我已经设置了 Openstack 4.0.2(培训版本)。我正在尝试为我的客户提供 API 以构建 Web 应用程序。一切都在命令行以及 Horizon Dashboard 上运行。但是,通过从令牌生成到风味创建的 API,除了图像上传之外,服务器 (VM) 的创建工作正常进行!
下面是用于生成令牌的 cURL 命令:
export TOKEN=`curl --silent -X POST -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "default" }, "password": "MYPASS123" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "default" } } } } }' -i "http://controller:5000/v3/auth/tokens" | grep X-Subject-Token | cut -d ":" -f 2`
令牌是根据项目范围生成的。
echo $TOKEN
gAAAAABh1tudXXtt............3J-1E3KCMR7tlq-gacOmo8
下面是创建图像的 cURL 命令
curl -X POST -s http://controller:8774/v2.1/servers -d '{"server": { "name": "API1", "imageRef":"a62daa1b-2fba-47ad-8008-538cd88f306c", "flavorRef":"54eb939a-a39a-40ae-b50c-ed69b9f565ba ", "OS-DCF:diskConfig": "AUTO", "security_groups": [ { "name": "sg2" } ], "networks": [ { "uuid": "1c4d7023-4d3e-4d4a-aacc-deba1e9f9b98" } ], "user_data":" I2Nsb3VkLWNvbmZpZwpwYXNzd29yZDogY2VudG9zCmNocGFzc3dkOiB7IGV4cGlyZTogRmFsc2UgfQpzc2hfcHdhdXRoOiBUcnVlCgo=" }}' -H "Content-Type: application/json" -H "X-Auth-Token: $TOKEN" | python -m json.tool
一目了然-api.log
2022-01-05 14:08:09.687 26227 DEBUG eventlet.wsgi.server [-] (26227) accepted ('controller', 53108) server /usr/lib/python2.7/site-packages/eventlet/wsgi.py:985
2022-01-05 14:08:09.695 26227 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: GET /v2/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:45
2022-01-05 14:08:09.697 26227 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2022-01-05 14:08:09.699 26227 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v2 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2022-01-05 14:08:09.700 26227 DEBUG glance.api.middleware.version_negotiation [-] new path /v2/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2022-01-05 14:08:11.592 26227 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
Keystone.log
2022-01-05 14:08:11.584 492 WARNING keystone.server.flask.application [req-cecd6824-2faf-453b-8772-e2d0f67573c5 ba62aab1541c47fe8c59aeecb82c71d1 4d2a479d2d544c0c994bf55405f83d64 - default default] Could not recognize Fernet token: TokenNotFound: Could not recognize Fernet token
基石配置文件
[cache]
memcache_servers = controller:11211
[database]
connection = mysql+pymysql://keystone:MYPASS123@controller/keystone
[token]
provider = fernet
一目了然-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[database]
connection = mysql+pymysql://glance:glancepass123@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance123
[paste_deploy]
flavor = keystone
一目了然 policy.json
{
"context_is_admin": "role:admin",
"default": "role:admin",
"add_image": "role:admin",
"delete_image": "role:admin",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"communitize_image": "",
"copy_from": "",
"download_image": "",
"upload_image": "role:admin",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"tasks_api_access": "role:admin",
"deactivate": "",
"reactivate": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":"",
"get_metadef_tag":"",
"get_metadef_tags":"",
"modify_metadef_tag":"",
"add_metadef_tag":"",
"add_metadef_tags":""
}
Openstack 角色分配列表:
[root@controller glance]# openstack role assignment list --names --role admin
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
| admin | neutron@Default | | service@Default | | | False |
| admin | cinder@Default | | service@Default | | | False |
| admin | admin@Default | | admin@Default | | | False |
| admin | placement@Default | | service@Default | | | False |
| admin | glance@Default | | service@Default | | | False |
| admin | glance@Default | | admin@Default | | | False |
| admin | nova@Default | | service@Default | | | False |
| admin | demouser@Default | | admin@Default | | | False |
| admin | admin@Default | | | | all | False |
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
请帮我弄清楚我错过了什么?提前致谢