OpenStack 安装和使用(一)
OpenStack 安装和使用
OpenStack的yum安装位置:
3. 如果centos6或rhel6,则需要先安装:http://archive.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
安装:
# yum install –enablerepo=updates-testing openstack-utils openstack-nova openstack-glance openstack-keystone openstack-dashboard qpid-cpp-server
# yum install –enablerepo=updates-testing ntp
# yum install –enablerepo=updates-testing mysql
# yum install –enablerepo=updates-testing MySQL-python
安装完成之后,python方式的Django http目录在:
/usr/lib/python2.7/site-packages/keystone/
调用keystone命令时,第一个执行的py文件是:/usr/lib/python2.7/site-packages/keystone/service.py,可以看到里面当前定义的service版本为v2.0。
修改hosts文件:
# vi /etc/hosts
10.24.1.49 cc
去掉SELinux:
# setenforce 0
# getenforce
Permissive
启动ntp:
# service ntpd start
# chkconfig ntpd on
# service ntpd status
增加iptables规则,开放amqp, MySQL, Nova API and iSCSI ports:
# lokkit -p 3306:tcp (MySQL)
# lokkit -p 5672:tcp (qpid)
# lokkit -p 9292:tcp (glance-api)
# lokkit -p 3260:tcp (iSCSI target)
# lokkit -p 5000:tcp (keystone)
# lokkit -p 8773:tcp (nova-api)
# lokkit -p 8774:tcp (nova-api)
# lokkit -p 8775:tcp (nova-api)
# lokkit -p 8776:tcp (nova-api)
让libvritd重读配置文件:
# service libvirtd reload
查看一下iptables:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp — anywhere anywhere udp dpt:domain
ACCEPT tcp — anywhere anywhere tcp dpt:domain
ACCEPT udp — anywhere anywhere udp dpt:bootps
ACCEPT tcp — anywhere anywhere tcp dpt:bootps
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:amqp
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:armtechdaemon
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:iscsi-target
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:commplex-main
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:8774
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp — anywhere anywhere udp dpt:domain
ACCEPT tcp — anywhere anywhere tcp dpt:domain
ACCEPT udp — anywhere anywhere udp dpt:bootps
ACCEPT tcp — anywhere anywhere tcp dpt:bootps
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:amqp
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:armtechdaemon
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:iscsi-target
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:commplex-main
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:8774
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all — 192.168.122.0/24 anywhere
ACCEPT all — anywhere anywhere
REJECT all — anywhere anywhere reject-with icmp-port-unreachable
REJECT all — anywhere anywhere reject-with icmp-port-unreachable
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all — 192.168.122.0/24 anywhere
ACCEPT all — anywhere anywhere
REJECT all — anywhere anywhere reject-with icmp-port-unreachable
REJECT all — anywhere anywhere reject-with icmp-port-unreachable
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
启动mysql:
# chkconfig mysqld on (# systemctl enable mysqld.service)
# chkconfig –list |grep mysql (# systemctl -a list-unit-files |grep mysql)(# systemctl -a list-units |grep mysql)
# service mysqld start (# /bin/systemctl start mysqld.service)
初始化mysql数据库:
# openstack-db –service keystone –init
# openstack-db –service nova –init
# openstack-db –service glance –init
# mysql -unova -pnova nova
# mysql -uglance -pglance glance
# mysql -ukeystone -pkeystone keystone
mysql> show tables;
+————————+
| Tables_in_keystone |
+————————+
| ec2_credential |
| endpoint |
| metadata |
| migrate_version |
| role |
| service |
| tenant |
| token |
| user |
| user_tenant_membership |
+————————+
10 rows in set (0.00 sec)
+————————+
| Tables_in_keystone |
+————————+
| ec2_credential |
| endpoint |
| metadata |
| migrate_version |
| role |
| service |
| tenant |
| token |
| user |
| user_tenant_membership |
+————————+
10 rows in set (0.00 sec)
启动qpidd服务:
# systemctl start qpidd.service
# systemctl enable qpidd.service
# chkconfig –list|grep qpidd
启动libvirtd服务:
# systemctl start libvirtd.service
# systemctl enable libvirtd.service
# systemctl -a list-unit-files |grep libvirtd
libvirtd.service enabled
libvirtd.service enabled
启动openstack-glance-api和openstack-glance-registry服务:
# for svc in api registry; do systemctl start openstack-glance-$svc.service; done
# for svc in api registry; do systemctl enable openstack-glance-$svc.service; done
# ps axf |grep glance
30071 ? Ss 0:00 /usr/bin/python /usr/bin/glance-api –config-file /etc/glance/glance-api.conf
30074 ? Ss 0:00 /usr/bin/python /usr/bin/glance-registry –config-file /etc/glance/glance-registry.conf
30071 ? Ss 0:00 /usr/bin/python /usr/bin/glance-api –config-file /etc/glance/glance-api.conf
30074 ? Ss 0:00 /usr/bin/python /usr/bin/glance-registry –config-file /etc/glance/glance-registry.conf
建立VG给openstack-nova-volume服务使用:
# fdisk /dev/sdb
d
w
# pvcreate /dev/sdb
# pvdisplay
# vgcreate vg_nova_volume /dev/sdb
# vgdisplay
设置虚拟机类型为KVM方式,还可以为qemu等:
# openstack-config –set /etc/nova/nova.conf DEFAULT volume_group vg_nova_volume
设置虚拟机类型为KVM方式,还可以为qemu等:
# openstack-config –set /etc/nova/nova.conf DEFAULT libvirt_type kvm
允许多个客户化的分区信息能够注入虚拟机:
# openstack-config –set /etc/nova/nova.conf DEFAULT libvirt_inject_partition -1
启动openstack-nova-api、openstack-nova-objectstone、openstack-nova-compute、openstack-nova-network、openstack-nova-volume、openstack-nova-scheduler、openstack-nova-cert服务:
# for svc in api objectstore compute network volume scheduler cert; do systemctl enable openstack-nova-$svc.service; done
# systemctl -a list-unit-files |grep nova
# for svc in api objectstore compute network volume scheduler cert; do systemctl start openstack-nova-$svc.service; done
# killall dnsmasq; for svc in api objectstore compute network volume scheduler cert; do systemctl stop openstack-nova-$svc.service; done
# for svc in api objectstore compute network volume scheduler cert; do systemctl status openstack-nova-$svc.service; done
# ps axf |grep nova
31284 ? Ss 0:01 /usr/bin/python /usr/bin/nova-api –config-file /etc/nova/nova.conf –logfile /var/log/nova/api.log
31288 ? Ss 0:00 /usr/bin/python /usr/bin/nova-objectstore –config-file /etc/nova/nova.conf –logfile /var/log/nova/objectstore.log
31296 ? Ssl 0:01 /usr/bin/python /usr/bin/nova-compute –config-file /etc/nova/nova.conf –logfile /var/log/nova/compute.log
31304 ? Ss 0:00 /usr/bin/python /usr/bin/nova-network –config-file /etc/nova/nova.conf –logfile /var/log/nova/network.log
31311 ? Ss 0:00 /usr/bin/python /usr/bin/nova-volume –config-file /etc/nova/nova.conf –logfile /var/log/nova/volume.log
31319 ? Ss 0:00 /usr/bin/python /usr/bin/nova-scheduler –config-file /etc/nova/nova.conf –logfile /var/log/nova/scheduler.log
31327 ? Ss 0:00 /usr/bin/python /usr/bin/nova-cert –config-file /etc/nova/nova.conf –logfile /var/log/nova/cert.log
# killall dnsmasq; for svc in api objectstore compute network volume scheduler cert; do systemctl restart openstack-nova-$svc.service; done
生成即设置鉴权信息,注意这里的USERNAME/PASSWORD/TENANT_NAME必须跟下面keystone建立的租户、该租户的管理用户名、密码一致:
增加鉴权设置到profile文件,以后命令行就不用老是输入:–os_username=admin –os_password=123456 –os_tenant=hanborq –os_auth_url=http://127.0.0.1:5000/v2.0 这些参数。
# cat > keystonerc <<EOF
export ADMIN_TOKEN=$(openssl rand -hex 10)
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_TENANT_NAME=hanborq
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
EOF
export ADMIN_TOKEN=$(openssl rand -hex 10)
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_TENANT_NAME=hanborq
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
EOF
# cat keystonerc >> ~/.bash_profile
# . ~/.bash_profile
# openstack-config –set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# openstack-config –set /etc/keystone/keystone.conf DEFAULT connection mysql://keystone:keystone@localhost/keystone
启动Keystone服务:
# systemctl start openstack-keystone.service
# systemctl enable openstack-keystone.service
# ps axf|grep keystone
31876 ? Ss 0:00 /usr/bin/python /usr/bin/keystone-all –config-file /etc/keystone/keystone.conf
31876 ? Ss 0:00 /usr/bin/python /usr/bin/keystone-all –config-file /etc/keystone/keystone.conf
初始化keystone数据库:
# keystone-manage db_sync
查看log位置:
# vi /var/log/keystone/keystone.log
建立一个KeyStone的用户、租户、角色:
