OpenStack、keystone组件

2025-04-17 技术教程

一、部署OpenStack

1、环境

OS：CentOS6.5 X86_64

各节点时间同步、能基于主机名通信，清空iptables，关闭SElinux，禁用WorkManager服务

各节点的主机/etc/hosts文件配置:

cat/etc/hosts127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.168.10.1Node1node1controllerwww.node1.com192.168.10.2Node2node2computewww.node2.com192.168.10.3Node3node3networkwww.node3.com192.168.10.4Node4node4www.node4.com

2、配置Controller Node（Node1）的网络

1）所有192.168.10.0段的数据包的源地址改成172.16.11.210

[root@Node1~]#iptables-tnat-APOSTROUTING-s192.168.10.0/24-jSNAT--to-source172.16.11.210[root@Node1~]#serviceiptablessave

2）打开内核的路由（网卡间转发）功能

要实现nat，要将文件/proc/sys/net/ipv4/ip_forward内的值改为1，（默认是0）

[root@Node1~]#vi/etc/sysctl.conf[root@Node1~]#sysctl-pnet.ipv4.ip_forward=1net.ipv4.conf.default.rp_filter=1net.ipv4.conf.default.accept_source_route=0kernel.sysrq=0kernel.core_uses_pid=1net.ipv4.tcp_syncookies=1error:"net.bridge.bridge-nf-call-ip6tables"isanunknownkeyerror:"net.bridge.bridge-nf-call-iptables"isanunknownkeyerror:"net.bridge.bridge-nf-call-arptables"isanunknownkeykernel.msgmnb=65536kernel.msgmax=65536kernel.shmmax=68719476736kernel.shmall=4294967296

3）配置yum源

[root@Node1yum.repos.d]#catCentOS-OpenStack-icehouse.repo#CentOS-OpenStack-icehouse.repo#[centos-openstack-icehouse]name=CentOS-$releasever-OpenStackicehousebaseurl=https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/#为什么现在这个博客很容易吞链接啊，一没注意链接就发不出来gpgcheck=0enabled=1

二、Identity（Keystone）组件

1、Identity主要有两个功能

用户管理：认证和授权

认证方式有两种：

token：持有授权字符串

帐号和密码：

服务目录：所有可用服务的信息库，包含其API endpoint（访问端口）路径

2、常用术语

user：一个user可以关联至多个tenant（租户）

Tenant：租户，一个tenant对应一个project，或一个组织

Role：角色

Token：令牌

Service：服务

Endpoint：服务的访问入口

3、在Controller Node上安装keystone组件

[root@Node1~]#yuminstallopenstack-keystonepython-keystoneclient[root@Node1~]#yuminstallopenstack-utils[root@Node1yum.repos.d]#rpm-qlopenstack-utils/usr/bin/openstack-config/usr/bin/openstack-db/usr/bin/openstack-service/usr/bin/openstack-status/usr/share/doc/openstack-utils-2014.1

4、安装数据库，授权keystone能够远程连入mysqld，并初始化数据库

1）安装OpenStack优化的Mariabd数据库并初始化

[root@Node1~]#yuminstallmariadb-galera-server-y

修改配置文件/etc/keystone/keystone.conf配置文件:

定义客户端如何连接到keystone服务器

默认配置：

#connection=mysql://keystone:keystone@localhost/keystone

mysql协议用户名密码主机数据库

授权keystone连接mysqld:

mysql>CREATEDATABASEkeystone;mysql>GRANTALLONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'keystone';QueryOK,0rowsaffected(0.00sec)mysql>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'KEYSTONE_DBPASS';mysql>FLUSHPRIVILEGES;QueryOK,0rowsaffected(0.00sec)

