Ubuntu Server 11.10 下使用Keystone认证多节点安装Swi(3)

日期：2021-03-31 栏目：程序人生浏览：次

7. Auth(Keystone)节点的配置

sudo mkdir /etc/keystone sudo chown -R swift:swift /etc/keystone cp -r /home/swift/openstack/keystone/etc/* /etc/keystone 1.修改/etc/keystone/keystone.conf文件将connection = sqlite:///keystone.db更改为 connection = MySQL://keystone:keystone@127.0.0.1/keystone 将[identity]下的driver设置成如下 driver = keystone.identity.backends.sql.Identity 将[catalog]下的driver设置成如下 driver = keystone.catalog.backends.sql.Catalog 其他的保持不变即可 2.Mysql的设置 mysql -u root -p #以root身份登录mysql数据库在数据库中做如下操作 CREATE DATABASE keystone; GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; commit; 修改/etc/mysql/my.conf文件将bind-address = 127.0.0.1改为bind-address = 0.0.0.0 重启mysql服务 sudo service mysql restart 3.同步数据库创建相应的数据库表 keystone-manage db_sync #执行成功之后，在mysql的keystone数据库中将会创建一下表，你可以登陆数据库查看 +------------------------+ | Tables_in_keystone | +------------------------+ | ec2_credential | | endpoint | | metadata | | migrate_version | | role | | service | | tenant | | token | | user | | user_tenant_membership | +------------------------+ 4.创建相应的keystone用户以及keystone服务端点 #!/usr/bin/env bash ADMIN_PASSWORD=admin ENABLE_SWIFT=1 ENABLE_ENDPOINTS=1 KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf} SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD} # Extract some info from Keystone's configuration file if [[ -r "$KEYSTONE_CONF" ]]; then CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2) CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2) fi export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN} if [[ -z "$SERVICE_TOKEN" ]]; then echo "No service token found." echo "Set SERVICE_TOKEN manually from keystone.conf admin_token." exit 1 fi export SERVICE_ENDPOINT=${SERVICE_ENDPOINT:-:${CONFIG_ADMIN_PORT:-35357}/v2.0} function get_id () { echo `"$@" | grep ' id ' | awk '{print $4}'` } # Tenants ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) SERVICE_TENANT=$(get_id keystone tenant-create --name=service) DEMO_TENANT=$(get_id keystone tenant-create --name=demo) # Users ADMIN_USER=$(get_id keystone user-create --name=admin \ --pass="$ADMIN_PASSWORD" \ --email=admin@example.com) DEMO_USER=$(get_id keystone user-create --name=demo \ --pass="$ADMIN_PASSWORD" \ --email=admin@example.com) # Roles ADMIN_ROLE=$(get_id keystone role-create --name=admin) MEMBER_ROLE=$(get_id keystone role-create --name=Member) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin) # Add Roles to Users in Tenants keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT # TODO(termie): these two might be dubious keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT # Services KEYSTONE_SERVICE=$(get_id \ keystone service-create --name=keystone \ --type=identity \ --description="Keystone Identity Service") if [[ -n "$ENABLE_ENDPOINTS" ]]; then keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE \ --publicurl 'http://localhost:$(public_port)s/v2.0' \ --adminurl 'http://localhost:$(admin_port)s/v2.0' \ --internalurl 'http://localhost:$(admin_port)s/v2.0' fi if [[ -n "$ENABLE_SWIFT" ]]; then SWIFT_SERVICE=$(get_id keystone service-create --name=swift \ --type="object-store" \ --description="Swift Service") SWIFT_USER=$(get_id keystone user-create --name=swift \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ --email=swift@example.com) keystone user-role-add --tenant_id $SERVICE_TENANT \ --user $SWIFT_USER \ --role $ADMIN_ROLE keystone endpoint-create --region RegionOne --service_id $SWIFT_SERVICE \ --publicurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s' \ --adminurl 'http://192.168.112.129:8080/' \ --internalurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s' fi 将以上shell代码拷贝到一个文件中，然后执行（在Auth(Keystone)主机中）。其创建了以下主要关系的数据： Tenant User Roles password ----------------------------------------------------------- admin admin admin admin service swift admin admin demo admin admin admin demo demo Member,sysadmin admin

注意：在创建swift的endpoint时，各个url所指向的必须是Proxy节点，例如上面IP地址（192.168.112.129）。如果有多个Proxy节点则需要加入多个endpoint。

8. 开启各个节点的服务（swift用户下操作）

Proxy节点：swift-init proxy start

各个Storage节点：swift-init all start

Auth(Keystone)节点：

sudo screen -S keystone #创建一个名为keystone的临时终端，这样可以隐藏多余的打印信息

su swift #切换到swift用户

keystone-all #这里会输出很多信息，调试的时候可以用到

迅速按下Ctrl+a Ctrl+d键，此时会返回类似于这样的信息[detached from 4334.key]，记住红色部分的编号，要想恢复原来keystone临时终端时可以使用命令：sudo screen -r 4334

9. 验证与使用

a. 验证整个存储架构是否成功（在Proxy节点上或者安装了swift的节点上操作）

swift -A :5000/v2.0 -U admin -K admin stat -V 2

执行成功会返回类似如下的信息：

Account:AUTH_308722b8cc8747a5afdd9b7b1f6155e8

Containers:0

Objects:0

Bytes:0

Accept-Ranges:bytes

b. 用curl测试

curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" :35357/v2.0/tokens | Python -mjson.tool

转载注明出处：http://www.heiqu.com/f95a68bf2d05e7de0e796c16eb884c68.html

Ubuntu Server 11.10 下使用Keystone认证多节点安装Swi(3)

相关推荐