Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?

keystone

これは、Solaris で keystone を動かすためのメモ。

keystone は、コントローラノードに構成されるコントロールスタックに属する。

Kilo から keystone は、Apache を利用するようになっているので注意:

Kilo リリースと Liberty リリースでは、keystone プロジェクトは eventlet を非推奨扱いとしています。代わりに WSGI 拡張に対応した専用 Web サーバーの使用を推奨しています。このガイドでは、Apache HTTP server の mod_wsgi を使用して、5000 番ポートと 35357 番ポートで Identity サービスのリクエストを処理します。デフォルトでは、keystone サービスは、まだ 5000 番と 35357 番をリッスンしています。そのため、このガイドでは、keystone サービスを無効化します。keystone プロジェクトは、Mitaka リリースで eventlet のサポートを削除する予定です。

library/python/openstackclient パッケージに含まれています。

Oracle® Solaris での OpenStack (Kilo) のインストールと構成 - OpenStackClient の実装

Kilo の現在のバージョンでは、すべての keystone コマンドは非推奨です。keystone コマンドを使用すると、該当するアラートが生成されます。

Identity API v2.0 (DEPRECATED)¶

参考にするドキュメント

Solaris 11.3 SRU 18 の OpenStack と keystone のバージョン

Solaris 11.3 SRU 18 (2017/4 現在) で提供される OpenStack は、Kilo リリース。

Release Notes, 2015.1.2

The 2015.1.2 release is a Kilo bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer), OpenStack Data Processing (Sahara), and OpenStack Bare metal service (Ironic).

  • cloud/openstack/keystone@0.2015.1.2,5.11-0.175.3.9.0.2.0:20160528T013901Z

準備

変数 概要
CONTROLLER_ADMIN_NODE OpenStack 管理サービスが接続されているコントローラノード内のインタフェースのホスト名または IP アドレス
CONTROLLER_ADMIN_NODE_IP OpenStack 管理サービスおよびトラフィックを処理するコントローラポートの IP アドレス
COMPUTE_ADMIN_NODE_IP OpenStack 管理サービスおよびトラフィックを処理するコンピュートポートの IP アドレス
VOLUME_IP コントローラノードのホスト名

Keystone データベースをすばやく移入するために、サンプルスクリプト /usr/demo/openstack/keystone/sample_data.sh を使用します。 詳細は、下記のマニュアルで。

Oracle® Solaris での OpenStack (Kilo) のインストールと構成 - サンプルの Keystone スクリプト

流れ


1. keystone が動作するコントローラ名と IP address を調べておく

controller-name の確認

root@solaris-11-3:~# getent hosts 172.16.166.152
172.16.166.152	solaris

2. NTP クライアントの構成

/etc/inet/ntp.client/etc/inet/ntp.conf にコピーして、ntp.conf を設定:

# cp /etc/inet/ntp.client /etc/inet/ntp.conf

ntp サービスの起動 (Solaris):

