SERVICE_TOKEN=ADMIN
ADMIN_PASSWORD=password
SERVICE_ENDPOINT=http://localhost:35357/v2.0
exportSERVICE_TOKEN=$SERVICE_TOKEN
exportSERVICE_ENDPOINT=$SERVICE_ENDPOINT
functionget_id(){
echo`$@|grepid|awk'{print$4}'`
}
ADMIN_TENANT=`get_idkeystonetenant-create--name=admin`
ADMIN_USER=`get_idkeystoneuser-create--name=admin--pass="$ADMIN_PASSWORD"--email=admin@example.com`
ADMIN_ROLE=`get_idkeystonerole-create--name=admin`
KEYSTONEADMIN_ROLE=`get_idkeystonerole-create--name=KeystoneAdmin`
KEYSTONESERVICE_ROLE=`get_idkeystonerole-create--name=KeystoneServiceAdmin`
keystoneuser-role-add--user$ADMIN_USER--role$ADMIN_ROLE--tenant_id$ADMIN_TENANT
keystoneuser-role-add--user$ADMIN_USER--role$KEYSTONEADMIN_ROLE--tenant_id$ADMIN_TENANT
keystoneuser-role-add--user$ADMIN_USER--role$KEYSTONESERVICE_ROLE--tenant_id$ADMIN_TENANT
echo$?
5)验证
keystoneservice-list
keystoneuser-list
keystonerole-list
架构
Service,使用keystone的内部服务
Identity,基于角色的验证与授权
Token,user/tenant的credentials已经验证之后生成的随机数
Catalog,注册的后端,像sql,kvs,ldap
Policy,提供rule-basedauthorizationengine
nosetests-s-vtest_backend_sql.py
keystoneservice-create--nameCOMPUTE_ID--typecompute--description'OpenStackComputeservice'
keystoneendpoint-create--region=RegionOne--service_id=COMPUTE_ID--publicurl='http://localhost:$(compute_port)s/v1.1/$(tenant_id)s'--internalurl='http://localhost:$(compute_port)s/v1.1/$(tenant_id)s'–adminurl='http://localhost:$(compute_port)s/v1.1/$(tenant_id)s'
keystoneendpoint-create--region=RegionOne--service_id=IDENTITY_ID--publicurl='http://localhost:$(public_port)s/v2.0'--internalurl='http://localhost:$(public_port)s/v2.0'--adminurl='http://localhost:$(admin_port)s/v2.0'
keystoneendpoint-create--region=RegionOne--service_id=IMAGE_ID--publicurl='http://localhost:9292/v1'--internalurl='http://localhost:9292/v1'--adminurl='http://localhost:9292/v1'
执行上述语句要keystone.conf文件中有:
driver= keystone.catalog.backends.sql.Catalog
5.2配置glance
1)配置
vi/bak/openstack/glance/etc/glance-registry.conf
sql_connection=mysql://root:password@localhost/glance
vi/bak/openstack/glance/etc/glance-api-paste.conf
vi/bak/openstack/glance/etc/glance-registry-paste.conf
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
admin_token=ADMIN
vi/bak/openstack/glance/etc/glance-api.conf
vi/bak/openstack/glance/etc/glance-registry.conf
[paste_deploy]
flavor=keystone
debug=True
#log_file=/var/log/glance/api.log
2)数据库:
mysql-uroot-ppassword-e'DROPDATABASEIFEXISTSglance;'
mysql-uroot-ppassword-e'CREATEDATABASEglance;'
mysql-uroot-ppassword-e"grantallon*.*toroot@'%'identifiedby'password'"
cd/bak/openstack/glance&&./bin/glance-managedb_sync
3)启动
./bin/glance-registry--config-file=/bak/openstack/glance/etc/glance-registry.conf
filesystem_store_datadir=/var/lib/glance/images
./bin/glance-api–config-file=/bak/openstack/glance/etc/glance-api.conf
如果是在eclipse中启动,注意和上面keystone的一样,将基准路径从${workspace_loc:glance/bin}改为${workspace_loc:glance},这样改了之后,就直接从${workspace_loc:glance/}/etc/glance目录读配置文件,而不是从/etc/glance读
4) 上传镜像
cd /bak/openstack/glance
export FILES=/bak/openstack/glance
mkdir -p $FILES/images
exportOS_AUTH_USER=admin
export OS_AUTH_KEY=password
exportOS_AUTH_TENANT=admin
exportOS_AUTH_URL=http://localhost:35357/v2.0
exportOS_AUTH_STRATEGY=keystone
sudo wget -c -O $FILES/images/tty.tgz
tar-zxf $FILES/images/tty.tgz -C $FILES/images
TOKEN=`curl -s -d"{\"auth\":{\"passwordCredentials\":{\"username\": \"$OS_AUTH_USER\", \"password\":\"$OS_AUTH_KEY\"}, \"tenantName\":\"$OS_AUTH_TENANT\"}}" -H "Content-type:application/json" :5000/v2.0/tokens | Python -c"import sys; import json; tok = json.loads(sys.stdin.read());print tok['access']['token']['id'];"`
RVAL=`./bin/glanceadd -A $TOKEN is_public=truecontainer_format=aki disk_format=aki <$FILES/images/aki-tty/image`
KERNEL_ID=`echo $RVAL | cut -d":"-f2 | tr -d " "`
RVAL=`./bin/glance add-A $TOKEN is_public=truecontainer_format=ari disk_format=ari<$FILES/images/ari-tty/image`
RAMDISK_ID=`echo $RVAL | cut-d":" -f2 | tr -d " "`
./bin/glance add -A$TOKEN is_public=true container_format=amidisk_format=ami kernel_id=$KERNEL_ID ramdisk_id=$RAMDISK_ID<$FILES/images/ami-tty/image