Based on Ubuntu 14.04 LTS x86_64
service ntp restart
4. install mysql serveraptitude -y install mysql-servervi /etc/mysql/my.cnf[mysqld]default-storage-engine = innodbcollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf8bind-address = 192.168.1.10
service mysql restartmysql_secure_installation5. aptitude -y install python-mysqldb7. aptitude -y install rabbitmq-serverrabbitmqctl change_password guest GUEST_PASSservice rabbitmq-server restart
8. Install and Configure OpenStack Identity Service (Keystone)aptitude -y install keystonemysql -uroot -pmysql> create database keystone;mysql> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE-DBPASS';mysql> grant all privileges on keystone.* to 'keystone'@'%' identified by 'KEYSTONE-DBPASS';mysql> flush privileges;vi /etc/keystone/keystone.conf
[database]#connection = sqlite:var/lib/keystone/keystone.db
connection = mysql://keystone:keystone@MYSQL-SERVER/keystone
rm -rf /var/lib/keystone/keystone.db
keystone-manage db_sync
vi /etc/keystone/keystone.conf
admin_token = admintokentoken_format = PKIcertfile = /etc/keystone/ssl/certs/signing_cert.pemkeyfile = /etc/keystone/ssl/private/signing_key.pemca_certs = /etc/keystone/ssl/certs/ca.pemca_key = /etc/keystone/ssl/private/cakey.pemkey_size = 2048valid_days = 3650cert_subject = /C=CN/ST=Shanghai/L=Shanghai/O=HKT/CN=controllerlog_dir = /var/log/keystone
9. rm -rf /etc/keystone/ssl/*
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone /var/log/keystonechmod -R o-rwx /etc/keystone/ssl
service keystone restart10. crontab -e
@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1service cron restart11. export OS_SERVICE_TOKEN=admintoken
export OS_SERVICE_ENDPOINT=12.# add admin tenantkeystone tenant-create --name admin --description "Admin Tenant"
# add service tenant
keystone tenant-create --name service --description "Service Tenant"
# add admin role
keystone role-create --name admin
# add admin user (set in admin tenant)
keystone user-create --tenant admin --name admin --pass ADMIN-USER-PASSWORD
# add admin user in admin role
keystone user-role-add --user admin --tenant admin --role admin
# add demo1 tenant
keystone tenant-create --name=demo1 --description="Demo1 Tenant"# add demo1 userkeystone user-create --tenant demo1 --name demo1 --pass DEMO1-USER-PASSWORD# add service for keystone
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
# add endpoint for keystone
keystone endpoint-create --region RegionOne --service keystone --publicurl= --internalurl= --adminurl=
13. Load environment variablesunset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
vi ~/adminrc export OS_USERNAME=adminexport OS_PASSWORD=ADMIN-USER-PASSWORDexport OS_TENANT_NAME=adminexport OS_AUTH_URL=chmod 600 ~/adminrc ; source ~/adminrc echo "source ~/adminrc " >> ~/.profilevi ~/demo1rc
export OS_USERNAME=demo1export OS_PASSWORD=DEMO1-USER-PASSWORDexport OS_TENANT_NAME=demo1export OS_AUTH_URL=Get user-role-list script
vi get-user-role-list.py
#!/usr/bin/pythonimport os, prettytable, sysfrom keystoneclient.v2_0 import clientfrom keystoneclient import utilskeystone = client.Client(username=os.environ['OS_USERNAME'], password=os.environ['OS_PASSWORD'], tenant_name=os.environ['OS_TENANT_NAME'], auth_url=os.environ['OS_AUTH_URL'])f_user = f_tenant = ""if "-u" in sys.argv: f_user = sys.argv[sys.argv.index("-u")+1]if "-t" in sys.argv: f_tenant = sys.argv[sys.argv.index("-t")+1]tenants = [t for t in keystone.tenants.list() if f_tenant in t.name]users = [u for u in keystone.users.list() if f_user in u.name]pt = prettytable.PrettyTable(["name"]+[t.name for t in tenants])for user in users: row = [user.name] for tenant in tenants: row.append("\n".join([u.name for u in user.list_roles(tenant.id)])) pt.add_row(row)print pt.get_string(sortby="name")chmod +x get-user-role-list.py
./get-user-role-list.py