Centos7 Openstack-(section II) Add Authentication Service (Keystone)

Source: Internet
Author: User

Centos7 Install Openstack-(section II) Add Authentication Service (Keystone)

My blog address: Http://www.cnblogs.com/caoguo

According to OpenStack Official document configuration

Official Document Address: http://docs.openstack.org/juno/install-guide/install/yum/content/#

0x01. Authentication Service installation and configuration (Control node)

[Email protected] ~]#Mysql-uroot- PMariaDB [(none)]>CREATE DATABASE Keystone; MariaDB [(none)]>GRANT all privileges on keystone.* to 'Keystone'@'localhost'  -identified by 'keystone_dbpass' ; MariaDB [(none)]>GRANT All privileges the keystone.* to 'Keystone' @'%  '  -identified by 'keystone_dbpass' ; MariaDB [(none)]>flush Privileges;

Tenyum install-y openstack-keystone python-keystoneclientcp-rf/etc/ Keystone/keystone.conf/etc/keystone/keystone.conf.old

vi/etc/keystone/ keystone.conf   #增加一下配置就可以了== = MySQL://keystone:[email protected]/ Keystone== = Keystone.contrib.revoke.backends.sql.Revoke

[Email protected] ~]#keystone-manage pki_setup--keystone-user Keystone--keystone- Group Keystone[[email protected]~]#chown-r keystone:keystone/var/log/ Keystone[[email protected]~]#chown-r keystone:keystone/etc/keystone/ SSL[[email protected]~]#chmod-r o-rwx/etc/keystone/ SSL[[email protected]~]#su-s/bin/sh-c "keystone-manage db_sync"  Keystone[[email protected]~]#Systemctl Enable openstack- keystone.service[[email protected]~]#systemctl start Openstack-keystone.service




0x02. Create tenants, users, and Roles (Control node)

[Email protected] ~]# export os_service_token=~]# export os_service_endpoint=http://  controller:35357/v2.0



2-1. Create a administrative tenant, user, and role for administrative operations in your environment:
A. Create the admin tenant: (Creating tenant Admin)

" Admin Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Admin Tenant | | Enabled | True | | ID | f42937a2fd484d638ce58e67fef59b67 | | name | Admin |+-------------+----------------------------------+


B. Create the Admin User: (creates admin)

[Email protected] ~]# Keystone user-create--name admin--pass admin_pass--Email [email protected]+----------+ ----------------------------------+| Property | Value |+----------+----------------------------------+| email | [Email protected] | | Enabled | True | | ID | CC58749F0ECB402D9F627EE72BDA5AFB | | name | admin | | Username | Admin |+----------+----------------------------------+

  C. Create the Admin role: (Creating role Admin)

[Email protected] ~]# Keystone Role-create--name Admin+----------+----------------------------------+| Property | Value |+----------+----------------------------------+| ID | 4fa15a3b9fc6464694696fa75696b191 | | name | Admin |+----------+----------------------------------+

  D. Add the Admin role to the admin tenant and User: (Add users to tenant and role)

[[email protected] ~]# Keystone User-role-add--user admin--tenant admin--role Admin


2-2. Create a demo tenant and user for typical operations in your environment:
  A. Create the demo tenant: (Creating a tenant Demo)

" Demo Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Demo Tenant | | Enabled | True | | ID | e15976585a8b45c4984f4ebd9db90b5c | | name | Demo |+-------------+----------------------------------+


B. Create the demo user under the demo tenant: (Add demo users to the tenant demo)

[Email protected] ~]# Keystone user-create--name demo--tenant demo--pass demo_pass-Email [email protected]+ ----------+----------------------------------+| Property | Value |+----------+----------------------------------+| email | [Email protected] | | Enabled | True | | ID | 5c8155359c20422c96e7bcd6aa6388ba | | name | Demo | | TenantId | e15976585a8b45c4984f4ebd9db90b5c | | Username | Demo |+----------+----------------------------------+

2-3.openstack services also require a tenant, user, and role to interact with other services.
Each service typically requires creating one or more unique users with the Admin role
Under the service tenant

