1. Log in to the database as root and create the database Keystone, authorize the database, and set the password to Keyston_dbpass
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKiom1ggESbRQYdeAADtnCor2YE053.jpg-wh_500x0-wm_3 -wmp_4-s_1867649922.jpg "title=" qq20161107131936.jpg "alt=" Wkiom1ggesbrqydeaadtncor2ye053.jpg-wh_50 "/>
2. The Keystone Authentication Service uses Apache HTTP servers with MOD_WSGI to service authentication service requests with ports 5000 and 35357. Therefore, the appropriate package needs to be installed on the controller node
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DF/wKiom1ggGdvTIOKKAAQRaBtEKWw059.jpg-wh_500x0-wm_3 -wmp_4-s_3668170905.jpg "title=" qq20161107140038.jpg "alt=" Wkiom1gggdvtiokkaaqrabtekww059.jpg-wh_50 "/>
4. Generate random password tokens using commands
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHIDBpq82AAAY0j4hvRw302.jpg-wh_500x0-wm_3 -wmp_4-s_2890050312.jpg "title=" qq20161107141708.jpg "alt=" Wkiom1gghidbpq82aaay0j4hvrw302.jpg-wh_50 "/>
3. Edit/etc/keystone/keystone.conf
1) Define the value of the initial management token in [DEFAULT]:
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggHSLweEzGAACWhlJTszc619.jpg-wh_500x0-wm_3 -wmp_4-s_1649162631.jpg "title=" qq20161107141951.jpg "alt=" Wkiol1gghslweezgaacwhljtszc619.jpg-wh_50 "/>
2) in the [Database] section, configure database access:
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/89/DF/wKiom1ggHeTh4u2RAADdusYFw1c445.jpg-wh_500x0-wm_3 -wmp_4-s_2798653677.jpg "title=" qq20161107142306.jpg "alt=" Wkiom1ggheth4u2raaddusyfw1c445.jpg-wh_50 "/>
3) in the [token] section, configure the provider of the Fernet UUID token.
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DF/wKiom1ggHy6wHaLkAAHeERPmAmM847.jpg-wh_500x0-wm_3 -wmp_4-s_384228913.jpg "title=" qq20161107142837.jpg "alt=" Wkiom1gghy6whalkaaheerpmamm847.jpg-wh_50 "/>
4. Initialize the authentication server database, where the output information is ignored
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/89/DC/wKioL1ggIIrQBnQaAAAbK34_ktk155.jpg-wh_500x0-wm_3 -wmp_4-s_1266010289.jpg "title=" qq20161107143426.jpg "alt=" Wkiol1ggiirqbnqaaaabk34_ktk155.jpg-wh_50 "/>
5. Initialize Fernet keys:
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/DC/wKioL1ggIW-Q6xrtAAAjVG9O4iQ567.jpg-wh_500x0-wm_3 -wmp_4-s_3020029853.jpg "title=" qq20161107143702.jpg "alt=" Wkiol1ggiw-q6xrtaaajvg9o4iq567.jpg-wh_50 "/>
6, configure the Apache server, edit the/etc/httpd/conf/httpd.conf file, change the configuration servername hostname to controller (approximately 95 lines in the file)
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DF/wKiom1ggIr2zxocqAAIJ2Zy8-Xg405.jpg-wh_500x0-wm_3 -wmp_4-s_2506954752.jpg "title=" qq20161107144329.jpg "alt=" Wkiom1ggir2zxocqaaij2zy8-xg405.jpg-wh_50 "/>
7. Create and edit/etc/httpd/conf.d/wsgi-keystone.conf
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/89/DC/wKioL1ggJgSDUaBzAAERcFo7c4M248.jpg-wh_500x0-wm_3 -wmp_4-s_2961990539.jpg "title=" qq20161107145746.jpg "alt=" Wkiol1ggjgsduabzaaercfo7c4m248.jpg-wh_50 "/>
8. Start the Apache service and set it to boot from start
