-> IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\
-> IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec)
1.Run the following command to install the packages:
# yum install openstack-keystone httpdmod_wsgi 2.dit the /etc/keystone/keystone.conf file and complete the following actions:
In the [database] section, configure database access:
[database] ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone Replace KEYSTONE_DBPASS with the password you chose for the database.
In the [token] section, configure the Fernet token provider:
[token] ... provider = fernet
3.pulate the Identity service database:同步数据库
#su -s /bin/sh -c \ keystone4.nitialize Fernet key repositories: # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 5.strap the Identity service: # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:35357/v3/ \\ --bootstrap-internal-url http://controller:35357/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne Replace ADMIN_PASS with a suitable password for an administrative user。
Configure the Apache HTTP server
1. Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to
reference the controller node:
ServerName controller 2. Create a link to the /usr/share/keystone/wsgi-keystone.conf file: # ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 3. Start the Apache HTTP service and configure it to start when the system boots: #systemctlenablehttpd.service #systemctl start httpd.service 4. Configure the administrative account. $ export S_USERNAME=admin $exportOS_PASSWORD=ADMIN_PASS $exportOS_PROJECT_NAME=admin $exportOS_USER_DOMAIN_NAME=Default $exportOS_PROJECT_DOMAIN_NAME=Default $exportOS_AUTH_URL=http://controller:35357/v3 $exportOS_IDENTITY_API_VERSION=3 Create a domain, projects, users, and roles
1. This guide uses a service project that contains a unique user for each service that you
add to your environment. Create the service project
openstack project create --domain default \\
--description \ 2. Regular (non-admin) tasks should use an unprivileged project and user. As an
example, this guide creates the demoproject and user. Create the demo project:
openstack project create --domain default \\ --description \ Create the demo user:
openstack user create --domain default \\ --password-prompt demo 密码:demo