A. Create the service tenant: (Creating a tenant service)

" Service Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Service Tenant | | Enabled | True | | ID | 6826A4D9FA7F4E438F3C79010AD80DCD | | name | Service |+-------------+----------------------------------+




0x03. Create the service entity and API endpoint (control node)
3-1. Create the service entity for the Identity service:

[Email protected] ~]# Keystone Service-create--name Keystone--"OpenStack Identity" +-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | OpenStack Identity | | Enabled | True | | ID | 5da5b6f72df341a7959ee7b42131c082 | | name | Keystone | | Type | Identity |+-------------+----------------------------------+

3-2. Create The Identity service API endpoints:

[Email protected] ~]# Keystone endpoint-Create--service-id $ (Keystone Service-list | awk'/identity/{print -$}') --publicurl http://controller:5000/v2.0 \--internalurl http://controller:5000/v2.0 \--adminurl http://controller:35357/v2.0 \--Region Regionone+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Adminurl | http//controller:35357/v2.0 || ID | 90af99e76cc54249b5ac3ec4269b0d99 | | InternalUrl | http//controller:5000/v2.0 || Publicurl | http//controller:5000/v2.0 || Region | Regionone | | service_id | 5da5b6f72df341a7959ee7b42131c082 |+-------------+----------------------------------+




0x04. Confirm above operation (Control node)
4-1. Destroying variables

[Email protected] ~]# unset os_service_token os_service_endpoint



4-2. Verify Token

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 Token-get - -01t09: 34Z ||  ID | 6ce0cc1d7cf94cd39f66f8cad8d78da1 | | tenant_id | f42937a2fd484d638ce58e67fef59b67 | | user_id | CC58749F0ECB402D9F627EE72BDA5AFB |+-----------+----------------------------------+


4-3. Tenant List

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 tenant-list+----------------------------------+---------+---------+| ID | name | Enabled |+----------------------------------+---------+---------+| f42937a2fd484d638ce58e67fef59b67 | admin | True | | e15976585a8b45c4984f4ebd9db90b5c | Demo | True | | 6826A4D9FA7F4E438F3C79010AD80DCD | Service | True |+----------------------------------+---------+---------+

  

4-4. List of users

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 user-list+----------------------------------+-------+---------+----------------- -+| ID | name | Enabled | Email |+----------------------------------+-------+---------+------------------+| CC58749F0ECB402D9F627EE72BDA5AFB | admin | True | [Email protected] | | 5c8155359c20422c96e7bcd6aa6388ba | Demo | True | [Email protected] |+----------------------------------+-------+---------+------------------+

4-5. List of roles

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 role-list+----------------------------------+----------+| ID | Name |+----------------------------------+----------+| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 4fa15a3b9fc6464694696fa75696b191 | Admin |+----------------------------------+----------+



4-6. Demo user gets token

[Email protected] ~]# Keystone--os-tenant-name demo--os-username demo--os---os-auth-url http:// controller:35357/v2.0 Token-get - -01t10: 54Z ||  ID | 8beacb3ab30e402583b9e1ff2bdf05ba | | tenant_id | e15976585a8b45c4984f4ebd9db90b5c | | user_id | 5c8155359c20422c96e7bcd6aa6388ba |+-----------+----------------------------------+



4-7. Attempt to access without permission

[[email protected] ~]# Keystone--os-tenant-name demo--os-username demo--os->--os-auth-url http://
    controller:35357/v2.0 user-list403)



0x05. Create OpenStack Client environment Scripts (Control node)
5-1. Add environment Variables for admin

[Email protected] ~]# vi admin-openrc.sexport os_tenant_name=adminexport os_username=  Adminexport Os_password=admin_passexport os_auth_url=http://controller:35357/v2.0 


5-2. Add the environment variables for the demo user

[Email protected] ~]# vi demo-openrc.shexport os_tenant_name=demoexport os_username=  Demoexport Os_password=demo_passexport os_auth_url=http://controller:5000/v2.0 

Centos7 Openstack-(section II) Add Authentication Service (Keystone)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.