一:集群信息简介
| Openstack Controller | 192.168.200.101 172.18.100.1 172.28.100.1 |
192.168.200/24 192.168.200.2 172.18.0.0/16 172.18.0.1 172.28.0.0/16 172.28.0.1 |
4c8g100G |
| Openstack Computer | 192.168.200.102 172.18.100.2 172.28.100.2 |
192.168.200/24 192.168.200.2 172.18.0.0/16 172.18.0.1 172.28.0.0/16 172.28.0.1 |
4c8g100G |
| Openstack Network | 192.168.200.103 172.18.100.3 172.28.100.3 |
192.168.200/24 192.168.200.2 172.18.0.0/16 172.18.0.1 172.28.0.0/16 172.28.0.1 |
4c4g40G |
二:实验节点硬件情况介绍
下图是实验用节点的概况
下图是各个节点的配置详情
下图是Vmware 网络配置详情
三:Controller节点部署
3.1、安装系统
CentOS 7.4.1708 三网卡
Minimal Install
[timezone] Asia/Shanghai
[language] 中文
3.2、配置网络
[[email protected]_168_200_101 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:dc brd ff:ff:ff:ff:ff:ff inet 192.168.200.101/24 brd 192.168.200.255 scope global eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:e6 brd ff:ff:ff:ff:ff:ff inet 172.18.100.1/16 brd 172.18.255.255 scope global eth1 valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:f0 brd ff:ff:ff:ff:ff:ff inet 172.28.100.1/16 brd 172.28.255.255 scope global eth2 valid_lft forever preferred_lft forever [[email protected]_168_200_101 ~]# ip r default via 192.168.200.2 dev eth0 metric 100 default via 172.18.0.1 dev eth1 metric 1000 default via 172.28.0.1 dev eth2 metric 2000 169.254.0.0/16 dev eth0 scope link metric 1002 169.254.0.0/16 dev eth1 scope link metric 1003 169.254.0.0/16 dev eth2 scope link metric 1004 172.18.0.0/16 dev eth1 proto kernel scope link src 172.18.100.1 172.28.0.0/16 dev eth2 proto kernel scope link src 172.28.100.1 192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.101 [[email protected]_168_200_101 ~]# cat /etc/resolv.conf ; generated by /usr/sbin/dhclient-script search localdomain dwhd.org nameserver 47.90.33.131 nameserver 8.8.8.8 [[email protected]_168_200_101 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.200.101 LB-Controller-Node1-192_168_200_101.dwhd.org LB-Controller-Node1-192_168_200_101 Controller controller 172.18.100.1 LB-Controller-Node1-192_168_200_101.dwhd.org LB-Controller-Node1-192_168_200_101 Controller controller 172.28.100.1 LB-Controller-Node1-192_168_200_101.dwhd.org LB-Controller-Node1-192_168_200_101 Controller controller 192.168.200.102 LB-Compute-Nodei1-192_168_200_102.dwhd.org LB-Compute-Nodei1-192_168_200_102 Compute computer 172.18.100.2 LB-Compute-Nodei1-192_168_200_102.dwhd.org LB-Compute-Nodei1-192_168_200_102 Compute computer 172.28.100.2 LB-Compute-Nodei1-192_168_200_102.dwhd.org LB-Compute-Nodei1-192_168_200_102 Compute computer 192.168.200.103 LB-Network-Nodei1-192_168_200_103.dwhd.org LB-Network-Nodei1-192_168_200_103 Network network 172.18.100.3 LB-Network-Nodei1-192_168_200_103.dwhd.org LB-Network-Nodei1-192_168_200_103 Network network 172.28.100.3 LB-Network-Nodei1-192_168_200_103.dwhd.org LB-Network-Nodei1-192_168_200_103 Network network [[email protected]_168_200_101 ~]# ping controller -c2 PING LB-Controller-Node1-192_168_200_101.dwhd.org (192.168.200.101) 56(84) bytes of data. 64 bytes from LB-Controller-Node1-192_168_200_101.dwhd.org (192.168.200.101): icmp_seq=1 ttl=64 time=0.025 ms 64 bytes from LB-Controller-Node1-192_168_200_101.dwhd.org (192.168.200.101): icmp_seq=2 ttl=64 time=0.039 ms --- LB-Controller-Node1-192_168_200_101.dwhd.org ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1054ms rtt min/avg/max/mdev = 0.025/0.032/0.039/0.007 ms [[email protected]_168_200_101 ~]#
下面是三张网卡的配置信息