# svcadm enable ntp

3. RabbitMQ のインストール

# pkg install rabbitmq
# svcadm enable rabbitmq
# svcadm restart rad:local

3.1 動作確認: rabbitmq ユーザーで rabbitmqctl status を実行してみる

  root@solaris-11-3:~# su - rabbitmq

  rabbitmq@solaris-11-3:~$ rabbitmqctl status
  Status of node 'rabbit@solaris-11-3' ...
  [{pid,3431},
  {running_applications,[{rabbit,"RabbitMQ","3.6.1"},
                          {mnesia,"MNESIA  CXC 138 12","4.12.5"},
                          {os_mon,"CPO  CXC 138 46","2.3.1"},
                          {rabbit_common,[],"3.6.1"},
                          {xmerl,"XML parser","1.3.7"},
                          {ranch,"Socket acceptor pool for TCP protocols.",
                                "1.2.1"},
                          {sasl,"SASL  CXC 138 11","2.4.1"},
                          {stdlib,"ERTS  CXC 138 10","2.4"},
                          {kernel,"ERTS  CXC 138 10","3.2"}]},
  {os,{unix,sunos}},
  {erlang_version,"Erlang/OTP 17 [erts-6.4] [source] [64-bit] [smp:2:2] [async-threads:64] [hipe] [kernel-poll:true]\n"},
  {memory,[{total,43597856},
            {connection_readers,0},
            {connection_writers,0},
            {connection_channels,0},
            {connection_other,0},
            {queue_procs,2800},
            {queue_slave_procs,0},
            {plugins,0},
            {other_proc,19480832},
            {mnesia,60504},
            {mgmt_db,0},
            {msg_index,40288},
            {other_ets,829568},
            {binary,24888},
            {code,17352032},
            {atom,662409},
            {other_system,5144535}]},
  {alarms,[]},
  {listeners,[{clustering,25672,"::"},{amqp,5672,"::"},{amqp,5672,"0.0.0.0"}]},
  {vm_memory_high_watermark,0.4},
  {vm_memory_limit,2147483648},
  {disk_free_limit,50000000},
  {disk_free,12814667776},
  {file_descriptors,[{total_limit,8092},
                      {total_used,2},
                      {sockets_limit,7280},
                      {sockets_used,0}]},
  {processes,[{limit,1048576},{used,153}]},
  {run_queue,0},
  {uptime,40},
  {kernel,{net_ticktime,60}}]

4. MySQL のインストール

http://docs.oracle.com/cd/E69401_01/html/E74915/mysql.html#scrolltoc

# pkg install mysql-55
# pkg install mysql-55/client
# svcadm enable mysql:version_55

4.1 MySQL サーバーの root パスワードを設定

# mysqladmin -u root password welcome1

4.2

controller# mysql -u root -p
Enter password: MySQL-root-password
mysql> drop database if exists keystone;
mysql> create database keystone default character set utf8 default collate utf8_general_ci;
mysql> grant all privileges on keystone.* to 'keystone'@'$CONTROLLER_ADMIN_NODE' identified by 'welcome1';
mysql> flush privileges;
mysql> quit

5. Keystone のインストール

http://docs.oracle.com/cd/E69401_01/html/E74915/keystoneinst.html#scrolltoc

keystone のトークン情報は、MySQL に格納されるが、接続ユーザーが多くなると DB からの呼び出しが多発してパフォーマンスに影響が出る。それを回避するために、memcached を利用することも考えなければいけない。

keystone と memcached をインストールする

# pkg install keystone
# pkg install memcached

5.1 memcached の設定

特に設定は必要ない?

動作状況の確認は、memcached-tool (perl script)を入手して実行してみると良い。

# svcadm enable memcached

Memcached が正常に動作している場合は、total_items、total_connections、および get_hits の値が増加しています。とのこと

5.2 keystone の設定

  • /etc/keystone/keystone.conf
[DEFAULT]
:
verbose = True

[cache]
:
memcache_servers = localhost:11211

[token]
:
provider = uuid
driver = memcache
#  openssl rand -hex 10
37f04e87d9ffd94e066f

