在OpenStack中安装和配置Controller Node的步骤
时间:2020-02-23 14:40:12 来源:igfitidea点击:
控制器节点运行身份服务,图像服务,计算的管理部分,网络的管理部分,各种网络代理和仪表板。它还包括支持服务,例如SQL数据库,消息队列和网络时间协议(NTP)。
(可选)控制器节点运行"块存储","对象存储","编排"和"遥测"服务的一部分。
以下是控制器节点的核心和可选组件。来自docs.openstack.org
在OpenStack中安装和配置控制器节点的步骤
如果要手动安装和配置控制器节点以及Openstack的整个设置,将花费大量时间,因此,还有其他方法可以使用packstack,devstack和Tripleo等工具来自动进行配置和部署。
我已经分享了逐步指南,以使用packstack和TripleO 在虚拟机上设置openstack部署。
对于本文,我将使用Openstack的" Queens"版本。
在本文中,我将介绍以下主题
配置网络
配置NTP
启用OpenStack存储库
安装OpenStack客户端
安装和配置MariaDB数据库
安全的MariaDB数据库
安装RabbitMQ服务
配置Memcached
OpenStack Keystone服务
更新梯形失真校正配置
创建项目或者租户
创建环境文件
其中我的安装程序在Windows 10主机上托管的Oracle Virtual Box上运行。
下面是我的服务器配置
| 配置 | 值 |
|---|---|
| 磁盘 | 10 GB |
| 内存 | 4 GB |
| vCPU | 2个 |
| 操作系统 | CentOS7.4 |
| NIC1 | 10.0.2.10 |
| NIC2 | DHCP |
配置网络
我的控制器IP为" 10.0.2.10"
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:df:87:41 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.10/24 brd 10.0.2.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fedf:8741/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:95:c3:cd brd ff:ff:ff:ff:ff:ff
inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 69907sec preferred_lft 69907sec
inet6 fe80::a00:27ff:fe95:c3cd/64 scope link
valid_lft forever preferred_lft forever
说明:
这里的" 10.0.3.15"是我的外部网络,用于连接到Internet以下载所需的软件包
我已将我的设置的主机名FQDN和IP地址映射到控制器节点的hosts文件中。一旦开始在其他节点上工作,我们将在其他节点上执行相同的操作
[root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.2.10 controller.example.com controller 10.0.2.11 compute.example.com compute 10.0.2.12 network.example.com network 10.0.2.13 storage.example.com storage
对于我们的演示设置,我们将"停止"防火墙服务
[root@controller ~]# systemctl stop firewalld [root@controller ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
警告:
在生产环境中启用,启动并运行防火墙非常重要。我们必须添加所有必需的iptables规则,以使Openstack服务在节点之间以及各种服务中均可以访问。
OpenStack网络当前在启用了网络管理器(NetworkManager)服务的系统上不起作用。当前默认情况下在RHEL/CentOS 7上启用网络管理器服务。因此,请禁用并停止网络管理器服务。
[root@controller ~]# systemctl disable NetworkManager Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service. [root@controller ~]# systemctl stop NetworkManager
配置NTP
安装所需的ntp守护程序(如果尚不可用)
[root@controller ~]# yum -y install ntp
将NTP服务器池放在ntp.conf中
server 0.asia.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org server 3.asia.pool.ntp.org
接下来重启ntpd服务
[root@controller ~]# systemctl restart ntpd
检查ntpd守护程序状态
[root@controller ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-11-01 21:18:12 IST; 4s ago
Process: 15456 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 15457 (ntpd)
CGroup: /system.slice/ntpd.service
└─15457 /usr/sbin/ntpd -u ntp:ntp -g
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen and drop on 1 v6wildcard :: UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 2 lo 127.0.0.1 UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 3 enp0s3 10.0.2.10 UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 4 eth0 10.0.3.15 UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 5 lo ::1 UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 6 enp0s3 fe80::a00:27ff:fedf:8741 UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listen normally on 7 eth0 fe80::a00:27ff:fe95:c3cd UDP 123
