溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
一、部署OpenStack
1、環境
OS:CentOS6.5 X86_64
各節點時間同步、能基于主機名通信,清空iptables,關閉SElinux,禁用WorkManager服務
各節點的主機/etc/hosts文件配置:
cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.1 Node1 node1 controller www.node1.com 192.168.10.2 Node2 node2 compute www.node2.com 192.168.10.3 Node3 node3 network www.node3.com 192.168.10.4 Node4 node4 www.node4.com
2、配置Controller Node(Node1)的網絡
1)所有192.168.10.0段的數據包的源地址改成172.16.11.210
[root@Node1 ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 172.16.11.210 [root@Node1 ~]# service iptables save
2)打開內核的路由(網卡間轉發)功能
要實現nat,要將文件/proc/sys/net/ipv4/ip_forward內的值改為1,(默認是0)
[root@Node1 ~]# vi /etc/sysctl.conf [root@Node1 ~]# sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296
3)配置yum源
[root@Node1 yum.repos.d]# cat CentOS-OpenStack-icehouse.repo # CentOS-OpenStack-icehouse.repo # [centos-openstack-icehouse] name=CentOS-$releasever - OpenStack icehouse baseurl=https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/ #為什么現在這個博客很容易吞鏈接啊,一沒注意鏈接就發不出來 gpgcheck=0 enabled=1
二、Identity(Keystone)組件
1、Identity主要有兩個功能
用戶管理:認證和授權
認證方式有兩種:
token:持有授權字符串
帳號和密碼:
服務目錄:所有可用服務的信息庫,包含其API endpoint(訪問端口)路徑
2、常用術語
user:一個user可以關聯至多個tenant(租戶)
Tenant:租戶,一個tenant對應一個project,或一個組織
Role:角色
Token:令牌
Service:服務
Endpoint:服務的訪問入口
3、在Controller Node上安裝keystone組件
[root@Node1 ~]# yum install openstack-keystone python-keystoneclient [root@Node1 ~]# yum install openstack-utils [root@Node1 yum.repos.d]# rpm -ql openstack-utils /usr/bin/openstack-config /usr/bin/openstack-db /usr/bin/openstack-service /usr/bin/openstack-status /usr/share/doc/openstack-utils-2014.1
4、安裝數據庫,授權keystone能夠遠程連入mysqld,并初始化數據庫
1)安裝OpenStack優化的Mariabd數據庫并初始化
[root@Node1 ~]# yum install mariadb-galera-server -y
修改配置文件/etc/keystone/keystone.conf配置文件:
定義客戶端如何連接到keystone服務器
默認配置:
#connection=mysql://keystone:keystone@localhost/keystone
mysql協議 用戶名 密碼 主機 數據庫
授權keystone連接mysqld:
mysql> CREATE DATABASE keystone; mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
keystone-manage初始化數據庫:
[root@Node1 ~]# keystone-manage --help
usage: keystone-manage [db_sync|db_version|pki_setup|ssl_setup|token_flush]
optional arguments:
-h, --help show this help message and exit
--config-dir DIR Path to a config directory to pull *.conf files from.
This file set is sorted, so as to provide a
predictable parse order if individual options are
over-ridden. The set is parsed after the file(s)
specified via previous --config-file, arguments hence
over-ridden options in the directory take precedence.
--config-file PATH Path to a config file to use. Multiple config files
can be specified, with values in later files taking
precedence. The default files used are: None
--debug, -d Print debugging output (set logging level to DEBUG
instead of default WARNING level).
--log-config-append PATH, --log_config PATH
The name of logging configuration file. It does not
disable existing loggers, but just appends specified
logging configuration to any other existing logging
options. Please see the Python logging module
documentation for details on logging configuration
files.
--log-date-format DATE_FORMAT
Format string for %(asctime)s in log records. Default:
None
--log-dir LOG_DIR, --logdir LOG_DIR
(Optional) The base directory used for relative --log-
file paths
--log-file PATH, --logfile PATH
(Optional) Name of log file to output to. If no
default is set, logging will go to stdout.
--log-format FORMAT DEPRECATED. A logging.Formatter log message format
string which may use any of the available
logging.LogRecord attributes. This option is
deprecated. Please use logging_context_format_string
and logging_default_format_string instead.