keystone-manage初始化数据库：

[root@Node1~]#keystone-manage--helpusage:keystone-manage[db_sync|db_version|pki_setup|ssl_setup|token_flush]optionalarguments:-h,--helpshowthishelpmessageandexit--config-dirDIRPathtoaconfigdirectorytopull*.conffilesfrom.Thisfilesetissorted,soastoprovideapredictableparseorderifindividualoptionsareover-ridden.Thesetisparsedafterthefile(s)specifiedviaprevious--config-file,argumentshenceover-riddenoptionsinthedirectorytakeprecedence.--config-filePATHPathtoaconfigfiletouse.Multipleconfigfilescanbespecified,withvaluesinlaterfilestakingprecedence.Thedefaultfilesusedare:None--debug,-dPrintdebuggingoutput(setloggingleveltoDEBUGinsteadofdefaultWARNINGlevel).--log-config-appendPATH,--log_configPATHThenameofloggingconfigurationfile.Itdoesnotdisableexistingloggers,butjustappendsspecifiedloggingconfigurationtoanyotherexistingloggingoptions.PleaseseethePythonloggingmoduledocumentationfordetailsonloggingconfigurationfiles.--log-date-formatDATE_FORMATFormatstringfor%(asctime)sinlogrecords.Default:None--log-dirLOG_DIR,--logdirLOG_DIR(Optional)Thebasedirectoryusedforrelative--log-filepaths--log-filePATH,--logfilePATH(Optional)Nameoflogfiletooutputto.Ifnodefaultisset,loggingwillgotostdout.--log-formatFORMATDEPRECATED.Alogging.Formatterlogmessageformatstringwhichmayuseanyoftheavailablelogging.LogRecordattributes.Thisoptionisdeprecated.Pleaseuselogging_context_format_stringandlogging_default_format_stringinstead.--nodebugTheinverseof--debug--nostandard-threadsTheinverseof--standard-threads--nouse-syslogTheinverseof--use-syslog--nouse-syslog-rfc-formatTheinverseof--use-syslog-rfc-format--noverboseTheinverseof--verbose--pydev-debug-hostPYDEV_DEBUG_HOSTHosttoconnecttoforremotedebugger.--pydev-debug-portPYDEV_DEBUG_PORTPorttoconnecttoforremotedebugger.--standard-threadsDonotmonkey-patchthreadingsystemmodules.--syslog-log-facilitySYSLOG_LOG_FACILITYSyslogfacilitytoreceiveloglines--use-syslogUsesyslogforlogging.ExistingsyslogformatisDEPRECATEDduringI,andthenwillbechangedinJtohonorRFC5424--use-syslog-rfc-format(Optional)Usesyslogrfc5424formatforlogging.Ifenabled,willaddAPP-NAME(RFC5424)beforetheMSGpartofthesyslogmessage.TheoldformatwithoutAPP-NAMEisdeprecatedinI,andwillberemovedinJ.--verbose,-vPrintmoreverboseoutput(setloggingleveltoINFOinsteadofdefaultWARNINGlevel).--versionshowprogram'sversionnumberandexitCommands:{token_flush,db_version,pki_setup,ssl_setup,db_sync}Availablecommandsdb_syncSyncthedatabase.db_versionPrintthecurrentmigrationversionofthedatabase.pki_setupSetupKeypairsandcertificatesfortokensigningandverification.ssl_setupCreatekeypairsandcertificatesforHTTPSconnections.token_flushFlushexpiredtokensfromthebackend.

#su-s/bin/sh-c"keystone-managedb_sync"keystonemysql>usekeystoneReadingtableinformationforcompletionoftableandcolumnnamesYoucanturnoffthisfeaturetogetaquickerstartupwith-ADatabasechangedmysql>showtables;+-----------------------+|Tables_in_keystone|+-----------------------+|assignment||credential||domain||endpoint||group||migrate_version||policy||project||region||role||service||token||trust||trust_role||user||user_group_membership|+-----------------------+16rowsinset(0.00sec)

2）编辑/etc/keystone/keystone.conf配置文件

设置token：

[root@Node1~]#ADMIN_TOKEN=$(opensslrand-hex10)#随机设置几个字符串也是可以的[root@Node1~]#echo$ADMIN_TOKEN8dc775e8139f48a8de39[root@Node1~]#echo$ADMIN_TOKEN>admin_token.rc#保存起来，以便以后用到[root@Node1~]#vi/etc/keystone/keystone.conf#admin_token=ADMIN#找到这行，并复制admin_token=8dc775e8139f48a8de39#用字符串代替ADMIN

设置本地PKI:

[root@Node1~]#keystone-managepki_setup--keystone-userkeystone--keystone-groupkeystone[root@Node1~]#chown-Rkeystone:keystone/etc/keystone/ssl[root@Node1~]#chmod-Ro-rwx/etc/keystone/ssl

启动keystone：

[root@Node1~]#serviceopenstack-keystonestartStartingkeystone:[OK][root@Node1~]#chkconfigopenstack-keystoneon

