border · November 14, 2012 04:07 · border · Nov 14, 2012 · border · Nov 14, 2012
diff --git a/keystone.conf b/keystone.conf
 [DEFAULT]
 # A "shared secret" between keystone and other openstack services
 admin_token = ADMIN

 # The IP address of the network interface to listen on
 bind_host = 0.0.0.0

 # The port number which the public service listens on
 public_port = 5000

 # The port number which the public admin listens on
 admin_port = 35357

 # The port number which the OpenStack Compute service listens on
 compute_port = 8774

 # === Logging Options ===
 # Print debugging output
 verbose = True

 # Print more verbose output
 # (includes plaintext request logging, potentially including passwords)
 debug = True

 # Name of log file to output to. If not set, logging will go to stdout.
 log_file = keystone.log

 # The directory to keep log files in (will be prepended to --logfile)
 log_dir = /var/log/keystone

 # Use syslog for logging.
 use_syslog = False

 # syslog facility to receive log lines
 syslog_log_facility = LOG_USER

 # If this option is specified, the logging configuration file specified is
 # used and overrides any other logging options specified. Please see the
 # Python logging module documentation for details on logging configuration
 # files.
 #log_config = /etc/keystone/logging.conf

 # A logging.Formatter log message format string which may use any of the
 # available logging.LogRecord attributes.
 #log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s

 # Format string for %(asctime)s in log records.
 #log_date_format = %Y-%m-%d %H:%M:%S

 # onready allows you to send a notification when the process is ready to serve
 # For example, to have it notify using systemd, one could set shell command:
 # onready = systemd-notify --ready
 # or a module with notify() method:
 #onready = keystone.common.systemd

 [sql]
 # The SQLAlchemy connection string used to connect to the database
 # connection = sqlite:///keystone.db
 connection = mysql://keystone:openstack@localhost/keystone

 # the timeout before idle sql connections are reaped
 idle_timeout = 200

 [identity]
 driver = keystone.identity.backends.sql.Identity

 [catalog]
 # dynamic, sql-based backend (supports API/CLI-based management commands)
 driver = keystone.catalog.backends.sql.Catalog

 # static, file-based backend (does *NOT* support any management commands)
 # driver = keystone.catalog.backends.templated.TemplatedCatalog

 # template_file = default_catalog.templates

 [token]
 driver = keystone.token.backends.kvs.Token

 # Amount of time a token should remain valid (in seconds)
 expiration = 86400

 [policy]
 driver = keystone.policy.backends.rules.Policy

 [ec2]
 driver = keystone.contrib.ec2.backends.kvs.Ec2

 [ssl]
 #enable = False
 #certfile = /etc/keystone/ssl/certs/keystone.pem
 #keyfile = /etc/keystone/ssl/private/keystonekey.pem
 #ca_certs = /etc/keystone/ssl/certs/ca.pem
 #cert_required = True

 [signing]
 #token_format = PKI
 #certfile = /etc/keystone/ssl/certs/signing_cert.pem
 #keyfile = /etc/keystone/ssl/private/signing_key.pem
 #ca_certs = /etc/keystone/ssl/certs/ca.pem
 #key_size = 1024
 #valid_days = 3650
 #ca_password = None

 [ldap]
 # url = ldap://localhost
 # user = dc=Manager,dc=example,dc=com
 # password = None
 # suffix = cn=example,cn=com
 # use_dumb_member = False
 # allow_subtree_delete = False
 # dumb_member = cn=dumb,dc=example,dc=com

 # user_tree_dn = ou=Users,dc=example,dc=com
 # user_filter =
 # user_objectclass = inetOrgPerson
 # user_id_attribute = cn
 # user_name_attribute = sn
 # user_mail_attribute = email
 # user_pass_attribute = userPassword
 # user_attribute_ignore = tenant_id,enabled,tenants
 # user_allow_create = True
 # user_allow_update = True
 # user_allow_delete = True

 # tenant_tree_dn = ou=Groups,dc=example,dc=com
 # tenant_filter =
 # tenant_objectclass = groupOfNames
 # tenant_id_attribute = cn
 # tenant_member_attribute = member
 # tenant_name_attribute = ou
 # tenant_desc_attribute = desc
 # tenant_attribute_ignore = enabled
 # tenant_allow_create = True
 # tenant_allow_update = True
 # tenant_allow_delete = True