--nodebug The inverse of --debug
--nostandard-threads The inverse of --standard-threads
--nouse-syslog The inverse of --use-syslog
--nouse-syslog-rfc-format
The inverse of --use-syslog-rfc-format
--noverbose The inverse of --verbose
--pydev-debug-host PYDEV_DEBUG_HOST
Host to connect to for remote debugger.
--pydev-debug-port PYDEV_DEBUG_PORT
Port to connect to for remote debugger.
--standard-threads Do not monkey-patch threading system modules.
--syslog-log-facility SYSLOG_LOG_FACILITY
Syslog facility to receive log lines
--use-syslog Use syslog for logging. Existing syslog format is
DEPRECATED during I, and then will be changed in J to
honor RFC5424
--use-syslog-rfc-format
(Optional) Use syslog rfc5424 format for logging. If
enabled, will add APP-NAME (RFC5424) before the MSG
part of the syslog message. The old format without
APP-NAME is deprecated in I, and will be removed in J.
--verbose, -v Print more verbose output (set logging level to INFO
instead of default WARNING level).
--version show program's version number and exit
Commands:
{token_flush,db_version,pki_setup,ssl_setup,db_sync}
Available commands
db_sync Sync the database.
db_version Print the current migration version of the database.
pki_setup Set up Key pairs and certificates for token signing
and verification.
ssl_setup Create key pairs and certificates for HTTPS
connections.
token_flush Flush expired tokens from the backend.# su -s /bin/sh -c "keystone-manage db_sync" keystone mysql> use keystone Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------------+ | Tables_in_keystone | +-----------------------+ | assignment | | credential | | domain | | endpoint | | group | | migrate_version | | policy | | project | | region | | role | | service | | token | | trust | | trust_role | | user | | user_group_membership | +-----------------------+ 16 rows in set (0.00 sec)
2)編輯/etc/keystone/keystone.conf配置文件
設置token:
[root@Node1 ~]# ADMIN_TOKEN=$(openssl rand -hex 10) #隨機設置幾個字符串也是可以的 [root@Node1 ~]# echo $ADMIN_TOKEN 8dc775e8139f48a8de39 [root@Node1 ~]# echo $ADMIN_TOKEN > admin_token.rc #保存起來,以便以后用到 [root@Node1 ~]# vi /etc/keystone/keystone.conf #admin_token=ADMIN #找到這行,并復制 admin_token=8dc775e8139f48a8de39 #用字符串代替ADMIN
設置本地PKI:
[root@Node1 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone [root@Node1 ~]# chown -R keystone:keystone /etc/keystone/ssl [root@Node1 ~]# chmod -R o-rwx /etc/keystone/ssl
啟動keystone:
[root@Node1 ~]# service openstack-keystone start Starting keystone: [ OK ] [root@Node1 ~]# chkconfig openstack-keystone on
設置環境變量:
[root@Node1 ~]# export OS_SERVICE_TOKEN=$ADMIN_TOKEN #方便客戶端使用 [root@Node1 ~]# export OS_SERVICE_ENDPOINT=http://192.168.10.1:35357/v2.0
5、keystone客戶端使用
1)創建用戶,角色,租戶
[root@Node1 ~]# keystone --help
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
usage: keystone [--version] [--timeout <seconds>]
[--os-username <auth-user-name>]
[--os-password <auth-password>]
[--os-tenant-name <auth-tenant-name>]
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
[--os-region-name <region-name>]
[--os-identity-api-version <identity-api-version>]
[--os-token <service-token>]
[--os-endpoint <service-endpoint>]
[--os-cacert <ca-certificate>] [--insecure]
[--os-cert <certificate>] [--os-key <key>] [--os-cache]
[--force-new-token] [--stale-duration <seconds>]
<subcommand> ...
Pending deprecation: Command-line interface to the OpenStack Identity API.
This CLI is pending deprecation in favor of python-openstackclient. For a
Python library, continue using python-keystoneclient.
Positional arguments:
<subcommand>
catalog List service catalog, possibly filtered by service.
ec2-credentials-create
Create EC2-compatible credentials for user per tenant.
ec2-credentials-delete
Delete EC2-compatible credentials.
ec2-credentials-get
Display EC2-compatible credentials.
ec2-credentials-list
List EC2-compatible credentials for a user.
endpoint-create Create a new endpoint associated with a service.
endpoint-delete Delete a service endpoint.
endpoint-get Find endpoint filtered by a specific attribute or
service type.
endpoint-list List configured service endpoints.
password-update Update own password.
role-create Create new role.
role-delete Delete role.
role-get Display role details.
role-list List all roles.
service-create Add service to Service Catalog.
service-delete Delete service from Service Catalog.
service-get Display service from Service Catalog.
service-list List all services in Service Catalog.
tenant-create Create new tenant.
tenant-delete Delete tenant.
tenant-get Display tenant details.
tenant-list List all tenants.
tenant-update Update tenant name, description, enabled status.
token-get Display the current user token.
user-create Create new user
user-delete Delete user.
user-get Display user details.
user-list List users.
user-password-update
Update user password.
user-role-add Add role to user.
user-role-list List roles granted to a user.
user-role-remove Remove role from user.
user-update Update user's name, email, and enabled status.
discover Discover Keystone servers, supported API versions and
extensions.
bootstrap Grants a new role to a new user on a new tenant, after
creating each.
bash-completion Prints all of the commands and options to stdout.
help Display help about this program or one of its
subcommands.
Optional arguments:
--version Shows the client version and exits.
--timeout <seconds> Set request timeout (in seconds).
--os-username <auth-user-name>
Name used for authentication with the OpenStack
Identity service. Defaults to env[OS_USERNAME].
--os-password <auth-password>
Password used for authentication with the OpenStack
Identity service. Defaults to env[OS_PASSWORD].
--os-tenant-name <auth-tenant-name>
Tenant to request authorization on. Defaults to
env[OS_TENANT_NAME].
--os-tenant-id <tenant-id>
Tenant to request authorization on. Defaults to
env[OS_TENANT_ID].
--os-auth-url <auth-url>
Specify the Identity endpoint to use for
authentication. Defaults to env[OS_AUTH_URL].
--os-region-name <region-name>
Specify the region to use. Defaults to
env[OS_REGION_NAME].
--os-identity-api-version <identity-api-version>
Specify Identity API version to use. Defaults to
env[OS_IDENTITY_API_VERSION] or 2.0.
--os-token <service-token>
Specify an existing token to use instead of retrieving
one via authentication (e.g. with username &
password). Defaults to env[OS_SERVICE_TOKEN].
--os-endpoint <service-endpoint>
Specify an endpoint to use instead of retrieving one
from the service catalog (via authentication).
Defaults to env[OS_SERVICE_ENDPOINT].
--os-cacert <ca-certificate>
Specify a CA bundle file to use in verifying a TLS
(https) server certificate. Defaults to
env[OS_CACERT].
--insecure Explicitly allow keystoneclient to perform "insecure"
TLS (https) requests. The server's certificate will
not be verified against any certificate authorities.
This option should be used with caution.
--os-cert <certificate>
Defaults to env[OS_CERT].
--os-key <key> Defaults to env[OS_KEY].
--os-cache Use the auth token cache. Defaults to env[OS_CACHE].
--force-new-token If the keyring is available and in use, token will
always be stored and fetched from the keyring until
the token has expired. Use this option to request a
new token and replace the existing one in the keyring.
--stale-duration <seconds>
Stale duration (in seconds) used to determine whether
a token has expired when retrieving it from keyring.
This is useful in mitigating process or network
delays. Default is 30 seconds.
See "keystone help COMMAND" for help on a specific command.[root@Node1 ~]# keystone help user-create
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
usage: keystone user-create --name <user-name> [--tenant <tenant>]
[--pass [<pass>]] [--email <email>]
[--enabled <true|false>]
Create new user
Arguments:
--name <user-name> New user name (must be unique).
--tenant <tenant>, --tenant-id <tenant>
New user default tenant.
--pass [<pass>] New user password; required for some auth backends.
--email <email> New user email address.
--enabled <true|false>
Initial user enabled status. Default is true.
[root@Node1 ~]# keystone user-create --name=admin --pass=admin #創建用戶和密碼
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) #這個警告信息是gmp包要5以上的版本
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 2156077a9bc644d597f07719fc67ea56 |
| name | admin |
| username | admin |
+----------+----------------------------------+
[root@Node1 ~]# keystone user-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 2156077a9bc644d597f07719fc67ea56 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@Node1 ~]# keystone role-create --name=admin #創建角色
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 908cde894759423780e5787e4e50d7fb |
| name | admin |
+----------+----------------------------------+
[root@Node1 ~]# keystone role-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | #默認的角色
| 908cde894759423780e5787e4e50d7fb | admin |
+----------------------------------+----------+
[root@Node1 ~]# keystone tenant-create --name=admin --description="Admin Tenant" #創建租戶
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 63607fac42c94ecbb2490eb01b357586 |
| name | admin |
+-------------+----------------------------------+
[root@Node1 ~]# keystone user-role-add --user admin --role admin --tenant admin #將用戶admin添加到admin角色和admin租戶
[root@Node1 ~]# keystone user-role-add --user admin --role _member_ --tenant admin #添加到默認的角色
[root@Node1 ~]# keystone user-role-list --user admin --tenant admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 2156077a9bc644d597f07719fc67ea56 | 63607fac42c94ecbb2490eb01b357586 |
| 908cde894759423780e5787e4e50d7fb | admin | 2156077a9bc644d597f07719fc67ea56 | 63607fac42c94ecbb2490eb01b357586 |
+----------------------------------+----------+----------------------------------+----------------------------------+創建一個普通用戶:
[root@Node1 ~]# keystone user-create --name demo --pass demo
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | a3ebced215de4892b9370b4d37eaf9bd |
| name | demo |
| username | demo |
+----------+----------------------------------+
[root@Node1 ~]# keystone tenant-create --name demo
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 0804069a7a454a9a86d4105dd40bed17 |
| name | demo |
+-------------+----------------------------------+
[root@Node1 ~]# keystone user-role-add --user demo --role _member_ --tenant demo
[root@Node1 ~]# keystone user-role-list --tenant=demo --user=demo
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | a3ebced215de4892b9370b4d37eaf9bd | 0804069a7a454a9a86d4105dd40bed17 |
+----------------------------------+----------+----------------------------------+----------------------------------+設置一個服務租戶:
[root@Node1 ~]# keystone tenant-create --name=service
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | c536e6faa30b4b3f998e14af70f4f7c2 |
| name | service |
+-------------+----------------------------------+ 2)創建服務和服務端點(endpoint)
[root@Node1 ~]# keystone help service-create
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
usage: keystone service-create --name <name> --type <type>
[--description <service-description>]
Add service to Service Catalog.
Arguments:
--name <name> Name of new service (must be unique).
--type <type> Service type (one of: identity, compute, network,
p_w_picpath, object-store, or other service identifier
string).
--description <service-description>
Description of service.
[root@Node1 ~]# keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 16929dabe6db4044af364ab96867b8b4 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@Node1 ~]# keystone service-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------+--------------------+
| id | name | type | description |
+----------------------------------+----------+----------+--------------------+
| 16929dabe6db4044af364ab96867b8b4 | keystone | identity | OpenStack Identity |
+----------------------------------+----------+----------+--------------------+[root@Node1 ~]# keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \ #普通用戶訪問端口
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0 #管理用戶訪問端口
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.10.1:35357/v2.0 |
| id | c10e8a817882456497c6acdb3e94e06b |
| internalurl | http://192.168.10.1:5000/v2.0 |
| publicurl | http://192.168.10.1:5000/v2.0 |
| region | regionOne |
| service_id | 16929dabe6db4044af364ab96867b8b4 |
+-------------+----------------------------------+
[root@Node1 ~]#使用用戶認證:
[root@Node1 ~]# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
[root@Node1 ~]# keystone --os-username=admin --os-password=admin --os-auth-url=http://192.168.10.1:35357/v2.0 token-get #這條命令能執行成功說明認證成功
[root@Node1 ~]# vi .admin-openrc.sh
[root@Node1 ~]# cat .admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.10.1:35357/v2.0
[root@Node1 ~]# . .admin-openrc.sh
[root@Node1 ~]# keystone user-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 2156077a9bc644d597f07719fc67ea56 | admin | True | |
| a3ebced215de4892b9370b4d37eaf9bd | demo | True | |
+----------------------------------+-------+---------+-------+
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