设置环境变量:

[root@Node1~]#exportOS_SERVICE_TOKEN=$ADMIN_TOKEN#方便客户端使用[root@Node1~]#exportOS_SERVICE_ENDPOINT=http://192.168.10.1:35357/v2.0

5、keystone客户端使用

1）创建用户，角色，租户

[root@Node1~]#keystone--help/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)usage:keystone[--version][--timeout<seconds>][--os-username<auth-user-name>][--os-password<auth-password>][--os-tenant-name<auth-tenant-name>][--os-tenant-id<tenant-id>][--os-auth-url<auth-url>][--os-region-name<region-name>][--os-identity-api-version<identity-api-version>][--os-token<service-token>][--os-endpoint<service-endpoint>][--os-cacert<ca-certificate>][--insecure][--os-cert<certificate>][--os-key<key>][--os-cache][--force-new-token][--stale-duration<seconds>]<subcommand>...Pendingdeprecation:Command-lineinterfacetotheOpenStackIdentityAPI.ThisCLIispendingdeprecationinfavorofpython-openstackclient.ForaPythonlibrary,continueusingpython-keystoneclient.Positionalarguments:<subcommand>catalogListservicecatalog,possiblyfilteredbyservice.ec2-credentials-createCreateEC2-compatiblecredentialsforuserpertenant.ec2-credentials-deleteDeleteEC2-compatiblecredentials.ec2-credentials-getDisplayEC2-compatiblecredentials.ec2-credentials-listListEC2-compatiblecredentialsforauser.endpoint-createCreateanewendpointassociatedwithaservice.endpoint-deleteDeleteaserviceendpoint.endpoint-getFindendpointfilteredbyaspecificattributeorservicetype.endpoint-listListconfiguredserviceendpoints.password-updateUpdateownpassword.role-createCreatenewrole.role-deleteDeleterole.role-getDisplayroledetails.role-listListallroles.service-createAddservicetoServiceCatalog.service-deleteDeleteservicefromServiceCatalog.service-getDisplayservicefromServiceCatalog.service-listListallservicesinServiceCatalog.tenant-createCreatenewtenant.tenant-deleteDeletetenant.tenant-getDisplaytenantdetails.tenant-listListalltenants.tenant-updateUpdatetenantname,description,enabledstatus.token-getDisplaythecurrentusertoken.user-createCreatenewuseruser-deleteDeleteuser.user-getDisplayuserdetails.user-listListusers.user-password-updateUpdateuserpassword.user-role-addAddroletouser.user-role-listListrolesgrantedtoauser.user-role-removeRemoverolefromuser.user-updateUpdateuser'sname,email,andenabledstatus.discoverDiscoverKeystoneservers,supportedAPIversionsandextensions.bootstrapGrantsanewroletoanewuseronanewtenant,aftercreatingeach.bash-completionPrintsallofthecommandsandoptionstostdout.helpDisplayhelpaboutthisprogramoroneofitssubcommands.Optionalarguments:--versionShowstheclientversionandexits.--timeout<seconds>Setrequesttimeout(inseconds).--os-username<auth-user-name>NameusedforauthenticationwiththeOpenStackIdentityservice.Defaultstoenv[OS_USERNAME].--os-password<auth-password>PasswordusedforauthenticationwiththeOpenStackIdentityservice.Defaultstoenv[OS_PASSWORD].--os-tenant-name<auth-tenant-name>Tenanttorequestauthorizationon.Defaultstoenv[OS_TENANT_NAME].--os-tenant-id<tenant-id>Tenanttorequestauthorizationon.Defaultstoenv[OS_TENANT_ID].--os-auth-url<auth-url>SpecifytheIdentityendpointtouseforauthentication.Defaultstoenv[OS_AUTH_URL].--os-region-name<region-name>Specifytheregiontouse.Defaultstoenv[OS_REGION_NAME].--os-identity-api-version<identity-api-version>SpecifyIdentityAPIversiontouse.Defaultstoenv[OS_IDENTITY_API_VERSION]or2.0.--os-token<service-token>Specifyanexistingtokentouseinsteadofretrievingoneviaauthentication(e.g.withusername&password).Defaultstoenv[OS_SERVICE_TOKEN].--os-endpoint<service-endpoint>Specifyanendpointtouseinsteadofretrievingonefromtheservicecatalog(viaauthentication).Defaultstoenv[OS_SERVICE_ENDPOINT].--os-cacert<ca-certificate>SpecifyaCAbundlefiletouseinverifyingaTLS(https)servercertificate.Defaultstoenv[OS_CACERT].--insecureExplicitlyallowkeystoneclienttoperform"insecure"TLS(https)requests.Theserver'scertificatewillnotbeverifiedagainstanycertificateauthorities.Thisoptionshouldbeusedwithcaution.--os-cert<certificate>Defaultstoenv[OS_CERT].--os-key<key>Defaultstoenv[OS_KEY].--os-cacheUsetheauthtokencache.Defaultstoenv[OS_CACHE].--force-new-tokenIfthekeyringisavailableandinuse,tokenwillalwaysbestoredandfetchedfromthekeyringuntilthetokenhasexpired.Usethisoptiontorequestanewtokenandreplacetheexistingoneinthekeyring.--stale-duration<seconds>Staleduration(inseconds)usedtodeterminewhetheratokenhasexpiredwhenretrievingitfromkeyring.Thisisusefulinmitigatingprocessornetworkdelays.Defaultis30seconds.See"keystonehelpCOMMAND"forhelponaspecificcommand.