 # role_tree_dn = ou=Roles,dc=example,dc=com
 # role_filter =
 # role_objectclass = organizationalRole
 # role_id_attribute = cn
 # role_name_attribute = ou
 # role_member_attribute = roleOccupant
 # role_attribute_ignore =
 # role_allow_create = True
 # role_allow_update = True
 # role_allow_delete = True

 [filter:debug]
 paste.filter_factory = keystone.common.wsgi:Debug.factory

 [filter:token_auth]
 paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

 [filter:admin_token_auth]
 paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

 [filter:xml_body]
 paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

 [filter:json_body]
 paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

 [filter:user_crud_extension]
 paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

 [filter:crud_extension]
 paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

 [filter:ec2_extension]
 paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

 [filter:s3_extension]
 paste.filter_factory = keystone.contrib.s3:S3Extension.factory

 [filter:url_normalize]
 paste.filter_factory = keystone.middleware:NormalizingFilter.factory

 [filter:stats_monitoring]
 paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

 [filter:stats_reporting]
 paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

 [app:public_service]
 paste.app_factory = keystone.service:public_app_factory

 [app:service_v3]
 paste.app_factory = keystone.service:v3_app_factory

 [app:admin_service]
 paste.app_factory = keystone.service:admin_app_factory

 [pipeline:public_api]
 pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service

 [pipeline:admin_api]
 pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service

 [pipeline:api_v3]
 pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3

 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory

 [app:admin_version_service]
 paste.app_factory = keystone.service:admin_version_app_factory

 [pipeline:public_version_api]
 pipeline = stats_monitoring url_normalize xml_body public_version_service

 [pipeline:admin_version_api]
 pipeline = stats_monitoring url_normalize xml_body admin_version_service

 [composite:main]
 use = egg:Paste#urlmap
 /v2.0 = public_api
 /v3 = api_v3
 / = public_version_api

 [composite:admin]
 use = egg:Paste#urlmap
 /v2.0 = admin_api
 /v3 = api_v3
 / = admin_version_api
diff --git a/keystone.sh b/keystone.sh
 keystone git master
 python-keystoneclient git master
 ubuntu 11.10

 参考: Openstack Hands on lab 1: keystone安装 
 http://liangbo.me/index.php/2012/03/27/11/

 #创建租户(tenant)
 ~ keystone tenant-create --name adminTenant --description "Admin Tenant" --enabled true
 +-------------+----------------------------------+
 |   Property  |              Value               |
 +-------------+----------------------------------+
 | description |           Admin Tenant           |
 |   enabled   |               True               |
 |      id     | c5437e470f554a5b854fc641a02c3b59 |
 |     name    |           adminTenant            |
 +-------------+----------------------------------+


 #创建admin账号 (user)
 ~ keystone user-create --tenant_id c5437e470f554a5b854fc641a02c3b59 --name admin --pass openstack --enabled true
 +----------+----------------------------------+
 | Property |              Value               |
 +----------+----------------------------------+
 |  email   |                                  |
 | enabled  |               True               |
 |    id    | 79a62768a095407b9b284170e5f26995 |
 |   name   |              admin               |
 | tenantId | c5437e470f554a5b854fc641a02c3b59 |
 +----------+----------------------------------+

 添加一个admin角色
 ~ keystone role-create --name adminRole
 +----------+----------------------------------+
 | Property |              Value               |
 +----------+----------------------------------+
 |    id    | c39efcd6d311445bb25edd765c333f7c |
 |   name   |            adminRole             |
 +----------+----------------------------------+

 user-id   79a62768a095407b9b284170e5f26995
 tenant-id c5437e470f554a5b854fc641a02c3b59
 role-id   c39efcd6d311445bb25edd765c333f7c

 帐户关联
 keystone user-role-add --user-id 79a62768a095407b9b284170e5f26995 --tenant-id c5437e470f554a5b854fc641a02c3b59 --role-id c39efcd6d311445bb25edd765c333f7c

