Openstack-mitaka Authentication Service Management installation configuration deployment

1. Log in to the database as root and create the database Keystone, authorize the database, and set the password to Keyston_dbpass

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKiom1ggESbRQYdeAADtnCor2YE053.jpg-wh_500x0-wm_3 -wmp_4-s_1867649922.jpg "title=" qq20161107131936.jpg "alt=" Wkiom1ggesbrqydeaadtncor2ye053.jpg-wh_50 "/>

2. The Keystone Authentication Service uses Apache HTTP servers with MOD_WSGI to service authentication service requests with ports 5000 and 35357. Therefore, the appropriate package needs to be installed on the controller node

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DF/wKiom1ggGdvTIOKKAAQRaBtEKWw059.jpg-wh_500x0-wm_3 -wmp_4-s_3668170905.jpg "title=" qq20161107140038.jpg "alt=" Wkiom1gggdvtiokkaaqrabtekww059.jpg-wh_50 "/>

4. Generate random password tokens using commands

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHIDBpq82AAAY0j4hvRw302.jpg-wh_500x0-wm_3 -wmp_4-s_2890050312.jpg "title=" qq20161107141708.jpg "alt=" Wkiom1gghidbpq82aaay0j4hvrw302.jpg-wh_50 "/>

3. Edit/etc/keystone/keystone.conf

1) Define the value of the initial management token in [DEFAULT]:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggHSLweEzGAACWhlJTszc619.jpg-wh_500x0-wm_3 -wmp_4-s_1649162631.jpg "title=" qq20161107141951.jpg "alt=" Wkiol1gghslweezgaacwhljtszc619.jpg-wh_50 "/>

2) in the [Database] section, configure database access:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHeTh4u2RAADdusYFw1c445.jpg-wh_500x0-wm_3 -wmp_4-s_2798653677.jpg "title=" qq20161107142306.jpg "alt=" Wkiom1ggheth4u2raaddusyfw1c445.jpg-wh_50 "/>

3) in the [token] section, configure the provider of the Fernet UUID token.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DF/wKiom1ggHy6wHaLkAAHeERPmAmM847.jpg-wh_500x0-wm_3 -wmp_4-s_384228913.jpg "title=" qq20161107142837.jpg "alt=" Wkiom1gghy6whalkaaheerpmamm847.jpg-wh_50 "/>

4. Initialize the authentication server database, where the output information is ignored

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggIIrQBnQaAAAbK34_ktk155.jpg-wh_500x0-wm_3 -wmp_4-s_1266010289.jpg "title=" qq20161107143426.jpg "alt=" Wkiol1ggiirqbnqaaaabk34_ktk155.jpg-wh_50 "/>

5. Initialize Fernet keys:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/DC/wKioL1ggIW-Q6xrtAAAjVG9O4iQ567.jpg-wh_500x0-wm_3 -wmp_4-s_3020029853.jpg "title=" qq20161107143702.jpg "alt=" Wkiol1ggiw-q6xrtaaajvg9o4iq567.jpg-wh_50 "/>

6, configure the Apache server, edit the/etc/httpd/conf/httpd.conf file, change the configuration servername hostname to controller (approximately 95 lines in the file)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DF/wKiom1ggIr2zxocqAAIJ2Zy8-Xg405.jpg-wh_500x0-wm_3 -wmp_4-s_2506954752.jpg "title=" qq20161107144329.jpg "alt=" Wkiom1ggir2zxocqaaij2zy8-xg405.jpg-wh_50 "/>

7. Create and edit/etc/httpd/conf.d/wsgi-keystone.conf

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/89/DC/wKioL1ggJgSDUaBzAAERcFo7c4M248.jpg-wh_500x0-wm_3 -wmp_4-s_2961990539.jpg "title=" qq20161107145746.jpg "alt=" Wkiol1ggjgsduabzaaercfo7c4m248.jpg-wh_50 "/>