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="eth0" DEVICE="eth0" ONBOOT="yes" #BOOTPROTO="dhcp" BOOTPROTO="static" DEFROUTE="yes" METRIC=100 IPADDR="192.168.200.101" GATEWAY="192.168.200.2" NETMASK="255.255.255.0" DNS1=47.89.33.131 DNS2=8.8.8.8 DNS3=8.8.4.4
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="eth1" DEVICE="eth1" ONBOOT="yes" #BOOTPROTO="dhcp" BOOTPROTO="static" DEFROUTE="yes" METRIC=1000 IPADDR="172.18.100.1" GATEWAY="172.18.0.1" NETMASK="255.255.0.0"
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="eth2" DEVICE="eth2" ONBOOT="yes" #BOOTPROTO="dhcp" BOOTPROTO="static" DEFROUTE="yes" METRIC=2000 IPADDR="172.28.100.1" GATEWAY="172.28.0.1" NETMASK="255.255.0.0"
如图所示
3.3、配置时间同步
[[email protected]_168_200_101 ~]# { [ -x /usr/sbin/ntpdate ] || yum install ntpdate -y; } && \ { if ! grep -q ntpdate /var/spool/cron/root; then echo -e "\n*/5 * * * * n/usr/sbin/ntpdate ntp.dtops.cc >/dev/null 2>&1" >> /var/spool/cron/root;fi; } && \ { clear && /usr/sbin/ntpdate ntp.dtops.cc && echo -e "\n=======\n" && cat /var/spool/cron/root; } 14 Feb 00:00:36 ntpdate[1629]: adjust time server 180.150.154.108 offset 0.001372 sec ======= */5 * * * * /usr/sbin/ntpdate -u ntp.dtops.cc >/dev/null 2>&1 */1 * * * * /usr/sbin/ss -tan|awk 'NR>1{++S[$1]}END{for (a in S) print a,S[a]}' > /tmp/tcp-status.txt */1 * * * * /usr/sbin/ss -o state established '( dport = :http or sport = :http )' |grep -v Netid > /tmp/httpNUB.txt [[email protected]_168_200_101 ~]# date 2018年 02月 14日 星期三 00:01:08 CST [[email protected]_168_200_101 ~]#
如下图所示
3.4、开始安装
3.4.1、启用OpenStack库
[[email protected]_168_200_101 ~]# yum install -y centos-release-openstack-ocata
3.4.2、下载并安装RDO库转使OpenStack库
[[email protected]_168_200_101 ~]# yum install -y https://rdoproject.org/repos/rdo-release.rpm
3.4.3、更新所有软件包
[[email protected]_168_200_101 ~]# yum clean all && yum makecache && yum upgrade -y
3.4.4、安装openstack客户端
[[email protected]_168_200_101 ~]# yum install -y python-openstackclient
3.4.5、安装OpenStack SELinux包自动地管理安全策略为OpenStack服务
[[email protected]_168_200_101 ~]# yum install -y openstack-selinux
3.4.6、安装MariaDB (此处暂不考虑将数据库单独或者说数据库做集群一事,后期我们再做扩展)
因为考虑到后期需要扩展到集群状态,所以这里使用我自己本人写的一个mariadb安装脚本来安装
[[email protected]_168_200_101 ~]# bash -c "$(curl -Lk onekey.sh/mariadb_galera)" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 154 100 154 0 0 96 0 0:00:01 0:00:01 --:--:-- 96 100 13038 100 13038 0 0 7492 0 0:00:01 0:00:01 --:--:-- 265k Please input the root password of database: YmY0N2RiOTk4NTc1ZDM1ZWUz
测试下下数据库的可用性
[[email protected]_168_200_101 ~]# mysql -uroot -pYmY0N2RiOTk4NTc1ZDM1ZWUz -e 'status;' -------------- mysql Ver 15.1 Distrib 10.1.20-MariaDB, for Linux (x86_64) using EditLine wrapper Connection id: 23 Current database: Current user: [email protected] SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.0.33-MariaDB-wsrep MariaDB Server, wsrep_25.21.rc3fc46e Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /tmp/mysql.sock Uptime: 2 min 12 sec Threads: 18 Questions: 21 Slow queries: 0 Opens: 1 Flush tables: 1 Open tables: 64 Queries per second avg: 0.159 -------------- [[email protected]_168_200_101 ~]#
3.4.7、消息队列RabbitMQ安装 (运行在管理节点上)
[[email protected]_168_200_101 ~]# yum install -y rabbitmq-server
3.4.7.1、启动消息队列
[[email protected]_168_200_101 ~]# systemctl enable rabbitmq-server.service Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [[email protected]_168_200_101 ~]# systemctl start rabbitmq-server.service [[email protected]_168_200_101 ~]# ss -tnlp|grep 5672 LISTEN 0 128 *:5672 *:* users:(("beam.smp",pid=9129,fd=52)) LISTEN 0 128 *:25672 *:* users:(("beam.smp",pid=9129,fd=43)) [[email protected]_168_200_101 ~]#