 验证:
 ~ curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "openstack"}}}' -H "Content-type: application/json" http://127.0.0.1:35357/v2.0/tokens
 {"error": {"message": "An unexpected error prevented the server from fulfilling your request. Command 'openssl' returned non-zero exit status 3", "code": 500, "title": "Internal Server Error"}}%


 keystone-all log日志:
 ~stack/keystone <master> sudo keystone-all -d
 /usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:703: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated.  Use event.listen().
  Pool.__init__(self, creator, **kw)
 /usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:160: SADeprecationWarning: Pool.add_listener is deprecated.  Use event.listen()
  self.add_listener(l)
 2012-11-14 12:03:19,952 INFO sqlalchemy.engine.base.Engine SELECT DATABASE()
 2012-11-14 12:03:19,952 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:19,954 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'character_set%%'
 2012-11-14 12:03:19,954 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:19,955 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'lower_case_table_names'
 2012-11-14 12:03:19,955 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:19,956 INFO sqlalchemy.engine.base.Engine SHOW COLLATION
 2012-11-14 12:03:19,956 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:19,958 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'sql_mode'
 2012-11-14 12:03:19,958 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:19,960 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra 
 FROM user 
 WHERE user.name = %s 
 LIMIT %s
 2012-11-14 12:03:19,960 INFO sqlalchemy.engine.base.Engine ('admin', 1)
 2012-11-14 12:03:19,965 INFO sqlalchemy.engine.base.Engine SELECT tenant.id AS tenant_id, tenant.name AS tenant_name, tenant.extra AS tenant_extra 
 FROM tenant 
 WHERE tenant.name = %s 
 LIMIT %s
 2012-11-14 12:03:19,965 INFO sqlalchemy.engine.base.Engine ('adminTenant', 1)
 2012-11-14 12:03:19,968 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra 
 FROM user 
 WHERE user.id = %s 
 LIMIT %s
 2012-11-14 12:03:19,969 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 1)
 2012-11-14 12:03:20,005 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra 
 FROM user 
 WHERE user.id = %s 
 LIMIT %s
 2012-11-14 12:03:20,005 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 1)
 2012-11-14 12:03:20,007 INFO sqlalchemy.engine.base.Engine SELECT user_tenant_membership.user_id AS user_tenant_membership_user_id, user_tenant_membership.tenant_id AS user_tenant_membership_tenant_id 
 FROM user_tenant_membership 
 WHERE user_tenant_membership.user_id = %s
 2012-11-14 12:03:20,007 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995',)
 2012-11-14 12:03:20,008 INFO sqlalchemy.engine.base.Engine SELECT tenant.id AS tenant_id, tenant.name AS tenant_name, tenant.extra AS tenant_extra 
 FROM tenant 
 WHERE tenant.id = %s 
 LIMIT %s
 2012-11-14 12:03:20,009 INFO sqlalchemy.engine.base.Engine ('c5437e470f554a5b854fc641a02c3b59', 1)
 2012-11-14 12:03:20,010 INFO sqlalchemy.engine.base.Engine SELECT metadata.user_id AS metadata_user_id, metadata.tenant_id AS metadata_tenant_id, metadata.data AS metadata_data 
 FROM metadata 
 WHERE metadata.user_id = %s AND metadata.tenant_id = %s 
 LIMIT %s
 2012-11-14 12:03:20,010 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 'c5437e470f554a5b854fc641a02c3b59', 1)
 /usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:703: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated.  Use event.listen().
  Pool.__init__(self, creator, **kw)
 /usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:160: SADeprecationWarning: Pool.add_listener is deprecated.  Use event.listen()
  self.add_listener(l)
 2012-11-14 12:03:20,016 INFO sqlalchemy.engine.base.Engine SELECT DATABASE()
 2012-11-14 12:03:20,016 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,020 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'character_set%%'
 2012-11-14 12:03:20,021 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,022 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'lower_case_table_names'
 2012-11-14 12:03:20,023 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,023 INFO sqlalchemy.engine.base.Engine SHOW COLLATION
 2012-11-14 12:03:20,024 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,026 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'sql_mode'
 2012-11-14 12:03:20,026 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,028 INFO sqlalchemy.engine.base.Engine SELECT endpoint.id AS endpoint_id, endpoint.region AS endpoint_region, endpoint.service_id AS endpoint_service_id, endpoint.extra AS endpoint_extra 
 FROM endpoint
 2012-11-14 12:03:20,028 INFO sqlalchemy.engine.base.Engine ()
 2012-11-14 12:03:20,030 INFO sqlalchemy.engine.base.Engine SELECT role.id AS role_id, role.name AS role_name 
 FROM role 
 WHERE role.id = %s 
 LIMIT %s
 2012-11-14 12:03:20,030 INFO sqlalchemy.engine.base.Engine ('c39efcd6d311445bb25edd765c333f7c', 1)
	[DEFAULT]
	# A "shared secret" between keystone and other openstack services
	admin_token = ADMIN

