欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

OpenStack手動分布式部署Keystone(Queens版)

 更新時間:2023年03月29日 15:08:43   作者:小強在學習的路上  
這篇文章主要介紹了OpenStack手動分布式部署Keystone(Queens版),Keystone是OpenStack框架中負責管理身份驗證服務訪問規(guī)則和服務令牌功能的組件,需要的朋友可以參考下

Keystone簡介

Keystone(OpenStack Identity Service)是 OpenStack 框架中負責管理身份驗證、服務訪問規(guī)則和服務令牌功能的組件。用戶訪問資源需要驗證用戶的身份與權(quán)限,服務執(zhí)行操作也需要進行權(quán)限檢測,這些都需要通過 Keystone 來處理。Keystone 類似一個服務總線, 或者說是整個 Openstack 框架的注冊表,OpenStack 服務通過 Keystone 來注冊其 Endpoint(服務訪問的URL),任何服務之間的相互調(diào)用,都需要先經(jīng)過 Keystone 的身份驗證,獲得目標服務的 Endpoint ,然后再調(diào)用。

Keystone 的主要功能如下:

  • 管理用戶及其權(quán)限;
  • 維護 OpenStack 服務的 Endpoint;
  • Authentication(認證)和 Authorization(鑒權(quán))。

用戶認證介紹
在用戶認證中,有以下名詞:

1、User(用戶)

  • 在Openstack中,使用一個數(shù)字來代表使用Openstack的人、系統(tǒng)或者是一個服務,Openstack會對用戶的請求進行驗證。在Openstack中,一個租戶可以有多個用戶、一個用戶也可以有多個租戶,用戶對租戶的操作權(quán)限由用戶在租戶中承擔的角色來確定。

2、Project(項目)

  • Project是Openstack中一些可被訪問的資源或者是資源組,本質(zhì)上是一個容器,可以起到隔離的作用,或者用于標識對象。

3、Token(令牌)

  • Openstack中的用戶用來進行身份驗證的憑證。

4、Role(角色)

  • 在Openstack中,Role代表一組權(quán)限,并且總是和用戶所綁定,用于聲明用戶可以訪問的資源。

服務目錄介紹
在服務目錄中,有以下名詞:

1、Service(服務)

  • Service就是Openstack中的服務,比如Nova、Glance、Swift等等。

2、Endpoints(端點)

  • 一個Endpoints即一個服務所對外暴露的接口,如果我們要訪問一個服務,那么我們必須知道該服務的Endpoints。Endpoint的每個URL都對應一個服務實例訪問地址,并且具有public、private和admin三種權(quán)限。public url可以被公開訪問,private url可以被局域網(wǎng)內(nèi)的設備所訪問,而admin url則被從常規(guī)的訪問中分離。
  • Keystone(OpenStack Identity Service)是 OpenStack 框架中負責管理身份驗證、服務訪問規(guī)則和服務令牌功能的組件。
  • 下面我們進行Keystone的安裝部署

1、登錄數(shù)據(jù)庫配置(在controller執(zhí)行)

1.1登錄數(shù)據(jù)庫

[root@controller ~]# mysql -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.3.20-MariaDB MariaDB Server
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]>

  1.2數(shù)據(jù)庫里創(chuàng)建keystone

MariaDB [(none)]> CREATE DATABASE keystone;

  1.3授權(quán)對keystone數(shù)據(jù)庫的正確訪問

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';

  1.4退出數(shù)據(jù)庫

MariaDB [(none)]> quit;

2、數(shù)據(jù)庫導入Keystone表(在controller執(zhí)行)  

2.1安裝httpd mod_wsgi

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

##我在這里安裝openstack-keystone httpd mod_wsgi時報錯
解決辦法:執(zhí)行下面命令后重新安裝

yum install -y python2-qpid-proton-0.22.0-1.el7.x86_64

  2.2備份配置文件并且修改

[root@controller ~]# cp /etc/keystone/keystone.conf{,.bak}
[root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
#vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]

