https://github.com/openstack/keystone
最新版为rocky
1. 进入mysql
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'mhc.123';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'mhc.123';
grant all privileges on keystone.* to 'keystone'@'mysql所在主机ip或名' identified by 'mhc.123';
2. 生成随机token
# openssl rand -hex 10
4ef3736eec4c79501690
3.
# yum install python-pip httpd mod_wsgi
# git clone https://github.com/openstack/keystone.git
# git checkout -b rocky remotes/origin/stable/rocky
# yum install python-devel openssl-devel -y
# pip install PyMySQL
# pip install -r requirements.txt
# python setup.py install
配置文件 https://docs.openstack.org/keystone/latest/configuration/samples/keystone-conf.html
放到/etc/keystone/keystone.conf
修改后: https://github.com/mhcvs2/docker/blob/master/openstack/keystone/keystone.conf
4. 同步数据库
# keystone-manage db_sync
5. 配置apache2
/etc/httpd/conf.d/wsgi-keystone.conf
https://github.com/mhcvs2/docker/blob/master/openstack/keystone/wsgi-keystone.conf
# useradd keystone
# chown -R keystone:keystone /etc/keystone
# mkdir /var/log/apache2/
# vim /etc/selinux/config
SELINUX=disable
# setenforce 0
# systemctl start httpd.service
# systemctl enable httpd.service
6. # pip install python-openstackclient
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
7. 创建keystone的service entity
# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | eb98e1799e7c481ca1e359a522d97a7d |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
8. 创建keystone的api endpoint
# openstack endpoint create --region RegionOne identity public http://v460:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c06bfef610dd43118b6ed1ebda58e90d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb98e1799e7c481ca1e359a522d97a7d |
| service_name | keystone |
| service_type | identity |
| url | http://v460:5000/v2.0 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne identity internal http://v460:5000/v2.0
# openstack endpoint create --region RegionOne identity admin http://v460:35357/v2.0
-----------------------------------------------------
9. 创建一个默认的域“default”
# openstack domain create --description "Default Domain" default
10. 创建admin project
# openstack project create --domain default --description "Admin Project" admin
创建admin user
# openstack user create --domain default --password-prompt admin
创建admin role
# openstack role create admin
# openstack role add --project admin --user admin admin
# openstack project create --domain default --description "Service Project" service
# openstack project create --domain default --description "Demo Project" demo
# openstack user create --domain default --password-prompt demo
# openstack role create user
# openstack role add --project demo --user demo user
openstack --os-auth-url http://v460:35357/v3 --os-identity-api-version 3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
# openstack token issue