3.4.7.2、添加 openstack 用户
[[email protected]_168_200_101 ~]# rabbitmqctl add_user openstack MDNiMDhh Creating user "openstack" ... [[email protected]_168_200_101 ~]#
3.4.7.3、为 openstack 用户赋予读和写访问权限
[[email protected]_168_200_101 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ... [[email protected]_168_200_101 ~]#
3.4.8、Memcached 缓存令牌(运行于管理节点)
identity 服务身份认证机制使用 Memcached 缓存令牌。
3.4.8.1、安装软件包
[[email protected]_168_200_101 ~]# yum install -y memcached python-memcached
3.4.8.2、编辑/etc/sysconfig/memcached 文件,为使其他节点可以访问
编辑现有配置项:OPTIONS="-l 127.0.0.1,::1"
[[email protected]_168_200_101 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:dc brd ff:ff:ff:ff:ff:ff inet 192.168.200.101/24 brd 192.168.200.255 scope global eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:e6 brd ff:ff:ff:ff:ff:ff inet 172.18.100.1/16 brd 172.18.255.255 scope global eth1 valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:b0:55:f0 brd ff:ff:ff:ff:ff:ff inet 172.28.100.1/16 brd 172.28.255.255 scope global eth2 valid_lft forever preferred_lft forever [[email protected]_168_200_101 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1" [[email protected]_168_200_101 ~]# sed -ri 's/(OPTIONS="-l).*/\1 127.0.0.1,controller"/' /etc/sysconfig/memcached [[email protected]_168_200_101 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,controller" [[email protected]_168_200_101 ~]#
3.4.8.3、启动 Memcached 服务并设置开机自动启动
[[email protected]_168_200_101 ~]# systemctl start memcached.service [[email protected]_168_200_101 ~]# systemctl enable memcached.service Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [[email protected]_168_200_101 ~]# ss -tnlp | grep 11211 LISTEN 0 1024 172.28.100.1:11211 *:* users:(("memcached",pid=10369,fd=29)) LISTEN 0 1024 172.18.100.1:11211 *:* users:(("memcached",pid=10369,fd=28)) LISTEN 0 1024 192.168.200.101:11211 *:* users:(("memcached",pid=10369,fd=27)) LISTEN 0 1024 127.0.0.1:11211 *:* users:(("memcached",pid=10369,fd=26)) [[email protected]_168_200_101 ~]#
四:安装和配置keystone(身份认证)组件
这里在Controller node(管理节点)安装和配置身份服务。
4.1: 先决条件
在安装配置 OpenStack 身份服务前,你必须创建一个数据库和管理员令牌。
[[email protected]_168_200_101 ~]# mysql -uroot -pYmY0N2RiOTk4NTc1ZDM1ZWUz Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 23 Server version: 10.0.33-MariaDB-wsrep MariaDB Server, wsrep_25.21.rc3fc46e Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS keystone DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'MjE4NWZmNzhkOWFi'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'MjE4NWZmNzhkOWFi'; Query OK, 0 rows affected, 1 warning (0.26 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'MjE4NWZmNzhkOWFi'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> \q Bye [[email protected]_168_200_101 ~]# mysql -ukeystone -pMjE4NWZmNzhkOWFi -hcontroller -e "show databases;" +--------------------+ | Database | +--------------------+ | information_schema | | keystone | +--------------------+ [[email protected]_168_200_101 ~]#
4.2安装并配置组件
4.2.1. 安装软件包
[[email protected]_168_200_101 ~]# yum install -y openstack-keystone httpd mod_wsgi
4.2.2. 编辑/etc/keystone/keystone.conf 文件并完成下列操作:
A. 在[database]小节,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://keystone:[email protected]/keystone
替换 KEYSTONE_DBPASS 为合适的密码。
B. 在[token]小节,配置使用 Fernet 技术提供令牌。
[token]
