、美西)、欧洲、中东、澳大利亚、日本。目前阿里云的产品涵盖弹性计算、数据库、存储与CDN、分析与搜索、云通信、网络、管理与监控、应用服务、互联网中间件、移动服务、视频服务等。通过本课程,来了解阿里云能够为你的业务带来哪些帮助     相关的阿里云产品:云服务器ECS 云服务器 ECS(Elastic Compute Service)是一种弹性可伸缩的计算服务,助您降低 IT 成本,提升运维效率,使您更专注于核心业务创新。产品详情: https://www.aliyun.com/product/ecs
目录
相关文章
|
网络协议 Linux 网络安全
openstack 云平台一体化部署(超详细)
openstack 云平台一体化部署(超详细)
1021 0
openstack 云平台一体化部署(超详细)
|
11月前
|
存储 弹性计算 资源调度
openstack组件部署 3
openstack组件部署
101 0
|
11月前
|
数据安全/隐私保护
(二)Open Stack(M)----Keystone安装和配置(下)
(二)Open Stack(M)----Keystone安装和配置(下)
79 0
|
2月前
|
存储 Ubuntu KVM
Ubuntu部署OpenStack踩坑指南:还要看系统版本?
Ubuntu部署OpenStack踩坑指南:还要看系统版本?
Ubuntu部署OpenStack踩坑指南:还要看系统版本?
|
2月前
|
关系型数据库 MySQL 数据库
云计算|OpenStack|社区版OpenStack安装部署文档(三 --- 身份认证服务keystone安装部署---Rocky版)
云计算|OpenStack|社区版OpenStack安装部署文档(三 --- 身份认证服务keystone安装部署---Rocky版)
84 0
|
2月前
|
存储 安全 Linux
云计算|OpenStack|社区版OpenStack安装部署文档(一 --- 前期硬件准备和部署规划)
云计算|OpenStack|社区版OpenStack安装部署文档(一 --- 前期硬件准备和部署规划)
532 0
|
11月前
|
负载均衡 安全 网络安全
openstack组件部署 4
openstack组件部署
|
11月前
|
存储 数据管理 数据安全/隐私保护
openstack组件部署 2
openstack组件部署
|
11月前
|
存储 消息中间件 关系型数据库
openstack组件部署 1
openstack组件部署
142 0
|
负载均衡 关系型数据库 Linux
实战案例——Ansible部署高可用OpenStack平台
实战案例——Ansible部署高可用OpenStack平台
591 0