[root@Node1~]#keystonehelpuser-create/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)usage:keystoneuser-create--name<user-name>[--tenant<tenant>][--pass[<pass>]][--email<email>][--enabled<true|false>]CreatenewuserArguments:--name<user-name>Newusername(mustbeunique).--tenant<tenant>,--tenant-id<tenant>Newuserdefaulttenant.--pass[<pass>]Newuserpassword;requiredforsomeauthbackends.--email<email>Newuseremailaddress.--enabled<true|false>Initialuserenabledstatus.Defaultistrue.[root@Node1~]#keystoneuser-create--name=admin--pass=admin#创建用户和密码/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)#这个警告信息是gmp包要5以上的版本+----------+----------------------------------+|Property|Value|+----------+----------------------------------+|email|||enabled|True||id|2156077a9bc644d597f07719fc67ea56||name|admin||username|admin|+----------+----------------------------------+[root@Node1~]#keystoneuser-list/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+-------+---------+-------+|id|name|enabled|email|+----------------------------------+-------+---------+-------+|2156077a9bc644d597f07719fc67ea56|admin|True||+----------------------------------+-------+---------+-------+[root@Node1~]#keystonerole-create--name=admin#创建角色/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------+----------------------------------+|Property|Value|+----------+----------------------------------+|id|908cde894759423780e5787e4e50d7fb||name|admin|+----------+----------------------------------+[root@Node1~]#keystonerole-list/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+----------+|id|name|+----------------------------------+----------+|9fe2ff9ee4384b1894a90878d3e92bab|_member_|#默认的角色|908cde894759423780e5787e4e50d7fb|admin|+----------------------------------+----------+[root@Node1~]#keystonetenant-create--name=admin--description="AdminTenant"#创建租户/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+-------------+----------------------------------+|Property|Value|+-------------+----------------------------------+|description|AdminTenant||enabled|True||id|63607fac42c94ecbb2490eb01b357586||name|admin|+-------------+----------------------------------+[root@Node1~]#keystoneuser-role-add--useradmin--roleadmin--tenantadmin#将用户admin添加到admin角色和admin租户[root@Node1~]#keystoneuser-role-add--useradmin--role_member_--tenantadmin#添加到默认的角色[root@Node1~]#keystoneuser-role-list--useradmin--tenantadmin/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+----------+----------------------------------+----------------------------------+|id|name|user_id|tenant_id|+----------------------------------+----------+----------------------------------+----------------------------------+|9fe2ff9ee4384b1894a90878d3e92bab|_member_|2156077a9bc644d597f07719fc67ea56|63607fac42c94ecbb2490eb01b357586||908cde894759423780e5787e4e50d7fb|admin|2156077a9bc644d597f07719fc67ea56|63607fac42c94ecbb2490eb01b357586|+----------------------------------+----------+----------------------------------+----------------------------------+