8. Start the Apache service and set it to boot from start

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/E0/wKiom1ggJoLTFd2YAAA9nbLo2OQ950.jpg-wh_500x0-wm_3 -wmp_4-s_2685509277.jpg "title=" qq20161107145953.jpg "alt=" Wkiom1ggjoltfd2yaaa9nblo2oq950.jpg-wh_50 "/>

9. Configure authentication token, endpoint URL, authentication API version

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DD/wKioL1ggKTSjRNjrAAA01-Y0Jl8145.jpg-wh_500x0-wm_3 -wmp_4-s_984790134.jpg "title=" qq20161107151015.jpg "alt=" Wkiol1ggktsjrnjraaa01-y0jl8145.jpg-wh_50 "/>

10. Create service entities and identity authentication services:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/E0/wKiom1ggKbLigiqCAABcmqhXaOQ508.jpg-wh_500x0-wm_3 -wmp_4-s_4188922720.jpg "title=" qq20161107151327.jpg "alt=" Wkiom1ggkbligiqcaabcmqhxaoq508.jpg-wh_50 "/>

11. Create an API endpoint for the authentication service:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/DD/wKioL1ggKj7ywGcAAAF65-zoeGQ709.jpg-wh_500x0-wm_3 -wmp_4-s_3225815042.jpg "title=" qq20161107151522.jpg "alt=" Wkiol1ggkj7ywgcaaaf65-zoegq709.jpg-wh_50 "/>

12. Create domain Default

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/DD/wKioL1ggKrzTS54BAABLbpd1Ngc569.jpg-wh_500x0-wm_3 -wmp_4-s_436256186.jpg "title=" qq20161107151753.jpg "alt=" Wkiol1ggkrzts54baablbpd1ngc569.jpg-wh_50 "/>

13. Create managed projects, users, and roles

1) Create admin project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E0/wKiom1ggK0Hwgy81AAB3lbZQrjo882.jpg-wh_500x0-wm_3 -wmp_4-s_785943360.jpg "title=" qq20161107152011.jpg "alt=" Wkiom1ggk0hwgy81aab3lbzqrjo882.jpg-wh_50 "/>

2) Create Admin user

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggK6ajLzTFAABimZ-xal0456.jpg-wh_500x0-wm_3 -wmp_4-s_388204519.jpg "title=" qq20161107152138.jpg "alt=" Wkiol1ggk6ajlztfaabimz-xal0456.jpg-wh_50 "/>

3) Create Admin role

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/DE/wKioL1ggK-SA3J-KAABEsF93RNE653.jpg-wh_500x0-wm_3 -wmp_4-s_2871161930.jpg "title=" qq20161107152240.jpg "alt=" Wkiol1ggk-sa3j-kaabesf93rne653.jpg-wh_50 "/>

4) Add Admin user to admin project and user

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/DE/wKioL1ggLFGQTkBqAAAbzEa6Ek4510.jpg-wh_500x0-wm_3 -wmp_4-s_530318588.jpg "title=" qq20161107152443.jpg "alt=" Wkiol1gglfgqtkbqaaabzea6ek4510.jpg-wh_50 "/>

14. Create a service project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLLuDG0BVAAB2HsOjv8M857.jpg-wh_500x0-wm_3 -wmp_4-s_2016460308.jpg "title=" qq20161107152624.jpg "alt=" Wkiol1gglludg0bvaab2hsojv8m857.jpg-wh_50 "/>

15. Create demo project and user

1) Create demo project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLXeD33lCAABwBNzzW_0506.jpg-wh_500x0-wm_3 -wmp_4-s_515561184.jpg "style=" Float:none; "title=" qq20161107152847.jpg "alt=" wkiol1gglxed33lcaabwbnzzw_0506. Jpg-wh_50 "/>

2) Create demo user

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/E1/wKiom1ggLXiBoTHlAABgpcp8Qjw584.jpg-wh_500x0-wm_3 -wmp_4-s_2561247925.jpg "style=" Float:none; "title=" Qq20161107152901.jpg "alt=" Wkiom1gglxibothlaabgpcp8qjw584.jpg-wh_50 "/>

3) Create User role

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggLoDzMxLwAAA-AnXKOBw939.jpg-wh_500x0-wm_3 -wmp_4-s_1376863146.jpg "title=" qq20161107153109.jpg "alt=" Wkiol1gglodzmxlwaaa-anxkobw939.jpg-wh_50 "/>

4) Add the user role to the demo project and the role

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/E1/wKiom1ggLvDgUogVAAAaNMogo84460.jpg-wh_500x0-wm_3 -wmp_4-s_270913591.jpg "title=" qq20161107153547.jpg "alt=" Wkiom1gglvdguogvaaaanmogo84460.jpg-wh_50 "/>

16. Turn off the temporary authentication token mechanism

1) Edit the/etc/keystone/keystone-paste.ini as shown below

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DE/wKioL1ggMWniG4PcAAF4oF_aJhE094.jpg-wh_500x0-wm_3 -wmp_4-s_2661293203.jpg "title=" qq20161107154556.jpg "alt=" Wkiol1ggmwnig4pcaaf4of_ajhe094.jpg-wh_50 "/>

2) Reset the Os_token and OS_URL environment variables:

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggMdGxhSKyAAAXohRQrEs058.jpg-wh_500x0-wm_3 -wmp_4-s_2087702738.jpg "title=" qq20161107154808.jpg "alt=" Wkiol1ggmdgxhskyaaaxohrqres058.jpg-wh_50 "/>

3) Request authentication token with Admin user (this password is 13 step two password)

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/E1/wKiom1ggMoTS_tHTAADn5T7_CCY381.jpg-wh_500x0-wm_3 -wmp_4-s_156902505.jpg "title=" qq20161107155107.jpg "alt=" Wkiom1ggmots_thtaadn5t7_ccy381.jpg-wh_50 "/>

4) Request authentication token with demo user (this password is 15 step two password)

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E1/wKiom1ggM8aiotCrAADV9dlvr4Q654.jpg-wh_500x0-wm_3 -wmp_4-s_811092035.jpg "title=" qq20161107155451.jpg "alt=" Wkiom1ggm8aiotcraadv9dlvr4q654.jpg-wh_50 "/>

17. Creating scripts and validating scripts

1) Create ADMIN-OPENRC

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKioL1ggNPWRuJBTAABNLzfE5JU750.jpg-wh_500x0-wm_3 -wmp_4-s_2922119828.jpg "title=" qq20161107160123.jpg "alt=" Wkiol1ggnpwrujbtaabnlzfe5ju750.jpg-wh_50 "/>

2) Create DEMO-OPENRC

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/E1/wKiom1ggNYfBwhxUAABM95jcWl4150.jpg-wh_500x0-wm_3 -wmp_4-s_2740514724.jpg "title=" qq20161107160332.jpg "alt=" Wkiom1ggnyfbwhxuaabm95jcwl4150.jpg-wh_50 "/>

3) Load the ADMIN-OPENRC environment variable and admin project and certificate and request authentication token

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggNmKDRiTxAAC2xBPFmOc865.jpg-wh_500x0-wm_3 -wmp_4-s_3168365602.jpg "style=" Float:none; "title=" Qq20161107160637.jpg "alt=" Wkiol1ggnmkdritxaac2xbpfmoc865.jpg-wh_50 "/>

18, you may encounter problems, I intentionally password input errors here, there will be 401 errors, when encountering 401 errors, you can check the user name password is matched

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggNmLCwyL8AABcDRVXnlM845.jpg-wh_500x0-wm_3 -wmp_4-s_4029371911.jpg "style=" Float:none; "title=" Qq20161107160728.jpg "alt=" Wkiol1ggnmlcwyl8aabcdrvxnlm845.jpg-wh_50 "/>

This section refers to http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/ Keystone.html, it is also important to note that this section is written in the controller node, does not involve other hosts, the next section will install the Image Service deployment configuration

This article is from the "Zhong blog" blog, make sure to keep this source http://capfzgs.blog.51cto.com/7729146/1870272

Openstack-mitaka Authentication Service Management installation configuration deployment