建立租户:
这里token为上面keystone.conf配置文件里面的admin_token,这里的endpoint地址为刚安装的keystone地址和keystone.conf配置文件的admin_port,如果这两项已经放入~/.bash_profile,则这里可以不需要。
版本固定为v2.0,租户名字为hanborq。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0/ tenant-create –name hanborq –description “HanBorq Tenant” –enabled true
+————-+———————————-+
| Property | Value |
+————-+———————————-+
| description | HanBorq Tenant |
| enabled | True |
| id | 94d38db32a7d4107beeed36d9e98bf06 |
| name | hanborq |
+————-+———————————-+
| Property | Value |
+————-+———————————-+
| description | HanBorq Tenant |
| enabled | True |
| id | 94d38db32a7d4107beeed36d9e98bf06 |
| name | hanborq |
+————-+———————————-+
建立用户:
这里的tenant_id为上面建立的tenant的id,用户名为admin,口令为123456。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id 94d38db32a7d4107beeed36d9e98bf06 –name admin –pass 123456 –enabled true
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | cd5e2e764fc7420dad016f9af7be7123 |
| name | admin |
| password | $6$rounds=40000$tfY5suG0ySPZ05RL$Kz7SUdAFhQOX8YYs01pGyznHS85wBcdm/a4DVKRQ6VEDZdZATGiB94/BKUedHa51mZ8wbF3VF3/VLt0QSTwc11 |
| tenantId | 94d38db32a7d4107beeed36d9e98bf06 |
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | cd5e2e764fc7420dad016f9af7be7123 |
| name | admin |
| password | $6$rounds=40000$tfY5suG0ySPZ05RL$Kz7SUdAFhQOX8YYs01pGyznHS85wBcdm/a4DVKRQ6VEDZdZATGiB94/BKUedHa51mZ8wbF3VF3/VLt0QSTwc11 |
| tenantId | 94d38db32a7d4107beeed36d9e98bf06 |
+———-+————————————————————————————————————————-+
建立角色:
角色名字为admin。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-create –name admin
+———-+———————————-+
| Property | Value |
+———-+———————————-+
| id | 428438feb3eb4946907b519383f38ceb |
| name | admin |
+———-+———————————-+
角色名字为member。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-create –name member
+———-+———————————-+
| Property | Value |
+———-+———————————-+
| id | aee579c6430c46d9861c5b684d42ebb7 |
| name | member |
+———-+———————————-+
| Property | Value |
+———-+———————————-+
| id | aee579c6430c46d9861c5b684d42ebb7 |
| name | member |
+———-+———————————-+
把admin角色授予hanborq租户的admin用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user cd5e2e764fc7420dad016f9af7be7123 –tenant_id 94d38db32a7d4107beeed36d9e98bf06 –role 428438feb3eb4946907b519383f38ceb
建立公用的服务租户、Glance用户、Nova用户、EC2用户、Swift用户:
建立服务租户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 tenant-create –name service –description “Service Tenant” –enabled true
+————-+———————————-+
| Property | Value |
+————-+———————————-+
| description | Service Tenant |
| enabled | True |
| id | d9eb763b350b4ff681be7f2bf95d65d5 |
| name | service |
+————-+———————————-+
| Property | Value |
+————-+———————————-+
| description | Service Tenant |
| enabled | True |
| id | d9eb763b350b4ff681be7f2bf95d65d5 |
| name | service |
+————-+———————————-+
建立Glance用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name glance –pass glance –enabled true
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 1c8074ce6b13400bbeb6efaa4e11910d |
| name | glance |
| password | $6$rounds=40000$I7EGyqt4HaDxdWRM$7gPPkF5XCDNz4aucLXwAUzz9ipzRM9JgtwsCPLeUqFilfeFper/kjhV3XWWvnmUzSTqnv/C.WbbMkgSEapViy. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 1c8074ce6b13400bbeb6efaa4e11910d |
| name | glance |
| password | $6$rounds=40000$I7EGyqt4HaDxdWRM$7gPPkF5XCDNz4aucLXwAUzz9ipzRM9JgtwsCPLeUqFilfeFper/kjhV3XWWvnmUzSTqnv/C.WbbMkgSEapViy. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的glance用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 1c8074ce6b13400bbeb6efaa4e11910d –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
建立nova用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name nova –pass nova –enabled true
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 4e8e9fb808b64e3f8a6fc266e7cc6517 |
| name | nova |
| password | $6$rounds=40000$clEIMiItgmqk9czI$oFXKlxq0b3oRKGdMv8o0sg2fm9bMk2yMt24NaJ4agcBRdCmRhv3WWkj2WdtswuCHang2qHLuC3tT3d69SRFSR0 |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 4e8e9fb808b64e3f8a6fc266e7cc6517 |
| name | nova |
