Openstack-mitaka Authentication Service Management installation configuration deployment

Source: Internet
Author: User
Tags create domain

1. Log in to the database as root and create the database Keystone, authorize the database, and set the password to Keyston_dbpass

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKiom1ggESbRQYdeAADtnCor2YE053.jpg-wh_500x0-wm_3 -wmp_4-s_1867649922.jpg "title=" qq20161107131936.jpg "alt=" Wkiom1ggesbrqydeaadtncor2ye053.jpg-wh_50 "/>

2. The Keystone Authentication Service uses Apache HTTP servers with MOD_WSGI to service authentication service requests with ports 5000 and 35357. Therefore, the appropriate package needs to be installed on the controller node

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DF/wKiom1ggGdvTIOKKAAQRaBtEKWw059.jpg-wh_500x0-wm_3 -wmp_4-s_3668170905.jpg "title=" qq20161107140038.jpg "alt=" Wkiom1gggdvtiokkaaqrabtekww059.jpg-wh_50 "/>

4. Generate random password tokens using commands

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHIDBpq82AAAY0j4hvRw302.jpg-wh_500x0-wm_3 -wmp_4-s_2890050312.jpg "title=" qq20161107141708.jpg "alt=" Wkiom1gghidbpq82aaay0j4hvrw302.jpg-wh_50 "/>

3. Edit/etc/keystone/keystone.conf

1) Define the value of the initial management token in [DEFAULT]:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggHSLweEzGAACWhlJTszc619.jpg-wh_500x0-wm_3 -wmp_4-s_1649162631.jpg "title=" qq20161107141951.jpg "alt=" Wkiol1gghslweezgaacwhljtszc619.jpg-wh_50 "/>

2) in the [Database] section, configure database access:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHeTh4u2RAADdusYFw1c445.jpg-wh_500x0-wm_3 -wmp_4-s_2798653677.jpg "title=" qq20161107142306.jpg "alt=" Wkiom1ggheth4u2raaddusyfw1c445.jpg-wh_50 "/>

3) in the [token] section, configure the provider of the Fernet UUID token.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DF/wKiom1ggHy6wHaLkAAHeERPmAmM847.jpg-wh_500x0-wm_3 -wmp_4-s_384228913.jpg "title=" qq20161107142837.jpg "alt=" Wkiom1gghy6whalkaaheerpmamm847.jpg-wh_50 "/>

4. Initialize the authentication server database, where the output information is ignored

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggIIrQBnQaAAAbK34_ktk155.jpg-wh_500x0-wm_3 -wmp_4-s_1266010289.jpg "title=" qq20161107143426.jpg "alt=" Wkiol1ggiirqbnqaaaabk34_ktk155.jpg-wh_50 "/>

5. Initialize Fernet keys:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/DC/wKioL1ggIW-Q6xrtAAAjVG9O4iQ567.jpg-wh_500x0-wm_3 -wmp_4-s_3020029853.jpg "title=" qq20161107143702.jpg "alt=" Wkiol1ggiw-q6xrtaaajvg9o4iq567.jpg-wh_50 "/>

6, configure the Apache server, edit the/etc/httpd/conf/httpd.conf file, change the configuration servername hostname to controller (approximately 95 lines in the file)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DF/wKiom1ggIr2zxocqAAIJ2Zy8-Xg405.jpg-wh_500x0-wm_3 -wmp_4-s_2506954752.jpg "title=" qq20161107144329.jpg "alt=" Wkiom1ggir2zxocqaaij2zy8-xg405.jpg-wh_50 "/>

7. Create and edit/etc/httpd/conf.d/wsgi-keystone.conf

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/89/DC/wKioL1ggJgSDUaBzAAERcFo7c4M248.jpg-wh_500x0-wm_3 -wmp_4-s_2961990539.jpg "title=" qq20161107145746.jpg "alt=" Wkiol1ggjgsduabzaaercfo7c4m248.jpg-wh_50 "/>