# export MY_SERVICE_TOKEN=37f04e87d9ffd94e066f

  root@solaris-11-3:~# CONTROLLER_PUBLIC_ADDRESS=192.168.100.15 CONTROLLER_ADMIN_ADDRESS=192.168.100.15 CONTROLLER_INTERNAL_ADDRESS=192.168.100.15  SERVICE_TOKEN=715d803c167609700e72 ADMIN_PASSWORD=welcome1 SERVICE_PASSWORD=welcome1 /usr/demo/openstack/keystone/sample_data.sh
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Default Tenant                   |
  | enabled     | True                             |
  | id          | d7212e3028de48d99c25e4b226342ee0 |
  | name        | demo                             |
  +-------------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 0f2980528ff24b86be3ab613be3365ff |
  | name       | admin                            |
  | project_id | d7212e3028de48d99c25e4b226342ee0 |
  | username   | admin                            |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Service Tenant                   |
  | enabled     | True                             |
  | id          | ca3e808543df45fc97d7d0a90ad75e10 |
  | name        | service                          |
  +-------------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 5555535373f7436aa276a2001dd9e18d |
  | name       | glance                           |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | glance                           |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | eb22c630b32a45fca32ec730a22e51b7 |
  | name       | nova                             |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | nova                             |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 62065cb344884bd89715a23121c5ee3f |
  | name       | ec2                              |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | ec2                              |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | b2a589a1fa8d453ca832b0ca97ef440d |
  | name       | swift                            |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | swift                            |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 0549d86b0fba4a589c82f3c7b9c4b873 |
  | name       | neutron                          |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | neutron                          |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 5d190aff801940c8b619d40c6c6a1f44 |
  | name       | cinder                           |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | cinder                           |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 9f51992edfa242919cc48c2aa3fc2146 |
  | name       | heat                             |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | heat                             |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | e041d00683744fff9045b6745e53fd99 |
  | name  | heat_stack_user                  |
  +-------+----------------------------------+
  +------------+----------------------------------+
  | Field      | Value                            |
  +------------+----------------------------------+
  | email      | None                             |
  | enabled    | True                             |
  | id         | 31136b55dc024d5584cf9d57322ef362 |
  | name       | ironic                           |
  | project_id | ca3e808543df45fc97d7d0a90ad75e10 |
  | username   | ironic                           |
  +------------+----------------------------------+
  +-------+----------------------------------+
  | Field | Value                            |
  +-------+----------------------------------+
  | id    | 6e190712e22043898633c800fc9fcb89 |
  | name  | admin                            |
  +-------+----------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Keystone Identity Service        |
  | enabled     | True                             |
  | id          | 6db9f36d4d034cd6a650a4a7293687ff |
  | name        | keystone                         |
  | type        | identity                         |
  +-------------+----------------------------------+
  +--------------+--------------------------------------------+
  | Field        | Value                                      |
  +--------------+--------------------------------------------+
  | adminurl     | http://172.16.166.152:$(admin_port)s/v2.0  |
  | id           | 3bddda5a733242fa922aeea5022d0ead           |
  | internalurl  | http://172.16.166.152:$(public_port)s/v2.0 |
  | publicurl    | http://172.16.166.152:$(public_port)s/v2.0 |
  | region       | RegionOne                                  |
  | service_id   | 6db9f36d4d034cd6a650a4a7293687ff           |
  | service_name | keystone                                   |
  | service_type | identity                                   |
  +--------------+--------------------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Nova Compute Service             |
  | enabled     | True                             |
  | id          | f0657748a9c24566bcd0c13ad800151e |
  | name        | nova                             |
  | type        | compute                          |
  +-------------+----------------------------------+
  +--------------+---------------------------------------------+
  | Field        | Value                                       |
  +--------------+---------------------------------------------+