	# The IP address of the network interface to listen on
	bind_host = 0.0.0.0

	# The port number which the public service listens on
	public_port = 5000

	# The port number which the public admin listens on
	admin_port = 35357

	# The port number which the OpenStack Compute service listens on
	compute_port = 8774

	# === Logging Options ===
	# Print debugging output
	verbose = True

	# Print more verbose output
	# (includes plaintext request logging, potentially including passwords)
	debug = True

	# Name of log file to output to. If not set, logging will go to stdout.
	log_file = keystone.log

	# The directory to keep log files in (will be prepended to --logfile)
	log_dir = /var/log/keystone

	# Use syslog for logging.
	use_syslog = False

	# syslog facility to receive log lines
	syslog_log_facility = LOG_USER

	# If this option is specified, the logging configuration file specified is
	# used and overrides any other logging options specified. Please see the
	# Python logging module documentation for details on logging configuration
	# files.
	#log_config = /etc/keystone/logging.conf

	# A logging.Formatter log message format string which may use any of the
	# available logging.LogRecord attributes.
	#log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s

	# Format string for %(asctime)s in log records.
	#log_date_format = %Y-%m-%d %H:%M:%S

	# onready allows you to send a notification when the process is ready to serve
	# For example, to have it notify using systemd, one could set shell command:
	# onready = systemd-notify --ready
	# or a module with notify() method:
	#onready = keystone.common.systemd

	[sql]
	# The SQLAlchemy connection string used to connect to the database
	# connection = sqlite:///keystone.db
	connection = mysql://keystone:openstack@localhost/keystone

	# the timeout before idle sql connections are reaped
	idle_timeout = 200

	[identity]
	driver = keystone.identity.backends.sql.Identity

	[catalog]
	# dynamic, sql-based backend (supports API/CLI-based management commands)
	driver = keystone.catalog.backends.sql.Catalog

	# static, file-based backend (does NOT support any management commands)
	# driver = keystone.catalog.backends.templated.TemplatedCatalog

	# template_file = default_catalog.templates

	[token]
	driver = keystone.token.backends.kvs.Token

	# Amount of time a token should remain valid (in seconds)
	expiration = 86400

	[policy]
	driver = keystone.policy.backends.rules.Policy

	[ec2]
	driver = keystone.contrib.ec2.backends.kvs.Ec2

	[ssl]
	#enable = False
	#certfile = /etc/keystone/ssl/certs/keystone.pem
	#keyfile = /etc/keystone/ssl/private/keystonekey.pem
	#ca_certs = /etc/keystone/ssl/certs/ca.pem
	#cert_required = True

	[signing]
	#token_format = PKI
	#certfile = /etc/keystone/ssl/certs/signing_cert.pem
	#keyfile = /etc/keystone/ssl/private/signing_key.pem
	#ca_certs = /etc/keystone/ssl/certs/ca.pem
	#key_size = 1024
	#valid_days = 3650
	#ca_password = None

	[ldap]
	# url = ldap://localhost
	# user = dc=Manager,dc=example,dc=com
	# password = None
	# suffix = cn=example,cn=com
	# use_dumb_member = False
	# allow_subtree_delete = False
	# dumb_member = cn=dumb,dc=example,dc=com

	# user_tree_dn = ou=Users,dc=example,dc=com
	# user_filter =
	# user_objectclass = inetOrgPerson
	# user_id_attribute = cn
	# user_name_attribute = sn
	# user_mail_attribute = email
	# user_pass_attribute = userPassword
	# user_attribute_ignore = tenant_id,enabled,tenants
	# user_allow_create = True
	# user_allow_update = True
	# user_allow_delete = True

	# tenant_tree_dn = ou=Groups,dc=example,dc=com
	# tenant_filter =
	# tenant_objectclass = groupOfNames
	# tenant_id_attribute = cn
	# tenant_member_attribute = member
	# tenant_name_attribute = ou
	# tenant_desc_attribute = desc
	# tenant_attribute_ignore = enabled
	# tenant_allow_create = True
	# tenant_allow_update = True
	# tenant_allow_delete = True

	# role_tree_dn = ou=Roles,dc=example,dc=com
	# role_filter =
	# role_objectclass = organizationalRole
	# role_id_attribute = cn
	# role_name_attribute = ou
	# role_member_attribute = roleOccupant
	# role_attribute_ignore =
	# role_allow_create = True
	# role_allow_update = True
	# role_allow_delete = True