  2.3同步數(shù)據(jù)庫

su -s /bin/sh -c "keystone-manage db_sync" keystone

        進數(shù)據(jù)庫檢查一下看keystone是否有表了,如下說明同步完成

[root@controller ~]# mysql -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 25
Server version: 10.3.20-MariaDB MariaDB Server
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.001 sec)
 
MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Database changed
MariaDB [keystone]> show tables;
+------------------------------------+
| Tables_in_keystone                 |
+------------------------------------+
| access_rule                        |
| access_token                       |
| application_credential             |
| application_credential_access_rule |
| application_credential_role        |
| assignment                         |
| config_register                    |
| consumer                           |
| credential                         |
| endpoint                           |
| endpoint_group                     |
| federated_user                     |
| federation_protocol                |
| group                              |
| id_mapping                         |
| identity_provider                  |
| idp_remote_ids                     |
| implied_role                       |
| limit                              |
| local_user                         |
| mapping                            |
| migrate_version                    |
| nonlocal_user                      |
| password                           |
| policy                             |
| policy_association                 |
| project                            |
| project_endpoint                   |
| project_endpoint_group             |
| project_option                     |
| project_tag                        |
| region                             |
| registered_limit                   |
| request_token                      |
| revocation_event                   |
| role                               |
| role_option                        |
| sensitive_config                   |
| service                            |
| service_provider                   |
| system_assignment                  |
| token                              |
| trust                              |
| trust_role                         |
| user                               |
| user_group_membership              |
| user_option                        |
| whitelisted_config                 |
+------------------------------------+

  2.4數(shù)據(jù)庫初始化

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

  2.5引導Identity服務:

keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

3、配置http服務(在controller執(zhí)行)  

3.1編輯http配置文件

[root@controller ~]# vi /etc/httpd/conf/httpd.conf 
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName controller

  3.2生成軟鏈接

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

  3.3啟動httpd

systemctl enable httpd.service;systemctl start httpd.service

  3.4配置環(huán)境變量

vi /etc/keystone/admin-openrc.sh
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

4、創(chuàng)建域、用戶(在controller執(zhí)行)  

4.1創(chuàng)建域

openstack domain create --description "Domain" example

 4.2創(chuàng)建服務項目 

openstack project create --domain default   --description "Service Project" service

  4.3創(chuàng)建平臺demo項目 

openstack project create --domain default --description "Demo Project" demo

  4.4創(chuàng)建demo用戶 

openstack user create --domain default --password-prompt demo

 

  4.5創(chuàng)建用戶角色 

openstack role create user

 

   4.6添加用戶角色到demo項目和用戶 

openstack role add --project demo --user demo user

5、驗證操作(在controller執(zhí)行)  

5.1取消環(huán)境變量

unset OS_AUTH_URL OS_PASSWORD

  5.2admin用戶返回的認證token 

unset OS_AUTH_URL OS_PASSWORD
penstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default \
>   --os-project-name admin --os-username admin token issue

  5.3demo用戶返回的認證token 

openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name Default --os-user-domain-name Default \
>   --os-project-name demo --os-username demo token issue

  5.4創(chuàng)建openstack 客戶端環(huán)境腳本 

#創(chuàng)建admin-openrc腳本
 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
創(chuàng)建demo-openrc腳本
 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

  5.5使用腳本,返回認證token 

[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2023-02-08T16:49:18+0000                                                                                                                                                                |
| id         | gAAAAABj48R-5UKgioRRedEM1uDIImmqKdI00OnFYE2yy-7vzw8MpO2NZgpfbEvk90Sq4SqMN2aK4PRXT5TLExWMVbZacpJHHcr0gPLQ_B1cMj0TgDqHtZ9Tohngxh6ImnFZ7VA-sUu2n4oWZjSmFOySWgDCBdYJ8MJaIPCsxlnCf8riQFQiRQI |
| project_id | 4c7bdbb75b9e481db886549f7d2711be                                                                                                                                                        |
| user_id    | 41944ebcbb2541acbc31bfd591107fff                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

到這里keystone部署完成

到此這篇關于OpenStack手動分布式部署Keystone(Queens版)的文章就介紹到這了,更多相關OpenStack部署Keystone內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關文章希望大家以后多多支持腳本之家!

相關文章

最新評論