  | adminurl     | http://172.16.166.152:8774/v2/$(tenant_id)s |
  | id           | e91344ba77c1454c9ee388e85faf4ae6            |
  | internalurl  | http://172.16.166.152:8774/v2/$(tenant_id)s |
  | publicurl    | http://172.16.166.152:8774/v2/$(tenant_id)s |
  | region       | RegionOne                                   |
  | service_id   | f0657748a9c24566bcd0c13ad800151e            |
  | service_name | nova                                        |
  | service_type | compute                                     |
  +--------------+---------------------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Cinder Volume Service            |
  | enabled     | True                             |
  | id          | de146bbe0abb4e84b52fadb4d0048ef0 |
  | name        | cinder                           |
  | type        | volume                           |
  +-------------+----------------------------------+
  +-------------+-----------------------------------+
  | Field       | Value                             |
  +-------------+-----------------------------------+
  | description | Cinder Volume Service (Version 2) |
  | enabled     | True                              |
  | id          | 10ce24f4a98a4ff197acec9b9ee14ff6  |
  | name        | cinderv2                          |
  | type        | volumev2                          |
  +-------------+-----------------------------------+
  +--------------+---------------------------------------------+
  | Field        | Value                                       |
  +--------------+---------------------------------------------+
  | adminurl     | http://172.16.166.152:8776/v1/$(tenant_id)s |
  | id           | 5370a7caa0494a5a9e83c8ed59af6147            |
  | internalurl  | http://172.16.166.152:8776/v1/$(tenant_id)s |
  | publicurl    | http://172.16.166.152:8776/v1/$(tenant_id)s |
  | region       | RegionOne                                   |
  | service_id   | de146bbe0abb4e84b52fadb4d0048ef0            |
  | service_name | cinder                                      |
  | service_type | volume                                      |
  +--------------+---------------------------------------------+
  +--------------+---------------------------------------------+
  | Field        | Value                                       |
  +--------------+---------------------------------------------+
  | adminurl     | http://172.16.166.152:8776/v2/$(tenant_id)s |
  | id           | 1f617dd3e6dd41d6aeafe66570312b63            |
  | internalurl  | http://172.16.166.152:8776/v2/$(tenant_id)s |
  | publicurl    | http://172.16.166.152:8776/v2/$(tenant_id)s |
  | region       | RegionOne                                   |
  | service_id   | 10ce24f4a98a4ff197acec9b9ee14ff6            |
  | service_name | cinderv2                                    |
  | service_type | volumev2                                    |
  +--------------+---------------------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Glance Image Service             |
  | enabled     | True                             |
  | id          | 7c44c672b7e54b71ad99dd26856f6a78 |
  | name        | glance                           |
  | type        | image                            |
  +-------------+----------------------------------+
  +--------------+----------------------------------+
  | Field        | Value                            |
  +--------------+----------------------------------+
  | adminurl     | http://172.16.166.152:9292       |
  | id           | 2f44f16c370743bca9ce9ff406b87698 |
  | internalurl  | http://172.16.166.152:9292       |
  | publicurl    | http://172.16.166.152:9292       |
  | region       | RegionOne                        |
  | service_id   | 7c44c672b7e54b71ad99dd26856f6a78 |
  | service_name | glance                           |
  | service_type | image                            |
  +--------------+----------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | EC2 Compatibility Layer          |
  | enabled     | True                             |
  | id          | cadb9596de2f4a749a43c24b0e7e9cdf |
  | name        | ec2                              |
  | type        | ec2                              |
  +-------------+----------------------------------+
  +--------------+-------------------------------------------+
  | Field        | Value                                     |
  +--------------+-------------------------------------------+
  | adminurl     | http://172.16.166.152:8773/services/Admin |
  | id           | 5907650bb31b4187a5e4cb45914a090a          |
  | internalurl  | http://172.16.166.152:8773/services/Cloud |
  | publicurl    | http://172.16.166.152:8773/services/Cloud |
  | region       | RegionOne                                 |
  | service_id   | cadb9596de2f4a749a43c24b0e7e9cdf          |
  | service_name | ec2                                       |
  | service_type | ec2                                       |
  +--------------+-------------------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Swift Object Storage Service     |
  | enabled     | True                             |
  | id          | 8d737b0947f5422b835ded08ee8aa23e |
  | name        | swift                            |
  | type        | object-store                     |