# ...
provider = fernet
4.2.3. 初始化身份服务数据库并验证:
[[email protected]_168_200_101 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone [[email protected]_168_200_101 ~]# mysql -uroot -pYmY0N2RiOTk4NTc1ZDM1ZWUz keystone -e 'show tables;'| head -5 Tables_in_keystone access_token assignment config_register consumer [[email protected]_168_200_101 ~]#
4.2.4. 初始化 Fernet key 仓库:
[[email protected]_168_200_101 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [[email protected]_168_200_101 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [[email protected]_168_200_101 ~]#
4.2.5. 引导身份服务,创建管理员。
[[email protected]_168_200_101 ~]# keystone-manage bootstrap --bootstrap-password OTNkODlkNGRiOWEy \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne [[email protected]_168_200_101 ~]#
4.3配置 Apache HTTP 服务
Ocata的keystone实际是依赖于Apache http进行运行,因此需要在这里进行配置Apache。另外与之前不同的是,ocata这里添加的wsgi-keystone.conf文件,直接通过软连接的方式,之前版本没记错的话应该是手动创建。
4.3.1. 编辑/etc/httpd/conf/httpd.conf 文件并配置 ServerName 配置项
为管理节点的主机名:
ServerName controller
4.3.2. 创建到文件/usr/share/keystone/wsgi-keystone.conf 的链接:
Ocata的keystone实际是依赖于Apache http进行运行,因此需要在这里进行配置Apache。另外与之前不同的是,ocata这里添加的wsgi-keystone.conf文件,直接通过软连接的方式,之前版本没记错的话应该是手动创建。
[[email protected]_168_200_101 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [[email protected]_168_200_101 ~]# ls -lh /etc/httpd/conf.d/ 总用量 16K -rw-r--r-- 1 root root 2.9K 10月 20 04:39 autoindex.conf -rw-r--r-- 1 root root 366 10月 20 04:39 README -rw-r--r-- 1 root root 1.3K 10月 20 00:44 userdir.conf -rw-r--r-- 1 root root 824 10月 20 00:44 welcome.conf lrwxrwxrwx 1 root root 38 2月 14 01:21 wsgi-keystone.conf -> /usr/share/keystone/wsgi-keystone.conf [[email protected]_168_200_101 ~]#
4.4完成安装
4.4.1. 启动 Apache HTTP 服务并设置开机自动启动:
[[email protected]_168_200_101 ~]# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [[email protected]_168_200_101 ~]# systemctl start httpd.service [[email protected]_168_200_101 ~]#
4.4.2. 配置管理账号
[[email protected]_168_200_101 ~]# export OS_USERNAME=admin [[email protected]_168_200_101 ~]# export OS_PASSWORD=OTNkODlkNGRiOWEy [[email protected]_168_200_101 ~]# export OS_PROJECT_NAME=admin [[email protected]_168_200_101 ~]# export OS_USER_DOMAIN_NAME=Default [[email protected]_168_200_101 ~]# export OS_PROJECT_DOMAIN_NAME=Default [[email protected]_168_200_101 ~]# export OS_AUTH_URL=http://controller:35357/v3 [[email protected]_168_200_101 ~]# export OS_IDENTITY_API_VERSION=3
4.5创建域,项目,用户和角色
身份服务为每一个 OpenStack 服务提供认证服务。认证服务使用一个 domain(域),projects(项目(tenants(租户))),users(用户)和roles(角色)的组合。
4.5.1. 在 openstack 环境中创建一个包含其他服务唯一账号的 service 项目,创建 service 项目:
创建服务实体和API端点,创建service project
[[email protected]_168_200_101 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 9035cbc2861d4c57a6b944b443c295b6 | | is_domain | False | | name | service | | parent_id | default | +-------------+----------------------------------+ [[email protected]_168_200_101 ~]#
4.5.2. 日常(非管理员)任务一般使用一个非特权项目和用户。在本手册中,创建 demo 项目和用户:
A. 创建 demo 项目:
[[email protected]_168_200_101 ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | d089d63c81af47139bd03f332a515952 | | is_domain | False | | name | demo | | parent_id | default | +-------------+----------------------------------+ [[email protected]_168_200_101 ~]#
