Home > Others

Centos7 Openstack-(section II) Add Authentication Service (Keystone)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Centos7 Install Openstack-(section II) Add Authentication Service (Keystone)

My blog address: Http://www.cnblogs.com/caoguo

According to OpenStack Official document configuration

Official Document Address: http://docs.openstack.org/juno/install-guide/install/yum/content/#

0x01. Authentication Service installation and configuration (Control node)

[Email protected] ~]#Mysql-uroot- PMariaDB [(none)]>CREATE DATABASE Keystone; MariaDB [(none)]>GRANT all privileges on keystone.* to 'Keystone'@'localhost'  -identified by 'keystone_dbpass' ; MariaDB [(none)]>GRANT All privileges the keystone.* to 'Keystone' @'%  '  -identified by 'keystone_dbpass' ; MariaDB [(none)]>flush Privileges;

Tenyum install-y openstack-keystone python-keystoneclientcp-rf/etc/ Keystone/keystone.conf/etc/keystone/keystone.conf.old

vi/etc/keystone/ keystone.conf   #增加一下配置就可以了== = MySQL://keystone:[email protected]/ Keystone== = Keystone.contrib.revoke.backends.sql.Revoke

[Email protected] ~]#keystone-manage pki_setup--keystone-user Keystone--keystone- Group Keystone[[email protected]~]#chown-r keystone:keystone/var/log/ Keystone[[email protected]~]#chown-r keystone:keystone/etc/keystone/ SSL[[email protected]~]#chmod-r o-rwx/etc/keystone/ SSL[[email protected]~]#su-s/bin/sh-c "keystone-manage db_sync"  Keystone[[email protected]~]#Systemctl Enable openstack- keystone.service[[email protected]~]#systemctl start Openstack-keystone.service




0x02. Create tenants, users, and Roles (Control node)

[Email protected] ~]# export os_service_token=~]# export os_service_endpoint=http://  controller:35357/v2.0



2-1. Create a administrative tenant, user, and role for administrative operations in your environment:
A. Create the admin tenant: (Creating tenant Admin)

" Admin Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Admin Tenant | | Enabled | True | | ID | f42937a2fd484d638ce58e67fef59b67 | | name | Admin |+-------------+----------------------------------+


B. Create the Admin User: (creates admin)

[Email protected] ~]# Keystone user-create--name admin--pass admin_pass--Email [email protected]+----------+ ----------------------------------+| Property | Value |+----------+----------------------------------+| email | [Email protected] | | Enabled | True | | ID | CC58749F0ECB402D9F627EE72BDA5AFB | | name | admin | | Username | Admin |+----------+----------------------------------+

  C. Create the Admin role: (Creating role Admin)

[Email protected] ~]# Keystone Role-create--name Admin+----------+----------------------------------+| Property | Value |+----------+----------------------------------+| ID | 4fa15a3b9fc6464694696fa75696b191 | | name | Admin |+----------+----------------------------------+

  D. Add the Admin role to the admin tenant and User: (Add users to tenant and role)

[[email protected] ~]# Keystone User-role-add--user admin--tenant admin--role Admin


2-2. Create a demo tenant and user for typical operations in your environment:
  A. Create the demo tenant: (Creating a tenant Demo)

" Demo Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Demo Tenant | | Enabled | True | | ID | e15976585a8b45c4984f4ebd9db90b5c | | name | Demo |+-------------+----------------------------------+


B. Create the demo user under the demo tenant: (Add demo users to the tenant demo)

[Email protected] ~]# Keystone user-create--name demo--tenant demo--pass demo_pass-Email [email protected]+ ----------+----------------------------------+| Property | Value |+----------+----------------------------------+| email | [Email protected] | | Enabled | True | | ID | 5c8155359c20422c96e7bcd6aa6388ba | | name | Demo | | TenantId | e15976585a8b45c4984f4ebd9db90b5c | | Username | Demo |+----------+----------------------------------+

2-3.openstack services also require a tenant, user, and role to interact with other services.
Each service typically requires creating one or more unique users with the Admin role
Under the service tenant

A. Create the service tenant: (Creating a tenant service)

" Service Tenant "+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | Service Tenant | | Enabled | True | | ID | 6826A4D9FA7F4E438F3C79010AD80DCD | | name | Service |+-------------+----------------------------------+




