Openstack 實戰講解之-----------03-控制節點服務配置
設置時間同步:
對于openstack來說���,時間同步非常重要��,所以一定要保證所有服務的時間一直����,下面對世界做同步:
timedatectl list-timezones|grep Shanghai 查看時區
timedatectl set-timezone Asia/Shanghai 設置時區
timedatectl set-local-rtc yes 把 boolean 替換成yes則表示使用本地時間��,替換成no則表示是UTC時間
ntpdate time1.aliyun.com 同步時間
啟動數據庫服務
[root@linux-node1 ~]# systemctl enable mariadb.service 設置開機自啟動
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@linux-node1 ~]# systemctl start mariadb.service 啟動數據庫
[root@linux-node1 ~]# mysql_secure_installation 初始化并設置密碼
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
配置rabbitMQ消息隊列
[root@linux-node1 ~]# systemctl enable rabbitmq-server.service #設置開機啟動
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@linux-node1 ~]# systemctl start rabbitmq-server.service #啟動消息隊列
[root@linux-node1 ~]# rabbitmqctl add_user openstack openstack #給消息隊列增加openstack用戶和密碼
Creating user "openstack" ...
[root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #給openstack設置消息隊列的權限
Setting permissions for user "openstack" in vhost "/" ...
[root@linux-node1 ~]# rabbitmq-plugins list #查看消息隊列插件
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@linux-node1
|/
[ ] amqp_client 3.6.5
[ ] cowboy 1.0.3
[ ] cowlib 1.0.1
[ ] mochiweb 2.13.1
[ ] rabbitmq_amqp1_0 3.6.5
[ ] rabbitmq_auth_backend_ldap 3.6.5
[ ] rabbitmq_auth_mechanism_ssl 3.6.5
[ ] rabbitmq_consistent_hash_exchange 3.6.5
[ ] rabbitmq_event_exchange 3.6.5
[ ] rabbitmq_federation 3.6.5
[ ] rabbitmq_federation_management 3.6.5
[ ] rabbitmq_jms_topic_exchange 3.6.5
[ ] rabbitmq_management 3.6.5
[ ] rabbitmq_management_agent 3.6.5
[ ] rabbitmq_management_visualiser 3.6.5
[ ] rabbitmq_mqtt 3.6.5
[ ] rabbitmq_recent_history_exchange 1.2.1
[ ] rabbitmq_sharding 0.1.0
[ ] rabbitmq_shovel 3.6.5
[ ] rabbitmq_shovel_management 3.6.5
[ ] rabbitmq_stomp 3.6.5
[ ] rabbitmq_top 3.6.5
[ ] rabbitmq_tracing 3.6.5
[ ] rabbitmq_trust_store 3.6.5
[ ] rabbitmq_web_dispatch 3.6.5
[ ] rabbitmq_web_stomp 3.6.5
[ ] rabbitmq_web_stomp_examples 3.6.5
[ ] sockjs 0.3.4
[ ] webmachine 1.10.3
[root@linux-node1 ~]# rabbitmq-plugins enable rabbitmq_management #加載消息隊列的管理插件
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
[root@linux-node1 ~]# systemctl restart rabbitmq-server.service #重啟消息隊列服務
消息隊列服務驗證
[root@linux-node1 ~]# lsof -i :15672
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 6370 rabbitmq 53u IPv4 37357 0t0 TCP *:15672 (LISTEN)
在瀏覽器中輸入:192.168.56.11:15672����,使用guest 賬號和guest密碼登錄
keystone認證服務
Keystone在N版已經是V3版本��。在Keystone中主要涉及以下幾個概念:
User:使用服務的用戶�����,可以是人��,服務或者系統��,只要是使用了openstack服務的對象都可以稱為用戶
project(tenant)租戶��,可以理解為一個人�,項目或者組織擁有的資源的合集����。在一個租戶中可以擁有很多個用戶����,這些用戶可以根據權限的劃分使用租戶中的資源
Role:角色��,用于分配操作的權限���。角色可以被指定給用戶�,使得該用戶獲得角色對應的操作權限
Token:認證成功后��,keystone會生成一串比特值或者字符串��,用來作為訪問資源的令牌�����,token中有可訪問資源的范圍和有效時間
Keystone V3 API 新特性
Keystone V3 做出了許多變化和改進����,我們選取其中較為重要的進行闡述:
將 Tenant 改稱為 Project
引入 Domain 的概念
引入 Group 的概念
將 Tenant 改為 Project 并在其上添加 Domain 的概念�����,這更加符合現實世界和云服務的映射�。
V3 利用 Domain 實現真正的多租戶(multi-tenancy)架構���,Domain 擔任 Project 的高層容器����。云服務的客戶是 Domain 的所有者�����,他們可以在自己的 Domain 中創建多個 Projects�����、Users��、Groups 和 Roles����。通過引入 Domain�����,云服務客戶可以對其擁有的多個 Project 進行統一管理��,而不必再向過去那樣對每一個 Project 進行單獨管理���。
Group 是一組 Users 的容器��,可以向 Group 中添加用戶��,并直接給 Group 分配角色����,那么在這個 Group 中的所有用戶就都擁有了 Group 所擁有的角色權限�����。通過引入 Group 的概念�,Keystone V3 實現了對用戶組的管理����,達到了同時管理一組用戶權限的目的�����。這與 V2 中直接向 User/Project 指定 Role 不同�,使得對云服務進行管理更加便捷�。
圖 . Domain��、Group�����、Project��、User 和 Role 的關系圖(引用網上)
創建庫及用戶
在數據庫中創建庫和用戶(這里為了方便會把后面用到cinder���,glance �����,neutron��,等服務的賬號一并創建到數據庫中
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
執行過程:
[root@linux-node1 ~]# mysql -uroot -p
Enter password: #用初始化時候設置的密碼
