renben-openstack-keystone操作

controller节点操作
source /root/keystonerc_admin
1.查看openstack中keystone的endpoint
openstack endpoint list

+----------------------------------+-----------+--------------+--------------+
| ID | Region | Service Name | Service Type |
+----------------------------------+-----------+--------------+--------------+
| aebb35adbfc44026af8a73b02a769421 | RegionOne | gnocchi | metric |
| 8d88f9a4a91a4600a3d79d65a86b22a7 | RegionOne | neutron | network |
| af2e19d5e9b54d8280d67d6995325fbf | RegionOne | nova | compute |
| 34dd7ac61b504a68b95651da16675d70 | RegionOne | glance | image |
| 6228a6a7f13647f2aefbbc935e4a4b3a | RegionOne | ceilometer | metering |
| 0a67472789874a19ad1117235dd0d7c9 | RegionOne | keystone | identity |
| 03e0f1f858294c3eaff521a13b27b4f2 | RegionOne | cinderv2 | volumev2 |
| 53652ddb46764627a6fca20a59be5c84 | RegionOne | aodh | alarming |
| 5c8546a07bb440baa38385a86e9bc771 | RegionOne | cinderv3 | volumev3 |
| 5ae948c07ab5405bbbe27839c9c59e96 | RegionOne | cinder | volume |
+----------------------------------+-----------+--------------+--------------+

2.查看keystone服务
openstack service list
+----------------------------------+------------+----------+
| ID | Name | Type |
+----------------------------------+------------+----------+
| 2c016ddb1131459ab9a1b86e1506cde8 | nova | compute |
| 326ec835fe584e35b10087b4d356084d | aodh | alarming |
| 44d97d41fc2448c88245f83899e7fe28 | neutron | network |
| 47fb7f463c964c1ca70e65315064bff1 | ceilometer | metering |
| 4c036db1142a4364ae72bb578f308486 | cinder | volume |
| 6a1787668d7247529f8049e0ffcfe9e1 | keystone | identity |
| 7cfb51a6b5034397aea76031c5ecc94f | cinderv3 | volumev3 |
| b53b04ce09204d60a0d0c822843cfe4a | gnocchi | metric |
| b9c6ad85083049afb91b94f4d7f58ad6 | glance | image |
| e5ea2d3085d64d6689279473ce13d5ae | cinderv2 | volumev2 |
+----------------------------------+------------+----------+

3.查看image镜像服务
openstack endpoint show image
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://192.168.124.200:9292 |
| enabled | True |
| id | 34dd7ac61b504a68b95651da16675d70 |
| internalurl | http://192.168.124.200:9292 |
| publicurl | http://192.168.124.200:9292 |
| region | RegionOne |
| service_id | b9c6ad85083049afb91b94f4d7f58ad6 |
| service_name | glance |
| service_type | image |
+--------------+----------------------------------+
通过上面可以看到Nova访问Glance服务去获取Image时，Nova通过访问Keystone拿到Glance的Endpoint，然后通过访问该Endpoint去获取Glance服务，我们可以通过Endpoint的region属性去定义多个region。

（1）在openstack中，每一个service中都有三种Endpoint：Admin、Public、Internal（创建完service后需要为其创建API Endpoint）
（2）Admin使用者为管理员，能够修改User Project（Tenant）
（3）public使用者为客户端，使用者在外网管理自己云服务器
（4）internal使用者为内部组件间相互调用
（5）三种Endpoint在网络上开放的权限也不同，Admin通常只能对内网开放，public通常可以对外网开放，internal只能对有安装openstack服务的机器开放

4.修改keystone配置文件，controller节点操作
#查看keystone配置文件

[DEFAULT]
admin_token = 73f54011d6a4422892857a95d7cc21ee
debug = False
log_dir = /var/log/keystone
rpc_backend = rabbit
public_port=5000
admin_bind_host=0.0.0.0
public_bind_host=0.0.0.0
admin_port=35357
[assignment]
[auth]
[cache]
[catalog]
template_file = /etc/keystone/default_catalog.templates
driver = sql
[cors]
[cors.subdomain]
[credential]
key_repository = /etc/keystone/credential-keys
[database]
connection = mysql+pymysql://keystone_admin:edb8e43f12404ffb@192.168.124.100/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
public_workers=4
admin_workers=4
[federation]
[fernet_tokens]
key_repository = /etc/keystone/fernet-keys
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
expiration = 3600
provider = keystone.token.providers.uuid.Provider
driver = sql
revoke_by_id = True
[tokenless_auth]
[trust]
[ssl]
enable=False

#登陆数据库
mysql -ukeystone_admin -pedb8e43f12404ffb
#查看数据库
show databases；
显示如下内容，只有keystone数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| test |
+--------------------+

修改配置文件，修改部分如下
cat keystone.conf #再default字段下面添加如下一行
memcache_servers = controller:11211

#重启服务
systemctl restart httpd