8. Start the Apache service and set it to boot from start

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/E0/wKiom1ggJoLTFd2YAAA9nbLo2OQ950.jpg-wh_500x0-wm_3 -wmp_4-s_2685509277.jpg "title=" qq20161107145953.jpg "alt=" Wkiom1ggjoltfd2yaaa9nblo2oq950.jpg-wh_50 "/>

9. Configure authentication token, endpoint URL, authentication API version

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DD/wKioL1ggKTSjRNjrAAA01-Y0Jl8145.jpg-wh_500x0-wm_3 -wmp_4-s_984790134.jpg "title=" qq20161107151015.jpg "alt=" Wkiol1ggktsjrnjraaa01-y0jl8145.jpg-wh_50 "/>

10. Create service entities and identity authentication services:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/E0/wKiom1ggKbLigiqCAABcmqhXaOQ508.jpg-wh_500x0-wm_3 -wmp_4-s_4188922720.jpg "title=" qq20161107151327.jpg "alt=" Wkiom1ggkbligiqcaabcmqhxaoq508.jpg-wh_50 "/>

11. Create an API endpoint for the authentication service:

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/DD/wKioL1ggKj7ywGcAAAF65-zoeGQ709.jpg-wh_500x0-wm_3 -wmp_4-s_3225815042.jpg "title=" qq20161107151522.jpg "alt=" Wkiol1ggkj7ywgcaaaf65-zoegq709.jpg-wh_50 "/>

12. Create domain Default

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/DD/wKioL1ggKrzTS54BAABLbpd1Ngc569.jpg-wh_500x0-wm_3 -wmp_4-s_436256186.jpg "title=" qq20161107151753.jpg "alt=" Wkiol1ggkrzts54baablbpd1ngc569.jpg-wh_50 "/>

13. Create managed projects, users, and roles

1) Create admin project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E0/wKiom1ggK0Hwgy81AAB3lbZQrjo882.jpg-wh_500x0-wm_3 -wmp_4-s_785943360.jpg "title=" qq20161107152011.jpg "alt=" Wkiom1ggk0hwgy81aab3lbzqrjo882.jpg-wh_50 "/>

2) Create Admin user

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggK6ajLzTFAABimZ-xal0456.jpg-wh_500x0-wm_3 -wmp_4-s_388204519.jpg "title=" qq20161107152138.jpg "alt=" Wkiol1ggk6ajlztfaabimz-xal0456.jpg-wh_50 "/>

3) Create Admin role

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/DE/wKioL1ggK-SA3J-KAABEsF93RNE653.jpg-wh_500x0-wm_3 -wmp_4-s_2871161930.jpg "title=" qq20161107152240.jpg "alt=" Wkiol1ggk-sa3j-kaabesf93rne653.jpg-wh_50 "/>

4) Add Admin user to admin project and user

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/DE/wKioL1ggLFGQTkBqAAAbzEa6Ek4510.jpg-wh_500x0-wm_3 -wmp_4-s_530318588.jpg "title=" qq20161107152443.jpg "alt=" Wkiol1gglfgqtkbqaaabzea6ek4510.jpg-wh_50 "/>

14. Create a service project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLLuDG0BVAAB2HsOjv8M857.jpg-wh_500x0-wm_3 -wmp_4-s_2016460308.jpg "title=" qq20161107152624.jpg "alt=" Wkiol1gglludg0bvaab2hsojv8m857.jpg-wh_50 "/>

15. Create demo project and user

1) Create demo project

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLXeD33lCAABwBNzzW_0506.jpg-wh_500x0-wm_3 -wmp_4-s_515561184.jpg "style=" Float:none; "title=" qq20161107152847.jpg "alt=" wkiol1gglxed33lcaabwbnzzw_0506. Jpg-wh_50 "/>

2) Create demo user

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/E1/wKiom1ggLXiBoTHlAABgpcp8Qjw584.jpg-wh_500x0-wm_3 -wmp_4-s_2561247925.jpg "style=" Float:none; "title=" Qq20161107152901.jpg "alt=" Wkiom1gglxibothlaabgpcp8qjw584.jpg-wh_50 "/>