  +-------------+----------------------------------+
  +--------------+--------------------------------------------------+
  | Field        | Value                                            |
  +--------------+--------------------------------------------------+
  | adminurl     | http://172.16.166.152:8080/v1                    |
  | id           | 74cc744633af460199648e03f7c87c3f                 |
  | internalurl  | http://172.16.166.152:8080/v1/AUTH_$(tenant_id)s |
  | publicurl    | http://172.16.166.152:8080/v1/AUTH_$(tenant_id)s |
  | region       | RegionOne                                        |
  | service_id   | 8d737b0947f5422b835ded08ee8aa23e                 |
  | service_name | swift                                            |
  | service_type | object-store                                     |
  +--------------+--------------------------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Neutron Network Service          |
  | enabled     | True                             |
  | id          | 91ccea0b4b2d47fb9bcdd194befacf65 |
  | name        | neutron                          |
  | type        | network                          |
  +-------------+----------------------------------+
  +--------------+----------------------------------+
  | Field        | Value                            |
  +--------------+----------------------------------+
  | adminurl     | http://172.16.166.152:9696       |
  | id           | ef8e0813fb5e40099f2cb6e2104ac82c |
  | internalurl  | http://172.16.166.152:9696       |
  | publicurl    | http://172.16.166.152:9696       |
  | region       | RegionOne                        |
  | service_id   | 91ccea0b4b2d47fb9bcdd194befacf65 |
  | service_name | neutron                          |
  | service_type | network                          |
  +--------------+----------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Heat CloudFormation API          |
  | enabled     | True                             |
  | id          | 93d0b1ad7cc540878de3b9b7368f3e6e |
  | name        | heat-cfn                         |
  | type        | cloudformation                   |
  +-------------+----------------------------------+
  +-------------+----------------------------------+
  | Field       | Value                            |
  +-------------+----------------------------------+
  | description | Heat API                         |
  | enabled     | True                             |
  | id          | d42a6fa464a349ae8cd69dd411fe0451 |
  | name        | heat                             |
  | type        | orchestration                    |
  +-------------+----------------------------------+
  +--------------+----------------------------------+
  | Field        | Value                            |
  +--------------+----------------------------------+
  | adminurl     | http://172.16.166.152:8000/v1    |
  | id           | cc1a5292ee874f5f9d0db6241a0c6201 |
  | internalurl  | http://172.16.166.152:8000/v1    |
  | publicurl    | http://172.16.166.152:8000/v1    |
  | region       | RegionOne                        |
  | service_id   | 93d0b1ad7cc540878de3b9b7368f3e6e |
  | service_name | heat-cfn                         |
  | service_type | cloudformation                   |
  +--------------+----------------------------------+
  +--------------+---------------------------------------------+
  | Field        | Value                                       |
  +--------------+---------------------------------------------+
  | adminurl     | http://172.16.166.152:8004/v1/$(tenant_id)s |
  | id           | 644c12ffef404f2daeb2d51bf19e9481            |
  | internalurl  | http://172.16.166.152:8004/v1/$(tenant_id)s |
  | publicurl    | http://172.16.166.152:8004/v1/$(tenant_id)s |
  | region       | RegionOne                                   |
  | service_id   | d42a6fa464a349ae8cd69dd411fe0451            |
  | service_name | heat                                        |
  | service_type | orchestration                               |
  +--------------+---------------------------------------------+
  +-------------+----------------------------------------+
  | Field       | Value                                  |
  +-------------+----------------------------------------+
  | description | Ironic Bare Metal Provisioning Service |
  | enabled     | True                                   |
  | id          | 253da3565dde44d3a97bfa8140970618       |
  | name        | ironic                                 |
  | type        | baremetal                              |
  +-------------+----------------------------------------+
  +--------------+----------------------------------+
  | Field        | Value                            |
  +--------------+----------------------------------+
  | adminurl     | http://172.16.166.152:6385       |
  | id           | 5c25bb9dca7849e0a807fe3abd9e2cf6 |
  | internalurl  | http://172.16.166.152:6385       |
  | publicurl    | http://172.16.166.152:6385       |
  | region       | RegionOne                        |
  | service_id   | 253da3565dde44d3a97bfa8140970618 |
  | service_name | ironic                           |
  | service_type | baremetal                        |
  +--------------+----------------------------------+