Nov 01 21:18:12 controller.example.com ntpd[15457]: Listening on routing socket on fd #24 for interface updates
Nov 01 21:18:13 controller.example.com ntpd[15457]: 0.0.0.0 c016 06 restart
Nov 01 21:18:13 controller.example.com ntpd[15457]: 0.0.0.0 c012 02 freq_set kernel 8.476 PPM
接下来检查NTP服务是否能够连接到其对等设备
[root@controller ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
ns-vultr.nono.i 218.73.139.35 2 u 14 64 1 304.210 5213983 0.000
hkg1.m-d.net 133.243.238.163 2 u 16 64 1 317.870 5213989 0.000
ntp.sg.eria.one 10.84.87.146 2 u 18 64 1 208.213 5213990 0.000
203.95.213.129 193.62.22.74 3 u 19 64 1 601.558 5214001 0.000
启用OpenStack存储库
在CentOS上,Extras存储库提供了可启用OpenStack存储库的RPM。 CentOS默认包含Extras存储库,因此我们只需安装该软件包即可启用OpenStack存储库。
说明:
由于我们正在安装Queens版本,因此我们将从项目中安装Queen仓库
[root@controller ~]# yum install centos-release-openstack-queens -y
下载并安装RDO存储库RPM以启用OpenStack存储库。
[root@controller ~]# yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-queens/rdo-release-queens-1.noarch.rpm
最后,我们在OpenStack中安装和配置控制器节点所需的最终存储库列表如下
[root@controller ~]# yum repolist Loaded plugins: fastestmirror, langpacks Repository rdo-trunk-queens-tested is listed more than once in the configuration Loading mirror speeds from cached hostfile * base: centos.excellmedia.net * extras: centos.excellmedia.net * updates: centos.excellmedia.net repo id repo name status !base/7/x86_64 CentOS-7 - Base 9,911 !centos-ceph-luminous/7/x86_64 CentOS-7 - Ceph Luminous 184 !centos-openstack-queens/7/x86_64 CentOS-7 - OpenStack queens 2,447+2 !centos-qemu-ev/7/x86_64 CentOS-7 - QEMU EV 63 !extras/7/x86_64 CentOS-7 - Extras 432 !openstack-queens/x86_64 OpenStack Queens Repository 2,449 !rdo-qemu-ev/x86_64 RDO CentOS-7 - QEMU EV 63 !updates/7/x86_64 CentOS-7 - Updates 1,614 repolist: 17,163
安装OpenStack客户端
" openstackclisent"(又名" OSC")是openstack的命令行客户端,它将用于计算,标识,图像,对象存储和块存储API的命令集整合到具有统一命令结构的单个shell中。在OpenStack中安装和配置控制器节点需要此工具。
[root@controller ~]# yum install python-openstackclient -y
安装和配置MariaDB数据库
Openstack在数据库选择方面非常灵活,OpenStack支持SQL数据库引擎,例如MariaDB,MySQL和postgresql。数据库服务在控制器节点上运行。在本演示中,我们将使用MariaDB,因此让我们继续安装MariaDB软件包。除此之外,我们还应该为MySQL安装python客户端库。
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
让我们在/etc/my.cnf.d内部创建一个新文件openstack.cnf,内容如下。
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.2.10 default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci character-set-server = utf8
创建一个" [mysqld]"部分,并将" bind-address"密钥设置为控制器节点的管理IP地址,以允许其他节点通过管理网络进行访问。设置其他键以启用有用的选项和UTF-8字符集:
启动数据库服务,并将其配置为在系统引导时启动:
[root@controller ~]# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. [root@controller ~]# systemctl start mariadb
检查状态
[root@controller ~]# systemctl status mariadb
● mariadb.service - MariaDB 10.1 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2016-11-01 17:23:26 IST; 18h ago
Main PID: 3364 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─3364 /usr/libexec/mysqld --basedir=/usr
Nov 01 17:23:26 controller.example.com systemd[1]: Starting MariaDB 10.1 database server...
Nov 01 17:23:26 controller.example.com mysql-prepare-db-dir[3327]: Database MariaDB is probably initialized in /var/lib/mysql alre...done.
