#mysql -uroot -p000000   #此处六个零是之前运行``mysql_secure_installation``脚本,为root用户设置的密码，请根据自己的实际情况实际修改>create database keystone;> grant all privileges on keystone.* to 'keystone'@'localhost' identified by '000000';> grant all privileges on keystone.* to 'keystone'@'%' identified by '000000';
#注解:第一条数据库命令是创建keystone数据库第二条是创建keystone用户并授予所有权限本地登陆并设置密码第三条是创建keystone用户并授予所有权限任意地点登陆并设置密码

[root@controller ~]# openssl rand -hex 10#生成伪随机字节输出结果为16位进制数据并指定随即长度10

#yum -y install openstack-keystone httpd mod_wsgi
编辑keystone.conf配置文件#vi /etc/keystone/keystone.conf
在[DEFAULT]下添加admin_token = ADMIN_TOKEN  #此处的ADMIN_TOKEN为上一步生成的随机数，请用随机数替换 ADMIN_TOKEN
在[database]下添加connection = mysql+pymysql://keystone:000000@controller/keystone    #配置数据库连接
在[token]下添加provider = fernet   #配置Fernet UUID令牌提供者

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone[root@controller ~]# mysql -uroot -p000000 -e 'show tables from keystone;'          #检查数据库是否同步

#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

编辑配置文件httpd.conf#vi /etc/httpd/conf/httpd.conf修改ServerName controller

#cp -p /opt/mitaka/wsgi-keystone.conf /etc/httpd/conf.d/

启动并设置开机启动#systemctl start httpd#systemctl enable httpd

查看admin_token 使用此命令[root@controller ~]# head /etc/keystone/keystone.conf |grep admin_token

#export OS_TOKEN=ADMIN_TOKEN   #配置认证令牌，此处ADMIN_TOKEN为之前生成的随机数，请自行替换，#export OS_URL=http://controller:35357/v3  #配置端点URL#export OS_IDENTITY_API_VERSION=3   #配置认证 API 版本

创建服务实体和身份认证服务：#openstack service create --name keystone --description "OpenStack Identity" identity
创建认证服务的 API 端点：#openstack endpoint create --region RegionOne identity public http://controller:5000/v3#openstack endpoint create --region RegionOne identity internal http://controller:5000/v3#openstack endpoint create --region RegionOne identity admin http://controller:35357/v3

创建域 default     #这里的default只是名字，可自行修改，但是要与后面相对应[root@controller ~]# openstack domain create --description "Default Domain" default  创建admin项目[root@controller ~]# openstack project create --domain default --description "Admin Project" admin创建admin用户[root@controller ~]# openstack user create --domain default --password 000000 admin  #此处六个零为admin用户的密码创建admin角色[root@controller ~]# openstack role create admin添加`admin` 角色到 admin 项目和用户上：[root@controller ~]# openstack role add --project admin --user admin admin

[root@controller ~]# openstack project create --domain default --description "Service Project" service

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo创建demo用户:[root@controller ~]# openstack user create --domain default --password 000000 demo创建user角色[root@controller ~]# openstack role create user添加 user角色到 demo 项目和用户：[root@controller ~]# openstack role add --project demo --user demo user

重置OS_TOKEN和OS_URL 环境变量:[root@controller ~]# unset OS_TOKEN OS_URL
作为 admin 用户，请求认证令牌：[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue

在/root/目录下创建脚本#vi /root/admin-openrc添加如下内容export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=000000  #此处的ADMIN_PASS为之前设置的admin用户密码000000export OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2
#vi /root/demo-openrc添加如下内容export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=000000   #这里的DEMO_PASS为之前的demo用户密码000000export OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

# . /root/admin-openrc#openstack token issue