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/E0/wKiom1ggJoLTFd2YAAA9nbLo2OQ950.jpg-wh_500x0-wm_3 -wmp_4-s_2685509277.jpg "title=" qq20161107145953.jpg "alt=" Wkiom1ggjoltfd2yaaa9nblo2oq950.jpg-wh_50 "/>
9. Configure authentication token, endpoint URL, authentication API version
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/DD/wKioL1ggKTSjRNjrAAA01-Y0Jl8145.jpg-wh_500x0-wm_3 -wmp_4-s_984790134.jpg "title=" qq20161107151015.jpg "alt=" Wkiol1ggktsjrnjraaa01-y0jl8145.jpg-wh_50 "/>
10. Create service entities and identity authentication services:
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/89/E0/wKiom1ggKbLigiqCAABcmqhXaOQ508.jpg-wh_500x0-wm_3 -wmp_4-s_4188922720.jpg "title=" qq20161107151327.jpg "alt=" Wkiom1ggkbligiqcaabcmqhxaoq508.jpg-wh_50 "/>
11. Create an API endpoint for the authentication service:
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/DD/wKioL1ggKj7ywGcAAAF65-zoeGQ709.jpg-wh_500x0-wm_3 -wmp_4-s_3225815042.jpg "title=" qq20161107151522.jpg "alt=" Wkiol1ggkj7ywgcaaaf65-zoegq709.jpg-wh_50 "/>
12. Create domain Default
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/DD/wKioL1ggKrzTS54BAABLbpd1Ngc569.jpg-wh_500x0-wm_3 -wmp_4-s_436256186.jpg "title=" qq20161107151753.jpg "alt=" Wkiol1ggkrzts54baablbpd1ngc569.jpg-wh_50 "/>
13. Create managed projects, users, and roles
1) Create admin project
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E0/wKiom1ggK0Hwgy81AAB3lbZQrjo882.jpg-wh_500x0-wm_3 -wmp_4-s_785943360.jpg "title=" qq20161107152011.jpg "alt=" Wkiom1ggk0hwgy81aab3lbzqrjo882.jpg-wh_50 "/>
2) Create Admin user
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggK6ajLzTFAABimZ-xal0456.jpg-wh_500x0-wm_3 -wmp_4-s_388204519.jpg "title=" qq20161107152138.jpg "alt=" Wkiol1ggk6ajlztfaabimz-xal0456.jpg-wh_50 "/>
3) Create Admin role
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/DE/wKioL1ggK-SA3J-KAABEsF93RNE653.jpg-wh_500x0-wm_3 -wmp_4-s_2871161930.jpg "title=" qq20161107152240.jpg "alt=" Wkiol1ggk-sa3j-kaabesf93rne653.jpg-wh_50 "/>
4) Add Admin user to admin project and user
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/89/DE/wKioL1ggLFGQTkBqAAAbzEa6Ek4510.jpg-wh_500x0-wm_3 -wmp_4-s_530318588.jpg "title=" qq20161107152443.jpg "alt=" Wkiol1gglfgqtkbqaaabzea6ek4510.jpg-wh_50 "/>
14. Create a service project
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLLuDG0BVAAB2HsOjv8M857.jpg-wh_500x0-wm_3 -wmp_4-s_2016460308.jpg "title=" qq20161107152624.jpg "alt=" Wkiol1gglludg0bvaab2hsojv8m857.jpg-wh_50 "/>
15. Create demo project and user
1) Create demo project
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/DE/wKioL1ggLXeD33lCAABwBNzzW_0506.jpg-wh_500x0-wm_3 -wmp_4-s_515561184.jpg "style=" Float:none; "title=" qq20161107152847.jpg "alt=" wkiol1gglxed33lcaabwbnzzw_0506. Jpg-wh_50 "/>
2) Create demo user
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/E1/wKiom1ggLXiBoTHlAABgpcp8Qjw584.jpg-wh_500x0-wm_3 -wmp_4-s_2561247925.jpg "style=" Float:none; "title=" Qq20161107152901.jpg "alt=" Wkiom1gglxibothlaabgpcp8qjw584.jpg-wh_50 "/>
3) Create User role
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggLoDzMxLwAAA-AnXKOBw939.jpg-wh_500x0-wm_3 -wmp_4-s_1376863146.jpg "title=" qq20161107153109.jpg "alt=" Wkiol1gglodzmxlwaaa-anxkobw939.jpg-wh_50 "/>