Nov 01 17:23:26 controller.example.com mysqld[3364]: 2016-11-01 17:23:26 139821793515712 [Note] /usr/libexec/mysqld (mysqld 10.1....64 ...
Nov 01 17:23:26 controller.example.com systemd[1]: Started MariaDB 10.1 database server.
Hint: Some lines were ellipsized, use -l to show in full.
安全MariaDB数据库
执行以下命令以多种方式为MySQL或者MariaDB数据库设置安全性,例如设置root用户密码,删除可从localhost外部访问的root帐户,删除默认情况下我们帐户中的任何人都可以访问的匿名帐户(也是匿名的) ,以及允许任何人访问名称为" test_"的数据库的特权
让我们开始我们的脚本
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
安装RabbitMQ服务
OpenStack使用消息队列来协调服务之间的操作和状态信息。消息队列服务通常在控制器节点上运行。
[root@controller ~]# yum install rabbitmq-server -y
启动消息队列服务,并将其配置为在系统引导时启动:
[root@controller ~]# systemctl enable rabbitmq-server.service Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [root@controller ~]# systemctl start rabbitmq-server.service
使用redhat作为密码添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack redhat Creating user "openstack" ...
允许对openstack用户进行配置,写入和读取访问:
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
配置Memcached
用于服务的身份服务认证机制使用" Memcached"来缓存令牌。 " memcached"服务通常在控制器节点上运行。
安装软件包:
[root@controller ~]# yum install memcached python-memcached -y
配置服务以使用控制器节点的管理IP地址。这是为了允许其他节点通过管理网络进行访问:
[root@controller ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1,controller"
启动Memcached服务,并将其配置为在系统启动时启动:
[root@controller ~]# systemctl enable memcached.service [root@controller ~]# systemctl start memcached.service
Openstack Keystone服务
OpenStack Identity服务提供了一个集成点,用于管理身份验证,授权和服务目录。
身份服务通常是用户与之交互的第一项服务。身份验证后,最终用户可以使用其身份访问其他OpenStack服务。同样,其他OpenStack服务也利用身份服务来确保用户是他们所说的人,并发现其他服务在部署中的位置。身份服务还可以与某些外部用户管理系统(例如LDAP)集成。
使用数据库访问客户端以root用户身份连接到数据库服务器:
[root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 10 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
创建梯形失真校正数据库:
MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 sec)
授予对梯形数据库的适当访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec)
说明:
将" KEYSTONE_DBPASS"替换为密码。在此示例中,我的密码将为" openstack"
从数据库退出
MariaDB [(none)]> quit Bye
更新梯形失真校正配置
运行以下命令以安装软件包:
[root@controller ~]# yum install openstack-keystone openstack-utils httpd mod_wsgi -y
接下来配置梯形失真校正配置文件
说明:
将" KEYSTONE_DBPASS"替换为密码。在此示例中,我的密码将为" openstack"
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token b6648ecb74bbcb5d388d [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
同步梯形校正数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
令牌提供者配置
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage bootstrap --bootstrap-password redhat --bootstrap-admin-url http://controller:5000/v3/--bootstrap-internal-url http://controller:5000/v3/--bootstrap-public-url http://controller:5000/v3/--bootstrap-region-id RegionOne
配置Apache HTTP服务
[root@controller ~]# vim /etc/httpd/conf/httpd.conf ServerName controller
创建一个指向/usr/share/keystone/wsgi-keystone.conf文件的链接:
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service [root@controller ~]# systemctl status httpd.service
创建梯形失真校正服务实体
[root@controller ~]# openstack service create --name keystone --description "Openstack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Openstack Identity | | enabled | True | | id | 329a0fb8b2a7421fb24c8b7baeefee39 | | name | keystone | | type | identity | +-------------+----------------------------------+
创建梯形失真校正服务终结点
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 42cb3d82acbc47db8e0473b00517bc29 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 329a0fb8b2a7421fb24c8b7baeefee39 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30daf6142c2e4a8abe011b16c5bc0c3c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 329a0fb8b2a7421fb24c8b7baeefee39 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0270117e53c04d958e79b33fc247b7a0 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 329a0fb8b2a7421fb24c8b7baeefee39 | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | 0267824b7d934264aa9d560e7650681b | | name | default | | tags | [] | +-------------+----------------------------------+