创建一个普通用户：

[root@Node1~]#keystoneuser-create--namedemo--passdemo/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------+----------------------------------+|Property|Value|+----------+----------------------------------+|email|||enabled|True||id|a3ebced215de4892b9370b4d37eaf9bd||name|demo||username|demo|+----------+----------------------------------+[root@Node1~]#keystonetenant-create--namedemo/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+-------------+----------------------------------+|Property|Value|+-------------+----------------------------------+|description|||enabled|True||id|0804069a7a454a9a86d4105dd40bed17||name|demo|+-------------+----------------------------------+[root@Node1~]#keystoneuser-role-add--userdemo--role_member_--tenantdemo[root@Node1~]#keystoneuser-role-list--tenant=demo--user=demo/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+----------+----------------------------------+----------------------------------+|id|name|user_id|tenant_id|+----------------------------------+----------+----------------------------------+----------------------------------+|9fe2ff9ee4384b1894a90878d3e92bab|_member_|a3ebced215de4892b9370b4d37eaf9bd|0804069a7a454a9a86d4105dd40bed17|+----------------------------------+----------+----------------------------------+----------------------------------+

设置一个服务租户：

[root@Node1~]#keystonetenant-create--name=service/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+-------------+----------------------------------+|Property|Value|+-------------+----------------------------------+|description|||enabled|True||id|c536e6faa30b4b3f998e14af70f4f7c2||name|service|+-------------+----------------------------------+

2）创建服务和服务端点（endpoint)

[root@Node1~]#keystonehelpservice-create/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)usage:keystoneservice-create--name<name>--type<type>[--description<service-description>]AddservicetoServiceCatalog.Arguments:--name<name>Nameofnewservice(mustbeunique).--type<type>Servicetype(oneof:identity,compute,network,p_w_picpath,object-store,orotherserviceidentifierstring).--description<service-description>Descriptionofservice.[root@Node1~]#keystoneservice-create--name=keystone--type=identity--description="OpenStackIdentity"/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+-------------+----------------------------------+|Property|Value|+-------------+----------------------------------+|description|OpenStackIdentity||enabled|True||id|16929dabe6db4044af364ab96867b8b4||name|keystone||type|identity|+-------------+----------------------------------+[root@Node1~]#keystoneservice-list/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+----------+----------+--------------------+|id|name|type|description|+----------------------------------+----------+----------+--------------------+|16929dabe6db4044af364ab96867b8b4|keystone|identity|OpenStackIdentity|+----------------------------------+----------+----------+--------------------+

[root@Node1~]#keystoneendpoint-create\--service-id=$(keystoneservice-list|awk'/identity/{print$2}')\--publicurl=http://controller:5000/v2.0\#普通用户访问端口--internalurl=http://controller:5000/v2.0\--adminurl=http://controller:35357/v2.0#管理用户访问端口/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+-------------+----------------------------------+|Property|Value|+-------------+----------------------------------+|adminurl|http://192.168.10.1:35357/v2.0||id|c10e8a817882456497c6acdb3e94e06b||internalurl|http://192.168.10.1:5000/v2.0||publicurl|http://192.168.10.1:5000/v2.0||region|regionOne||service_id|16929dabe6db4044af364ab96867b8b4|+-------------+----------------------------------+[root@Node1~]#

使用用户认证：

[root@Node1~]#unsetOS_SERVICE_TOKENOS_SERVICE_ENDPOINT[root@Node1~]#keystone--os-username=admin--os-password=admin--os-auth-url=http://192.168.10.1:35357/v2.0token-get#这条命令能执行成功说明认证成功[root@Node1~]#vi.admin-openrc.sh[root@Node1~]#cat.admin-openrc.shexportOS_USERNAME=adminexportOS_PASSWORD=adminexportOS_TENANT_NAME=adminexportOS_AUTH_URL=http://192.168.10.1:35357/v2.0[root@Node1~]#..admin-openrc.sh[root@Node1~]#keystoneuser-list/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning:Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability._warn("Notusingmpz_powm_sec.Youshouldrebuildusinglibgmp>=5toavoidtimingattackvulnerability.",PowmInsecureWarning)+----------------------------------+-------+---------+-------+|id|name|enabled|email|+----------------------------------+-------+---------+-------+|2156077a9bc644d597f07719fc67ea56|admin|True|||a3ebced215de4892b9370b4d37eaf9bd|demo|True||+----------------------------------+-------+---------+-------+

声明：本站所有文章资源内容，如无特殊说明或标注，均为采集网络资源。如若本站内容侵犯了原著者的合法权益，可联系本站删除。