4) Add the user role to the demo project and the role
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/89/E1/wKiom1ggLvDgUogVAAAaNMogo84460.jpg-wh_500x0-wm_3 -wmp_4-s_270913591.jpg "title=" qq20161107153547.jpg "alt=" Wkiom1gglvdguogvaaaanmogo84460.jpg-wh_50 "/>
16. Turn off the temporary authentication token mechanism
1) Edit the/etc/keystone/keystone-paste.ini as shown below
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/DE/wKioL1ggMWniG4PcAAF4oF_aJhE094.jpg-wh_500x0-wm_3 -wmp_4-s_2661293203.jpg "title=" qq20161107154556.jpg "alt=" Wkiol1ggmwnig4pcaaf4of_ajhe094.jpg-wh_50 "/>
2) Reset the Os_token and OS_URL environment variables:
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggMdGxhSKyAAAXohRQrEs058.jpg-wh_500x0-wm_3 -wmp_4-s_2087702738.jpg "title=" qq20161107154808.jpg "alt=" Wkiol1ggmdgxhskyaaaxohrqres058.jpg-wh_50 "/>
3) Request authentication token with Admin user (this password is 13 step two password)
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/E1/wKiom1ggMoTS_tHTAADn5T7_CCY381.jpg-wh_500x0-wm_3 -wmp_4-s_156902505.jpg "title=" qq20161107155107.jpg "alt=" Wkiom1ggmots_thtaadn5t7_ccy381.jpg-wh_50 "/>
4) Request authentication token with demo user (this password is 15 step two password)
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/E1/wKiom1ggM8aiotCrAADV9dlvr4Q654.jpg-wh_500x0-wm_3 -wmp_4-s_811092035.jpg "title=" qq20161107155451.jpg "alt=" Wkiom1ggm8aiotcraadv9dlvr4q654.jpg-wh_50 "/>
17. Creating scripts and validating scripts
1) Create ADMIN-OPENRC
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/DE/wKioL1ggNPWRuJBTAABNLzfE5JU750.jpg-wh_500x0-wm_3 -wmp_4-s_2922119828.jpg "title=" qq20161107160123.jpg "alt=" Wkiol1ggnpwrujbtaabnlzfe5ju750.jpg-wh_50 "/>
2) Create DEMO-OPENRC
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/89/E1/wKiom1ggNYfBwhxUAABM95jcWl4150.jpg-wh_500x0-wm_3 -wmp_4-s_2740514724.jpg "title=" qq20161107160332.jpg "alt=" Wkiom1ggnyfbwhxuaabm95jcwl4150.jpg-wh_50 "/>
3) Load the ADMIN-OPENRC environment variable and admin project and certificate and request authentication token
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/89/DE/wKioL1ggNmKDRiTxAAC2xBPFmOc865.jpg-wh_500x0-wm_3 -wmp_4-s_3168365602.jpg "style=" Float:none; "title=" Qq20161107160637.jpg "alt=" Wkiol1ggnmkdritxaac2xbpfmoc865.jpg-wh_50 "/>
18, you may encounter problems, I intentionally password input errors here, there will be 401 errors, when encountering 401 errors, you can check the user name password is matched
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/89/DE/wKioL1ggNmLCwyL8AABcDRVXnlM845.jpg-wh_500x0-wm_3 -wmp_4-s_4029371911.jpg "style=" Float:none; "title=" Qq20161107160728.jpg "alt=" Wkiol1ggnmlcwyl8aabcdrvxnlm845.jpg-wh_50 "/>
This section refers to http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/ Keystone.html, it is also important to note that this section is written in the controller node, does not involve other hosts, the next section will install the Image Service deployment configuration
This article is from the "Zhong blog" blog, make sure to keep this source http://capfzgs.blog.51cto.com/7729146/1870272
Openstack-mitaka Authentication Service Management installation configuration deployment