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE cinder;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| cinder |
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| performance_schema |
+--------------------+
9 rows in set (0.00 sec)
keystone配置文件
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf
640:connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
1472:servers = 192.168.56.11:11211 # memcache服務地址
2655:provider = fernet #配置令牌
2665:driver = memcache #選擇driver為memcache默認是sql
初始化數據庫�����,memcache配置
su -s /bin/sh -c"keystone-manage db_sync" keystone
驗證初始化是否成功:
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e "use keystone;show tables;"
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
+------------------------+
安裝memcached
yuminstall memcached python-memcached
vim/etc/sysconfig/memcached
[root@linux-node1 ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.56.11,::1"
通過keystone-manage生成token認證必要的信息:
[root@linux-node1 keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 keystone]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 keystone]# keystone-manage bootstrap --bootstrap-password admin \
> --bootstrap-admin-url http://192.168.56.11:35357/v3/ \
> --bootstrap-internal-url http://192.168.56.11:35357/v3/ \
> --bootstrap-public-url http://192.168.56.11:5000/v3/ \
> --bootstrap-region-id RegionOne
配置apache服務
[root@linux-node1 keystone]# vim/etc/httpd/conf/httpd.conf #編輯配置文件���,
95 ServerName 192.168.56.11:80
配置軟連接
[root@linux-node1 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
啟動服務:
[root@linux-node1 keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@linux-node1 keystone]# systemctl start httpd.service
[root@linux-node1 keystone]#
[root@linux-node1 keystone]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 22891 root 4u IPv6 59157 0t0 TCP *:http (LISTEN)
httpd 22902 apache 4u IPv6 59157 0t0 TCP *:http (LISTEN)
httpd 22906 apache 4u IPv6 59157 0t0 TCP *:http (LISTEN)
httpd 22907 apache 4u IPv6 59157 0t0 TCP *:http (LISTEN)
httpd 22908 apache 4u IPv6 59157 0t0 TCP *:http (LISTEN)
httpd 22909 apache 4u IPv6 59157 0t0 TCP *:http (LISTEN)
配置環境變量:
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
安裝openstack客戶端�,如果不安裝是沒有openstack命令的
yum install -y python-openstackclient
安裝完畢執行以下命令驗證:
[root@linux-node1 keystone]# openstack user list #查看用戶列表
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| b84c1614b79b40278e02bd6ed034cc6f | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack role list #查看權限列表
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 9b0ba78cf70048efa8659220a3cebd06 | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack project list #查看項目列表
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin |
+----------------------------------+-------+
[root@linux-node1 keystone]# openstack endpoint list #查看端點列表
+---------------+-----------+--------------+--------------+---------+-----------+------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+---------------+-----------+--------------+--------------+---------+-----------+------------------+
| 65f66a71d4624 | RegionOne | keystone | identity | True | internal | http://192.168.5 |
| 2a0a80a0de1b6 | | | | | | 6.11:35357/v3/ |
| 503929 | | | | | | |
| 71f801be8bc54 | RegionOne | keystone | identity | True | admin | http://192.168.5 |
| 7aca380c81b79 | | | | | | 6.11:35357/v3/ |
| 6b240a | | | | | | |
| b1caff56f31f4 | RegionOne | keystone | identity | True | public | http://192.168.5 |
| dfabe5a8418c6 | | | | | | 6.11:5000/v3/ |
| 5e2839 | | | | | | |
+---------------+-----------+--------------+--------------+---------+-----------+------------------+
創建項目:
[root@linux-node1 keystone]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 7f240473406147b99463f32b876bf69d |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