| password | $6$rounds=40000$clEIMiItgmqk9czI$oFXKlxq0b3oRKGdMv8o0sg2fm9bMk2yMt24NaJ4agcBRdCmRhv3WWkj2WdtswuCHang2qHLuC3tT3d69SRFSR0 |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的nova用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 4e8e9fb808b64e3f8a6fc266e7cc6517 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
建立ec2用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name ec2 –pass ec2 –enabled true
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | b8ac2f679d6545e38b3fb5dcf14ac0c1 |
| name | ec2 |
| password | $6$rounds=40000$Im..ohGThtaN1rLb$PSaXZSfJWyu5VHXZZ3l1j5uPyrl4wQIqKWBABRAlhR6lDh2qdBB/u3DFa9LjHdVuHetttHEhHu7VgXNevYsYu. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | b8ac2f679d6545e38b3fb5dcf14ac0c1 |
| name | ec2 |
| password | $6$rounds=40000$Im..ohGThtaN1rLb$PSaXZSfJWyu5VHXZZ3l1j5uPyrl4wQIqKWBABRAlhR6lDh2qdBB/u3DFa9LjHdVuHetttHEhHu7VgXNevYsYu. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的ec2用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user b8ac2f679d6545e38b3fb5dcf14ac0c1 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
建立用于对象存储的swift用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name swift –pass swift –enabled true
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 6fceec63405a432a9e3ccbe89a1bbdb4 |
| name | swift |
| password | $6$rounds=40000$JJlQ2vmlsbd.OP8d$pbv90hRcQbkJvBz1oI1hZsf01BEaI30M9Ae0jiXBmnFmCb.WOiw9SPXqhk7kuWtb5BV/os9cqdXm6nZA.Ajll. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
| Property | Value |
+———-+————————————————————————————————————————-+
| email | None |
| enabled | True |
| id | 6fceec63405a432a9e3ccbe89a1bbdb4 |
| name | swift |
| password | $6$rounds=40000$JJlQ2vmlsbd.OP8d$pbv90hRcQbkJvBz1oI1hZsf01BEaI30M9Ae0jiXBmnFmCb.WOiw9SPXqhk7kuWtb5BV/os9cqdXm6nZA.Ajll. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5 |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的swift用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 6fceec63405a432a9e3ccbe89a1bbdb4 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
查看一下这些列表:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-list
+———————————-+——–+
| id | name |
+———————————-+——–+
| 428438feb3eb4946907b519383f38ceb | admin |
| aee579c6430c46d9861c5b684d42ebb7 | member |
+———————————-+——–+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 tenant-list
+———————————-+———+———+
| id | name | enabled |
+———————————-+———+———+
| 94d38db32a7d4107beeed36d9e98bf06 | hanborq | True |
| d9eb763b350b4ff681be7f2bf95d65d5 | service | True |
+———————————-+———+———+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-list
+———————————-+———+——-+——–+
| id | enabled | email | name |
+———————————-+———+——-+——–+
| 1c8074ce6b13400bbeb6efaa4e11910d | True | None | glance |
| 4e8e9fb808b64e3f8a6fc266e7cc6517 | True | None | nova |
| 6fceec63405a432a9e3ccbe89a1bbdb4 | True | None | swift |
| b8ac2f679d6545e38b3fb5dcf14ac0c1 | True | None | ec2 |
| cd5e2e764fc7420dad016f9af7be7123 | True | None | admin |
+———————————-+———+——-+——–+
+———————————-+——–+
| id | name |
+———————————-+——–+
| 428438feb3eb4946907b519383f38ceb | admin |
| aee579c6430c46d9861c5b684d42ebb7 | member |
+———————————-+——–+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 tenant-list
+———————————-+———+———+
| id | name | enabled |
+———————————-+———+———+
| 94d38db32a7d4107beeed36d9e98bf06 | hanborq | True |
| d9eb763b350b4ff681be7f2bf95d65d5 | service | True |
+———————————-+———+———+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-list
+———————————-+———+——-+——–+
| id | enabled | email | name |
+———————————-+———+——-+——–+
| 1c8074ce6b13400bbeb6efaa4e11910d | True | None | glance |
| 4e8e9fb808b64e3f8a6fc266e7cc6517 | True | None | nova |
| 6fceec63405a432a9e3ccbe89a1bbdb4 | True | None | swift |
| b8ac2f679d6545e38b3fb5dcf14ac0c1 | True | None | ec2 |
| cd5e2e764fc7420dad016f9af7be7123 | True | None | admin |
+———————————-+———+——-+——–+
为了和S3兼容,需要修改keystone.conf文件:
增加两行,修改一行:
…
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
…
[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
…