Openstack Keystone和Swift的集成操作
因为机器有限,此次此时仅仅使用swift的ALL IN ONE安装模式.Keystone的安装和swift安装都在同一机器上运行。
此次的记录并未记录swift ALL IN ONE的安装方法,仅仅记录keystone如何与swift all in ONe方式进行集成完成鉴权
系统:Ubuntu 10.04
/**拷贝项目到本地**/ --需要安装git sudo apt-get install git
git clone https://github.com/openstack/keystone.git
git clone https://github.com/openstack/python-keystoneclient.git
/**下载所需工具包**/
sudo apt-get install python-dev libxml2-dev libxslt1-dev libsasl2-dev libsqlite3-dev libssl-dev libldap2-dev [同时下载镜像慢会报错,最好分开下载]
sudo apt-get install sqlitebrowser
/**创建用户或者使用root用户进行操作/
sudo su
/**进入keystone文件夹下**/
cd keystone
/**安装VirtualEnv **/
sudo python tools/install_venv.py [无异常就生成成功,操作最好以root]
(这步操作也同时下载了pip-requires和test-requires所需的包)
/**切换到新创建的虚拟环境中**/
source .vent/bin/activate
[停用虚拟环境] deactivate
/**安装KeyStone**/
如需在虚拟环境外也可使用keystone命令行
sudo pip tools/pip-requires
sudo pip tools/test-requires
sudo python setup.py develop
/**测试keystone引用**/
sudo python
>>> import keystone
>>>
/** 将示例用来启动keystone的配置文件还原**/[当前还在keystone文件目录下,目录下有etc]
cp etc/keystone.conf.sample etc/keystone.conf
*******************这里我选择的是SQLite存储方式,可以更换为其他数据库或者是基于文件的存储。 记住更改内面引用的user**********
/** 测试以前的swift是否能够跑通 (鉴权方式并非keystone的时候)**/
swift-init main start
curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0
(能够返回200或者204的话,说明运行通畅,可以先暂时停掉swift了,因为后续要修改proxy-server.conf)
/**开启keystone**/
cd ~/keystone
bin/keystone-all
/**运行数据库初始化**/
sudo bin/keystone-manage db_sync
/**根据配置文件的token的来创建租户,用户,角色**/
(使用的是python-keystoneclient.git 项目)
export SERVICE_TOKEN="在keystone安装目录下etc/keystone.conf中的Token值"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
/**创建租户**/ [ROOT]
keystone tenant-create --name=service
信息:id=d871847839fa4fbabd08950221917028
/**创建用户**/ [ROOT]
keystone user-create --name=admin --pass=admin --email=si.li@boventech.com
信息:id=1071f434270e4f7aa36f433be788d17b
/**创建ROLE**/
keystone role-create --name=admin
信息:id=07c69b2da1e041c1800238f0120db2a9
keystone role-create --name=Member
信息:id=460e5db0aeb54d9e9c6c446f778e64f6
/**Add Roles to Users IN Tenants**/
keystone user-role-add --user [这里放用户ID] --role [这里放角色ID] --tenant_id [这里放tenantID]
/**配置KeyStone的Service **/
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | b6b28e55990f428bacd2ca45f64799ce|
| name | keystone |
| type | identity |
//+-------------+----------------------------------+
//配置Keystone Service的endpoint
keystone endpoint-create --region RegionOne
--service_id b6b28e55990f428bacd2ca45f64799ce
--publicurl 'http://localhost:5000/v2.0'
--adminurl 'http://localhost:35357/v2.0'
--internalurl 'http://localhost:5000/v2.0'
/**配置Swift的Service **/
keystone service-create --name=swift --type="object-store" --description="Swift Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Swift Service |
| id | 004608f103714d81aa3e01b79913789b |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
//创建管理Swift的User
keystone user-create --name=swift --pass=admin --tenant_id d871847839fa4fbabd08950221917028 --email=si.li@boventech.com
信息: id=8651d459557c474389bca64a9346f70a
//将名称为"admin"的角色权限配置给用户名为"swift"的用户到"service"的租户管理中
keystone user-role-add --tenant_id {tenant_id} --user {user_id} --role {rule_id}
//为Swift Service 配置endpoint
keystone endpoint-create --region RegionOne
--service_id 004608f103714d81aa3e01b79913789b
--publicurl 'http://localhost:8080/v1/AUTH_{tenantID}'
--adminurl 'http://localhost:8080/'
--internalurl 'http://localhost:8080/v1/AUTH_{tenantID}'
/**创建完毕后检查Sqlite3内存储的信息是否已经加进去了**/
sqlite3 keystone.db
SQLite version 3.6.22
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite>.tables
sqlite>select * from service;
sqlite>select * from user;
sqlite>select * from ....;
或者打开图形界面
sudo sqlitebrowser
*************************************配置swift/proxy-server.conf*********************
[DEFAULT]
bind_port = 8080
user =sili
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin,Member
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision =0
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_uri=http://127.0.0.1:5000/
auth_token = ADMIN
admin_token = ADMIN
auth_protocol = http
[filter:cache]
use = egg:swift#memcache
set log_name = cache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
**************************************************************************************
//开启swift
swift-init proxy start
swift-init all start
//测试
/**测试keystone在节点上是否完好**/
curl -d '{"auth": {"tenantName": "service", "passwordCredentials":{"username": "swift", "password": "admin"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool
/**测试swift集成**/
swift -A http://localhost:5000/v2.0 -U service:swift -K admin stat -V 2