在Controller 节点

# apt-get install mariadb-server python-mysqldb

# nano /etc/mysql/my.cnf

在my.cnf做以下修改：

bind-address = 10.10.10.10

default-storage-engine = innodb

innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8

# service mysql restart # mysql_secure_installation # apt-get install rabbitmq-server

# rabbitmqctl change_password guest openstack

# mysql -u root -p

> CREATE DATABASE keystone; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack'; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack'; > exit # apt-get install keystone python-keystoneclient # nano /etc/keystone/keystone.conf

[DEFAULT]

...

verbose = True

admin_token = openstack

........

connection = mysql://keystone:openstack@controller/keystone

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

[revoke] ... driver = keystone.contrib.revoke.backends.sql.Revoke

# keystone-manage db_sync

# service keystone restart

# rm -f /var/lib/keystone/keystone.db

# export OS_SERVICE_TOKEN=openstack

# export OS_SERVICE_TOKEN=openstack # export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

# keystone tenant-create --name admin --description "Admin Tenant"

# keystone user-create --name admin --pass openstack --email admin@example.com

# keystone role-create --name admin

# keystone user-role-add --user admin --tenant admin --role admin

# keystone tenant-create --name demo --description "Demo Tenant"

# keystone user-create --name demo --tenant demo --pass DEMO_PASS --email demo@example.com

# keystone tenant-create --name service --description "Service Tenant"

# keystone service-create --name keystone --type identity --description "OpenStack Identity"

# keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://controller:5000/v2.0 --internalurl http://controller:5000/v2.0 --adminurl http://controller:35357/v2.0 --region regionOne

# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

# keystone --os-tenant-name admin --os-username admin --os-password openstack --os-auth-url http://controller:35357/v2.0 token-get

# keystone --os-tenant-name admin --os-username admin --os-password openstack --os-auth-url http://controller:35357/v2.0 user-list

# keystone --os-tenant-name admin --os-username admin --os-password openstack --os-auth-url http://controller:35357/v2.0 role-list

# keystone --os-tenant-name demo --os-username demo --os-password openstack --os-auth-url http://controller:35357/v2.0 token-get

# touch admin-openrc.sh

export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=http://controller:35357/v2.0 # touch demo-openrc.sh export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=openstack export OS_AUTH_URL=http://controller:5000/v2.0 # source admin-openrc.sh