這里生成的結果除了id和我不一樣���,其他的差不多一樣
查看是否創建成功
[root@linux-node1 keystone]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin |
| 7f240473406147b99463f32b876bf69d | service |
+----------------------------------+---------+
創建demo項目:
[root@linux-node1 keystone]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 9b913d25891849baa55b21d837e9b63d |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
驗證是否創建成功:
[root@linux-node1 keystone]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 7ae0fb7deb5342d885a07c2c890a1ff4 | admin |
| 7f240473406147b99463f32b876bf69d | service |
| 9b913d25891849baa55b21d837e9b63d | demo |
+----------------------------------+---------+
創建用戶
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | f0c69bad72b54e0daef92c2295425932 |
| name | demo |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| b84c1614b79b40278e02bd6ed034cc6f | admin |
| f0c69bad72b54e0daef92c2295425932 | demo |
+----------------------------------+-------+
創建role權限:
[root@linux-node1 keystone]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | f53267146a6449b797393f7fc5d23e10 |
| name | user |
+-----------+----------------------------------+
[root@linux-node1 keystone]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 9b0ba78cf70048efa8659220a3cebd06 | admin |
| f53267146a6449b797393f7fc5d23e10 | user |
+----------------------------------+-------+
把用戶添加到項目中��,并賦予權限
[root@linux-node1 keystone]# openstack role add --project demo --user demo user #把demo用戶加到demo項目中并賦予user權限
這里我把以后各個服務用戶賦予不同role規則:
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8dc6f28207b64e6d845a444a2ba18205 |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user glance admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | db596da4ed8f47ab9dc7fa77d3bc8c6c |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user nova admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c0f9c52898ad4d4f88254a01c458eb27 |
| name | neutron |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user neutron admin
[root@linux-node1 keystone]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e5dbdde24a7340edb8bd3f498f9d28b5 |
| name | cinder |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node1 keystone]# openstack role add --project service --user cinder admin
驗證keystone
驗證用戶:
unset OS_AUTH_URL OS_PASSWORD 取消之前的環境變量
[root@linux-node1 keystone]# openstack \
> --os-auth-url http://192.168.56.11:35357/v3 \
> --os-project-domain-name default \
> --os-user-domain-name default \
> --os-project-name admin \
> --os-username admin token issue
Password: #輸入密碼后能出現下面內容說明用戶沒有問題
+------------+---------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------+
| expires | 2016-12-28 11:05:46+00:00 |
| id | gAAAAABYY456xFHiZSMnQ7x88FxUJjuu3uO8xRLh_soTSgyf3KzMv0nY3s4wn1diFlJ7d2qjPub0iftlOKUnZ |
| | z9QYPMUGhfxguZhEHWQtufNQNxZD9r8ekluU0XjCdrdnBU-fs3IM6EmJt3O1Sl- |
| | Nw4G40uh0xatMkxI6bmrG3fRkCrcLga6Cx4 |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 |
| user_id | b84c1614b79b40278e02bd6ed034cc6f |
+------------+---------------------------------------------------------------------------------------
創建環境變量腳本:
創建admin變量
[root@linux-node1 ~]# cat admin-openstack
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
創建demo變量
[root@linux-node1 ~]# cat demo-openstack
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使環境變量生效:
soure demo-openstack
Keystone常見錯誤
401 #驗證失敗���,keystone相關用戶賬戶密碼設置錯誤,時間不同步����,或者輸入的項目名稱不對
403 #可能未初始化OS_token變量�,需要使用source命令使其生效�,也可能是配置的配置文件未生效�,需要重啟相關服務
409 #keystone創建用戶���,用戶已存在
500 #服務器內部錯誤�,服務配置有問題����,看日志��,檢查配置
503 #keystone相關賬戶密碼設置有問題�,請將相關的glance賬戶刪除�����,重新創建即可
服務故障 #相關服務沒有起來
