openstack认证组件keystone配置 原创

[root@ct1 conf.d]# grep -vE "^#|^$" /etc/keystone/keystone.conf 
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
backend = oslo_cache.memcache_pool
enabled = true
memcache_servers = ct1:11211,ct2:11211,ct3:11211
[catalog]
[cors]
[credential]
[database]
connection=mysql+pymysql://keystone:123456@192.168.1.100:3307/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_hosts = 192.168.1.10:5672,192.168.1.11:5672,192.168.1.12:5672
rabbit_userid = guest
rabbit_password = guest
rabbit_retry_interval=1
rabbit_retry_backoff=2
rabbit_max_retries=0
rabbit_durable_queues=true
rabbit_ha_queues=true
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
在任意一个节点操作
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
scp -r /etc/keystone/fernet-keys/ /etc/keystone/credential-keys/ root@ct2:/etc/keystone/ 
scp -r /etc/keystone/fernet-keys/ /etc/keystone/credential-keys/ root@ct3:/etc/keystone/ 
三个节点上修改秘钥的属主以及属组
chown keystone:keystone /etc/keystone/credential-keys/ -R
chown keystone:keystone /etc/keystone/fernet-keys/ -R

同时您可以关注我的公众微信号“openstack免费云课堂”，每天定时更新有关云计算相关技术文章。