B. 创建 demo 用户:
[[email protected]_168_200_101 ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 2b23af02efcb4c5e875267f751c342a4 | | name | demo | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ [[email protected]_168_200_101 ~]#
C. 创建 user 角色:
[[email protected]_168_200_101 ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 185ac0ec3c874574b87291ea5f2be5fc | | name | user | +-----------+----------------------------------+ [[email protected]_168_200_101 ~]#
D. 添加 user 角色到 demo 项目和用户
[[email protected]_168_200_101 ~]# openstack role add --project demo --user demo user [[email protected]_168_200_101 ~]#
4.6、验证操作
在安装其他服务前,验证身份服务是否正常。
4.6.1、由于安全的原因,关闭临时认证令牌机制。
编辑/etc/keystone/keystone-paste.ini
找到以下三项中的admin_token_auth,删掉即可(光标选到a,按17x,即可)
[pipeline:public_api]
[pipeline:admin_api]
[pipeline:api_v3]
4.6.2、删除临时环境变量 OS_AUTH_URL 和 OS_PASSWORD:
[[email protected]_168_200_101 ~]# unset OS_AUTH_URL OS_PASSWORD [[email protected]_168_200_101 ~]#
4.6.3、使用 admin 用户,请求认证令牌
[[email protected]_168_200_101 ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue Password: +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-02-13T20:15:03+0000 | | id | gAAAAABagzk3yOI3wqJ2LG_poFS_Nh2BCa57WHg9NSfFAi4W2NiigTWel9hGKvwIc6tWrZxnJbpTGaKzlNGlZtNqpRas3PLqLh-aFEXAH7Ix2utxPxo2IjDrSmnMTGp8HfX3MVsjEjG8Fyx_wUzbS0gf47rflp7zVZfOY5uVH0BzqcV597WXv9w | | project_id | 7eb5c96f93bf422bb175de7ea22e290b | | user_id | 48e69d955fff44e88c6e6811fad3e300 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [[email protected]_168_200_101 ~]#
4.6.4、使用 demo 用户,请求认证令牌:
[[email protected]_168_200_101 ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue Password: +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-02-13T20:16:24+0000 | | id | gAAAAABagzmIV-JshVC-_EQbnrOM78nOlR3zBi1YZpJdrzR407KeXeEQBrNJvobqZ3fEGhf-MplygZyjhi2SRmwvO8JQWqerMM4PngeWMxzTWmp9u_PZd2t3UmCKrUbH7RI3du36WIXObz0WB8rNJ6rJqp9To2cByS8pTHMpNsSc03uYPLzZbrg | | project_id | d089d63c81af47139bd03f332a515952 | | user_id | 2b23af02efcb4c5e875267f751c342a4 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [[email protected]_168_200_101 ~]#
4.7、创建 OpenStack 客户端环境脚本
为 admin 和 demo 项目和用户创建客户端环境脚本。本手册后续部分将使用这些脚本加载用户凭据。
4.7.1. 编辑 admin-openrc 文件,并添加下列内容:
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=OTNkODlkNGRiOWEy export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
替换 ADMIN_PASS 为身份服务中 admin 用户的密码
4.7.2. 编辑 demo-openrc 文件,并添加下列内容:
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=lookback export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
替换 DEMO_PASS 为身份服务中 demo 用户的密码。
4.8、使用脚本
4.8.1. 加载 admin-openrc 文件用来填充身份服务中 admin 项目和用户的
用户凭据到环境变量:
[[email protected]_168_200_101 ~]# source admin-openrc
4.8.2. 请求认证令牌
[[email protected]_168_200_101 ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-02-13T20:22:39+0000 | | id | gAAAAABagzr_HOOzE0ZSxayx3JP-7UEqr0dUscOS6eJ3_vARKyW1x3viVukYayI6kwW0b_OV6FIgAI1Ue-i0TBiw9O-RIQ_q1sI7ya8_OPc_Qu-EKCNHx2l4Mn9qrdfhPAJ8E2r-pOTWCZFFUOgyv2D3TH8Qy7pi_mdkLQEs0fp5xl4u-rXV9_c | | project_id | 7eb5c96f93bf422bb175de7ea22e290b | | user_id | 48e69d955fff44e88c6e6811fad3e300 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [[email protected]_168_200_101 ~]#
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