0x03. Create the service entity and API endpoint (control node)
3-1. Create the service entity for the Identity service:

[Email protected] ~]# Keystone Service-create--name Keystone--"OpenStack Identity" +-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Description | OpenStack Identity | | Enabled | True | | ID | 5da5b6f72df341a7959ee7b42131c082 | | name | Keystone | | Type | Identity |+-------------+----------------------------------+

3-2. Create The Identity service API endpoints:

[Email protected] ~]# Keystone endpoint-Create--service-id $ (Keystone Service-list | awk'/identity/{print -$}') --publicurl http://controller:5000/v2.0 \--internalurl http://controller:5000/v2.0 \--adminurl http://controller:35357/v2.0 \--Region Regionone+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| Adminurl | http//controller:35357/v2.0 || ID | 90af99e76cc54249b5ac3ec4269b0d99 | | InternalUrl | http//controller:5000/v2.0 || Publicurl | http//controller:5000/v2.0 || Region | Regionone | | service_id | 5da5b6f72df341a7959ee7b42131c082 |+-------------+----------------------------------+




0x04. Confirm above operation (Control node)
4-1. Destroying variables

[Email protected] ~]# unset os_service_token os_service_endpoint



4-2. Verify Token

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 Token-get - -01t09: 34Z ||  ID | 6ce0cc1d7cf94cd39f66f8cad8d78da1 | | tenant_id | f42937a2fd484d638ce58e67fef59b67 | | user_id | CC58749F0ECB402D9F627EE72BDA5AFB |+-----------+----------------------------------+


4-3. Tenant List

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 tenant-list+----------------------------------+---------+---------+| ID | name | Enabled |+----------------------------------+---------+---------+| f42937a2fd484d638ce58e67fef59b67 | admin | True | | e15976585a8b45c4984f4ebd9db90b5c | Demo | True | | 6826A4D9FA7F4E438F3C79010AD80DCD | Service | True |+----------------------------------+---------+---------+

  

4-4. List of users

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 user-list+----------------------------------+-------+---------+----------------- -+| ID | name | Enabled | Email |+----------------------------------+-------+---------+------------------+| CC58749F0ECB402D9F627EE72BDA5AFB | admin | True | [Email protected] | | 5c8155359c20422c96e7bcd6aa6388ba | Demo | True | [Email protected] |+----------------------------------+-------+---------+------------------+

4-5. List of roles

[[email protected] ~]# Keystone--os-tenant-name admin--os-username admin--os---os-auth-url http:// controller:35357/v2.0 role-list+----------------------------------+----------+| ID | Name |+----------------------------------+----------+| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 4fa15a3b9fc6464694696fa75696b191 | Admin |+----------------------------------+----------+



4-6. Demo user gets token

[Email protected] ~]# Keystone--os-tenant-name demo--os-username demo--os---os-auth-url http:// controller:35357/v2.0 Token-get - -01t10: 54Z ||  ID | 8beacb3ab30e402583b9e1ff2bdf05ba | | tenant_id | e15976585a8b45c4984f4ebd9db90b5c | | user_id | 5c8155359c20422c96e7bcd6aa6388ba |+-----------+----------------------------------+



4-7. Attempt to access without permission

[[email protected] ~]# Keystone--os-tenant-name demo--os-username demo--os->--os-auth-url http://
    controller:35357/v2.0 user-list403)



0x05. Create OpenStack Client environment Scripts (Control node)
5-1. Add environment Variables for admin

[Email protected] ~]# vi admin-openrc.sexport os_tenant_name=adminexport os_username=  Adminexport Os_password=admin_passexport os_auth_url=http://controller:35357/v2.0


5-2. Add the environment variables for the demo user

[Email protected] ~]# vi demo-openrc.shexport os_tenant_name=demoexport os_username=  Demoexport Os_password=demo_passexport os_auth_url=http://controller:5000/v2.0

Centos7 Openstack-(section II) Add Authentication Service (Keystone)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
add authentication to website rsa cloud authentication service google authentication service azure app service authentication safenet authentication service keystone container php web service authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More