keystone tennta-list

$ export OS_AUTH_URL=http://localhost:5000/v2.0
$ export OS_USERNAME=admin
$ keystone tenant-list
/usr/lib/python2.7/vendor-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
OS Password:
+----------------------------------+------+---------+
|                id                | name | enabled |
+----------------------------------+------+---------+
| 7838c55be0dd4dfcaa26c7bfe66f1894 | demo |   True  |
+----------------------------------+------+---------+
18:03:02-root@solaris/etc/keystone$ keystone role-list
/usr/lib/python2.7/vendor-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
OS Password:

18:04:33-root@solaris/etc/keystone$

ログ

/var/ak/logs/akobjectd.txt

テスト(HTTP)

ZFSSA デフォルトの root ユーザーは、Account HEAD failed: http://192.168.100.201:80/object/v1/export/swift 401 Unauthorized となり利用できない。

そのため、Object Store へのアクセス用アカウントを別途用意すること。

06:54:59-kazus@solaris~$ swift -A http://192.168.100.201:80/auth/v1.0 -U kazus -K welcome1 stat
     Account: swift
  Containers: 0
     Objects: 0
       Bytes: 0
  Keep-Alive: timeout=5, max=100
      Server: Apache
  Connection: Keep-Alive
 X-Timestamp: 1491256404.32
  X-Trans-Id: tx8f56eb1abc71eb3dbf498-0058e2c454
Content-Type: application/json; charset=utf-8
06:54:15-kazus@solaris~$ curl -i http://192.168.100.201:80/auth/v1.0 -X GET -H "X-Auth-User: kazus" -H "X-Auth-Key: welcome1"
HTTP/1.1 200 OK
Date: Mon, 03 Apr 2017 21:52:47 GMT
Server: Apache
X-Storage-Url: http://192.168.100.201:80/object/v1/export/swift
X-Storage-Token: ZFSSA_e1e6d288-18b7-11e7-ab43-880020127ac7
X-Auth-Token: ZFSSA_e1e6d288-18b7-11e7-ab43-880020127ac7
X-Trans-Id: txf4cfc41ec19c6474c0248-0058e2c432
Content-Length: 0
Content-Type: text/html; charset=utf-8

テスト(HTTPS)

-k を付ける

07:39:55-kazus@solaris~$ curl -i https://192.168.100.201:443/auth/v1.0 -X GET -H "X-Auth-User: kazus" -H "X-Auth-Key: welcome1" -k
HTTP/1.1 200 OK
Date: Mon, 03 Apr 2017 22:38:25 GMT
Server: Apache
X-Storage-Url: https://192.168.100.201:443/object/v1/export/swift
X-Storage-Token: ZFSSA_e1e6d288-18b7-11e7-ab43-880020127ac7
X-Auth-Token: ZFSSA_e1e6d288-18b7-11e7-ab43-880020127ac7
X-Trans-Id: txb654447ca772435fa413d-0058e2cee1
Content-Length: 0
Content-Type: text/html; charset=utf-8

--insecure オプションを付ける

08:11:03-kazus@solaris~$ swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure stat
/usr/lib/python2.7/vendor-packages/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
/usr/lib/python2.7/vendor-packages/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
     Account: swift
  Containers: 0
     Objects: 0
       Bytes: 0
  Keep-Alive: timeout=5, max=100
      Server: Apache
  Connection: Keep-Alive
 X-Timestamp: 1491260970.8
  X-Trans-Id: tx34286e072aaf66718b3bc-0058e2d62a
Content-Type: application/json; charset=utf-8
08:11:18-kazus@solaris~$
$ swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure capabilities
Core: swift
 Options:
  account_listing_limit: 10000
  container_listing_limit: 10000
  max_account_name_length: 255
  max_container_name_length: 255
  max_file_size: 5368709122
  max_header_size: 8192
  max_meta_count: 40
  max_meta_name_length: 128
  max_meta_overall_size: 4096
  max_meta_value_length: 255
  max_object_name_length: 255
  max_tag_signature_length: 1024
  strict_cors_mode: True
  version: 1.0
Additional middleware: bulk_delete
 Options:
  max_deletes_per_request: 10000
  max_failed_deletes: 1000
Additional middleware: bulk_upload
 Options:
  max_containers_per_extraction: 10000
  max_failed_extractions: 1000
Additional middleware: zos_auth
 Options:
  pam_service: httpd
  reseller_prefix: ZFSSA
  token_life: 86400
Additional middleware: zos_mdgen
 Options:
  num_ths: 1000
  queue_size: 0
$ swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure post satokaz
$ swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure upload satokaz opensm-3.3.20.tar.gz
$ swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure list satokaz

curl -i https://192.168.100.201:443/auth/v1.0 -X GET -H "X-Auth-User: kazus" -H "X-Auth-Key: welcome1" -k swift -A https://192.168.100.201:443/auth/v1.0 -U kazus -K welcome1 --insecure stat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment