验证操作
[root@controller ~]# vim /usr/share/keystone/keystone-dist-paste.ini#因为安全性的原因,关闭临时认证令牌机制,删除 以下三个段中 admin_token_auth字段
[pipeline:public_api]
[pipeline:admin_api]
[pipeline:api_v3]
[root@controller ~]# unset OS_TOKEN OS_URL #重置OS_TOKEN和OS_URL环境变量
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue #使用 admin 用户,请求认证令牌,密码为123456
Password:
------------ ----------------------------------
| Field | Value |
------------ ----------------------------------
| expires | 2018-02-03T15:25:41.805097Z |
| id | ed30245e370648a185539a970e6c9e19 |
| project_id | 839cdfc946e1491c8004e3b732d17f9a |
| user_id | d4f0c9b24be84306960e29a7961d22a3 |
------------ ----------------------------------
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue #使用 demo 用户,请求认证令牌
Password:
------------ ----------------------------------
| Field | Value |
------------ ----------------------------------
| expires | 2018-02-03T15:25:58.135574Z |
| id | a9c52f8f92804a81b7d0c6b5496a8ee3 |
| project_id | 2003811a2ad548e7b686f06a55fe9ce9 |
| user_id | d4ffbeefe72d412187047a79e3a51d00 |
------------ ----------------------------------
前面我们使用环境变量和命令选项的组合通过openstack客户端与身份认证服务交互。为了提升客户端操作的效率,OpenStack支持简单的客户端环境变量脚本即OpenRC 文件
创建 admin 和 ``demo``项目和用户创建客户端环境变量脚本,为客户端操作加载合适的的凭证。
[root@controller ~]# cat admin-openrc.sh #编辑文件 admin-openrc.sh 并添加如下内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@controller ~]# cat demo-openrc.sh #编辑文件 demo-openrc.sh 并添加如下内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@controller ~]# source admin-openrc.sh #加载admin-openrc.sh文件来身份认证服务的环境变量位置和admin项目和用户证书
[root@controller ~]# openstack token issue #请求认证令牌信息
------------ ----------------------------------
| Field | Value |
------------ ----------------------------------
| expires | 2018-02-03T15:30:58.249772Z |
| id | 48602913c79046f69d4db4ce7645b61b |
| project_id | 839cdfc946e1491c8004e3b732d17f9a |
| user_id | d4f0c9b24be84306960e29a7961d22a3 |
------------ ----------------------------------
[root@controller ~]# source demo-openrc.sh #同上
[root@controller ~]# openstack token issue
------------ ----------------------------------
| Field | Value |
------------ ----------------------------------
| expires | 2018-02-03T15:31:09.666144Z |
| id | 9f3a4ff3239f418c8c000e712b42b216 |
| project_id | 2003811a2ad548e7b686f06a55fe9ce9 |
| user_id | d4ffbeefe72d412187047a79e3a51d00 |
------------ ----------------------------------