	[filter:debug]
	paste.filter_factory = keystone.common.wsgi:Debug.factory

	[filter:token_auth]
	paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

	[filter:admin_token_auth]
	paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

	[filter:xml_body]
	paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

	[filter:json_body]
	paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

	[filter:user_crud_extension]
	paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

	[filter:crud_extension]
	paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

	[filter:ec2_extension]
	paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

	[filter:s3_extension]
	paste.filter_factory = keystone.contrib.s3:S3Extension.factory

	[filter:url_normalize]
	paste.filter_factory = keystone.middleware:NormalizingFilter.factory

	[filter:stats_monitoring]
	paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

	[filter:stats_reporting]
	paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

	[app:public_service]
	paste.app_factory = keystone.service:public_app_factory

	[app:service_v3]
	paste.app_factory = keystone.service:v3_app_factory

	[app:admin_service]
	paste.app_factory = keystone.service:admin_app_factory

	[pipeline:public_api]
	pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service

	[pipeline:admin_api]
	pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service

	[pipeline:api_v3]
	pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3

	[app:public_version_service]
	paste.app_factory = keystone.service:public_version_app_factory

	[app:admin_version_service]
	paste.app_factory = keystone.service:admin_version_app_factory

	[pipeline:public_version_api]
	pipeline = stats_monitoring url_normalize xml_body public_version_service

	[pipeline:admin_version_api]
	pipeline = stats_monitoring url_normalize xml_body admin_version_service

	[composite:main]
	use = egg:Paste#urlmap
	/v2.0 = public_api
	/v3 = api_v3
	/ = public_version_api

	[composite:admin]
	use = egg:Paste#urlmap
	/v2.0 = admin_api
	/v3 = api_v3
	/ = admin_version_api
	keystone git master
	python-keystoneclient git master
	ubuntu 11.10

	参考: Openstack Hands on lab 1: keystone安装
	http://liangbo.me/index.php/2012/03/27/11/

	#创建租户(tenant)
	~ keystone tenant-create --name adminTenant --description "Admin Tenant" --enabled true
	+-------------+----------------------------------+
	\| Property \| Value \|
	+-------------+----------------------------------+
	\| description \| Admin Tenant \|
	\| enabled \| True \|
	\| id \| c5437e470f554a5b854fc641a02c3b59 \|
	\| name \| adminTenant \|
	+-------------+----------------------------------+


	#创建admin账号 (user)
	~ keystone user-create --tenant_id c5437e470f554a5b854fc641a02c3b59 --name admin --pass openstack --enabled true
	+----------+----------------------------------+
	\| Property \| Value \|
	+----------+----------------------------------+
	\| email \| \|
	\| enabled \| True \|
	\| id \| 79a62768a095407b9b284170e5f26995 \|
	\| name \| admin \|
	\| tenantId \| c5437e470f554a5b854fc641a02c3b59 \|
	+----------+----------------------------------+

	添加一个admin角色
	~ keystone role-create --name adminRole
	+----------+----------------------------------+
	\| Property \| Value \|
	+----------+----------------------------------+
	\| id \| c39efcd6d311445bb25edd765c333f7c \|
	\| name \| adminRole \|
	+----------+----------------------------------+

	user-id 79a62768a095407b9b284170e5f26995
	tenant-id c5437e470f554a5b854fc641a02c3b59
	role-id c39efcd6d311445bb25edd765c333f7c

	帐户关联
	keystone user-role-add --user-id 79a62768a095407b9b284170e5f26995 --tenant-id c5437e470f554a5b854fc641a02c3b59 --role-id c39efcd6d311445bb25edd765c333f7c