创建项目或者租户
[root@controller ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | 0267824b7d934264aa9d560e7650681b | | enabled | True | | id | 8bb9c0b1fa7947778a4f914ea0752cfc | | is_domain | False | | name | admin | | parent_id | 0267824b7d934264aa9d560e7650681b | | tags | [] | +-------------+----------------------------------+
创建" admin"用户
[root@controller ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 0267824b7d934264aa9d560e7650681b |
| enabled | True |
| id | 1774158c0048410ea8114a35b7e2db7e |
| name | admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建admin角色
[root@controller ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 9c24032c58984e3ea6605b30cb2506c4 | | name | admin | +-----------+----------------------------------+
将admin用户分配给admin角色
[root@controller ~]# openstack role add --project admin --user admin admin
创建一个"服务"项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | 0267824b7d934264aa9d560e7650681b | | enabled | True | | id | 28f0fa2db8c1400db3fa514f5c926cc0 | | is_domain | False | | name | service | | parent_id | 0267824b7d934264aa9d560e7650681b | | tags | [] | +-------------+----------------------------------+
创建demo项目
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | 0267824b7d934264aa9d560e7650681b | | enabled | True | | id | c651c6b38d6849099dd6ea754a288e39 | | is_domain | False | | name | demo | | parent_id | 0267824b7d934264aa9d560e7650681b | | tags | [] | +-------------+----------------------------------+
创建demo用户
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 0267824b7d934264aa9d560e7650681b |
| enabled | True |
| id | c9c4f121493144be98097c67ad9feeb0 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建user角色:
[root@controller ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 8b2c75041b7149d5a122f9308d71a773 | | name | user | +-----------+----------------------------------+
将user角色添加到demo项目和用户中:
[root@controller ~]# openstack role add --project demo --user demo user
创建环境文件
为" admin"和" demo"项目以及用户创建客户端环境脚本。本指南的后续部分将参考这些脚本来加载用于客户端操作的适当凭据。
以下是我的adminrc文件。将" OS_PASSWORD"值替换为管理员密码
[root@controller ~]# cat adminrc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=redhat export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
加载adminrc文件以使用Identity服务的位置以及admin项目和用户凭据填充环境变量:
[root@controller ~]# source adminrc
请求身份验证令牌:
[root@controller ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2016-10-25T17:03:34+0000 | | id | gAAAAABb0elWkG4Q6UZ_NCXqazQAEubroEpeHelbD3UrOAdZsHtcdDJ1n7Fnb2xuGZfBLc74UZznZVA4lOT304SF9N7ZlFlXr39ZHmdlqB6iD1hbARkCkJt2rXARRretqw5vyLK07RXGrVtjFgN5wccU0PiZRgVRFyqkDdHMrcLcicDo1GrQlbg | | project_id | 8bb9c0b1fa7947778a4f914ea0752cfc | | user_id | 1774158c0048410ea8114a35b7e2db7e | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
同样地,下面是我的demorc文件
[root@controller ~]# cat demorc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=redhat export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
加载demorc文件以使用Identity服务的位置以及演示项目和用户凭据填充环境变量:
[root@controller ~]# source demorc
请求身份验证令牌:
[root@controller ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2016-10-25T17:08:07+0000 | | id | gAAAAABb0epn7oHBEcsoApMqFT3bQ9aMtE-n4lJ_rnRmFuuAlPuQ4Pgel2QfsVEywwTgSxEzeBFT3NVkBJ3Y2pD8VhJPSSn_EjrNudGa9M9UQlRaXLJmT30hokWHwD2Xz5LfuTAdjuaW0KWK-mS1L8X0jja-d-iECmNR9JY74YVIcTuDWaYMh2M | | project_id | c651c6b38d6849099dd6ea754a288e39 | | user_id | c9c4f121493144be98097c67ad9feeb0 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