3) Create User role

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggLoDzMxLwAAA-AnXKOBw939.jpg-wh_500x0-wm_3 -wmp_4-s_1376863146.jpg "title=" qq20161107153109.jpg "alt=" Wkiol1gglodzmxlwaaa-anxkobw939.jpg-wh_50 "/>

4) Add the user role to the demo project and the role

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/E1/wKiom1ggLvDgUogVAAAaNMogo84460.jpg-wh_500x0-wm_3 -wmp_4-s_270913591.jpg "title=" qq20161107153547.jpg "alt=" Wkiom1gglvdguogvaaaanmogo84460.jpg-wh_50 "/>

16. Turn off the temporary authentication token mechanism

1) Edit the/etc/keystone/keystone-paste.ini as shown below

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DE/wKioL1ggMWniG4PcAAF4oF_aJhE094.jpg-wh_500x0-wm_3 -wmp_4-s_2661293203.jpg "title=" qq20161107154556.jpg "alt=" Wkiol1ggmwnig4pcaaf4of_ajhe094.jpg-wh_50 "/>

2) Reset the Os_token and OS_URL environment variables:

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggMdGxhSKyAAAXohRQrEs058.jpg-wh_500x0-wm_3 -wmp_4-s_2087702738.jpg "title=" qq20161107154808.jpg "alt=" Wkiol1ggmdgxhskyaaaxohrqres058.jpg-wh_50 "/>

3) Request authentication token with Admin user (this password is 13 step two password)

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/E1/wKiom1ggMoTS_tHTAADn5T7_CCY381.jpg-wh_500x0-wm_3 -wmp_4-s_156902505.jpg "title=" qq20161107155107.jpg "alt=" Wkiom1ggmots_thtaadn5t7_ccy381.jpg-wh_50 "/>

4) Request authentication token with demo user (this password is 15 step two password)

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E1/wKiom1ggM8aiotCrAADV9dlvr4Q654.jpg-wh_500x0-wm_3 -wmp_4-s_811092035.jpg "title=" qq20161107155451.jpg "alt=" Wkiom1ggm8aiotcraadv9dlvr4q654.jpg-wh_50 "/>

17. Creating scripts and validating scripts

1) Create ADMIN-OPENRC

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKioL1ggNPWRuJBTAABNLzfE5JU750.jpg-wh_500x0-wm_3 -wmp_4-s_2922119828.jpg "title=" qq20161107160123.jpg "alt=" Wkiol1ggnpwrujbtaabnlzfe5ju750.jpg-wh_50 "/>

2) Create DEMO-OPENRC

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/E1/wKiom1ggNYfBwhxUAABM95jcWl4150.jpg-wh_500x0-wm_3 -wmp_4-s_2740514724.jpg "title=" qq20161107160332.jpg "alt=" Wkiom1ggnyfbwhxuaabm95jcwl4150.jpg-wh_50 "/>

3) Load the ADMIN-OPENRC environment variable and admin project and certificate and request authentication token

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggNmKDRiTxAAC2xBPFmOc865.jpg-wh_500x0-wm_3 -wmp_4-s_3168365602.jpg "style=" Float:none; "title=" Qq20161107160637.jpg "alt=" Wkiol1ggnmkdritxaac2xbpfmoc865.jpg-wh_50 "/>

18, you may encounter problems, I intentionally password input errors here, there will be 401 errors, when encountering 401 errors, you can check the user name password is matched

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggNmLCwyL8AABcDRVXnlM845.jpg-wh_500x0-wm_3 -wmp_4-s_4029371911.jpg "style=" Float:none; "title=" Qq20161107160728.jpg "alt=" Wkiol1ggnmlcwyl8aabcdrvxnlm845.jpg-wh_50 "/>

This section refers to http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/ Keystone.html, it is also important to note that this section is written in the controller node, does not involve other hosts, the next section will install the Image Service deployment configuration



This article is from the "Zhong blog" blog, make sure to keep this source http://capfzgs.blog.51cto.com/7729146/1870272

Openstack-mitaka Authentication Service Management installation configuration deployment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.