	验证:
	~ curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "openstack"}}}' -H "Content-type: application/json" http://127.0.0.1:35357/v2.0/tokens
	{"error": {"message": "An unexpected error prevented the server from fulfilling your request. Command 'openssl' returned non-zero exit status 3", "code": 500, "title": "Internal Server Error"}}%


	keystone-all log日志:
	~stack/keystone <master> sudo keystone-all -d
	/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:703: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
	Pool.__init__(self, creator, **kw)
	/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:160: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
	self.add_listener(l)
	2012-11-14 12:03:19,952 INFO sqlalchemy.engine.base.Engine SELECT DATABASE()
	2012-11-14 12:03:19,952 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:19,954 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'character_set%%'
	2012-11-14 12:03:19,954 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:19,955 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'lower_case_table_names'
	2012-11-14 12:03:19,955 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:19,956 INFO sqlalchemy.engine.base.Engine SHOW COLLATION
	2012-11-14 12:03:19,956 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:19,958 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'sql_mode'
	2012-11-14 12:03:19,958 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:19,960 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra
	FROM user
	WHERE user.name = %s
	LIMIT %s
	2012-11-14 12:03:19,960 INFO sqlalchemy.engine.base.Engine ('admin', 1)
	2012-11-14 12:03:19,965 INFO sqlalchemy.engine.base.Engine SELECT tenant.id AS tenant_id, tenant.name AS tenant_name, tenant.extra AS tenant_extra
	FROM tenant
	WHERE tenant.name = %s
	LIMIT %s
	2012-11-14 12:03:19,965 INFO sqlalchemy.engine.base.Engine ('adminTenant', 1)
	2012-11-14 12:03:19,968 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra
	FROM user
	WHERE user.id = %s
	LIMIT %s
	2012-11-14 12:03:19,969 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 1)
	2012-11-14 12:03:20,005 INFO sqlalchemy.engine.base.Engine SELECT user.id AS user_id, user.name AS user_name, user.extra AS user_extra
	FROM user
	WHERE user.id = %s
	LIMIT %s
	2012-11-14 12:03:20,005 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 1)
	2012-11-14 12:03:20,007 INFO sqlalchemy.engine.base.Engine SELECT user_tenant_membership.user_id AS user_tenant_membership_user_id, user_tenant_membership.tenant_id AS user_tenant_membership_tenant_id
	FROM user_tenant_membership
	WHERE user_tenant_membership.user_id = %s
	2012-11-14 12:03:20,007 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995',)
	2012-11-14 12:03:20,008 INFO sqlalchemy.engine.base.Engine SELECT tenant.id AS tenant_id, tenant.name AS tenant_name, tenant.extra AS tenant_extra
	FROM tenant
	WHERE tenant.id = %s
	LIMIT %s
	2012-11-14 12:03:20,009 INFO sqlalchemy.engine.base.Engine ('c5437e470f554a5b854fc641a02c3b59', 1)
	2012-11-14 12:03:20,010 INFO sqlalchemy.engine.base.Engine SELECT metadata.user_id AS metadata_user_id, metadata.tenant_id AS metadata_tenant_id, metadata.data AS metadata_data
	FROM metadata
	WHERE metadata.user_id = %s AND metadata.tenant_id = %s
	LIMIT %s
	2012-11-14 12:03:20,010 INFO sqlalchemy.engine.base.Engine ('79a62768a095407b9b284170e5f26995', 'c5437e470f554a5b854fc641a02c3b59', 1)
	/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:703: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
	Pool.__init__(self, creator, **kw)
	/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.9-py2.7-linux-x86_64.egg/sqlalchemy/pool.py:160: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
	self.add_listener(l)
	2012-11-14 12:03:20,016 INFO sqlalchemy.engine.base.Engine SELECT DATABASE()
	2012-11-14 12:03:20,016 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,020 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'character_set%%'
	2012-11-14 12:03:20,021 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,022 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'lower_case_table_names'
	2012-11-14 12:03:20,023 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,023 INFO sqlalchemy.engine.base.Engine SHOW COLLATION
	2012-11-14 12:03:20,024 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,026 INFO sqlalchemy.engine.base.Engine SHOW VARIABLES LIKE 'sql_mode'
	2012-11-14 12:03:20,026 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,028 INFO sqlalchemy.engine.base.Engine SELECT endpoint.id AS endpoint_id, endpoint.region AS endpoint_region, endpoint.service_id AS endpoint_service_id, endpoint.extra AS endpoint_extra
	FROM endpoint
	2012-11-14 12:03:20,028 INFO sqlalchemy.engine.base.Engine ()
	2012-11-14 12:03:20,030 INFO sqlalchemy.engine.base.Engine SELECT role.id AS role_id, role.name AS role_name
	FROM role
	WHERE role.id = %s
	LIMIT %s
	2012-11-14 12:03:20,030 INFO sqlalchemy.engine.base.Engine ('c39efcd6d311445bb25edd765c333f7c', 1)