部署 kolla-ansible OpenStask wuth LDAP 集成
[英]Deploy kolla-ansible OpenStask wuth LDAP integration
问题描述
请告诉我如何使用带有 LDAP 集成的 Ansible Kolla 部署 OpenStack。
1 个解决方案
解决方案1
0 2022-01-18 20:02:21
I know this is a bit old but was searching for the answer to this as well and ended up solving it.
我知道这有点老了,但也在寻找这个问题的答案并最终解决了它。
You will need to create domain-specific configuration for LDAP authentication.您将需要为 LDAP 身份验证创建特定于域的配置。 This way you leave your default domain and projects alone with their built-in authentication and you will have a separate domain with all your projects that authenticate with LDAP.这样,您就可以将默认域和项目单独保留在其内置身份验证中,并且您将拥有一个单独的域,其中包含所有通过 LDAP 进行身份验证的项目。
Create a custom config file referencing your ${your_domain_name} in /etc/kolla/config/keystone/domains/keystone.${your_domain_name}.conf在/etc/kolla/config/keystone/domains/keystone.${your_domain_name}.conf中创建一个引用您的${your_domain_name}的自定义配置文件
Then in that file you set your driver to LDAP and define all your required LDAP configuration parameters as referenced in https://docs.openstack.org/keystone/latest/admin/configuration.html然后在该文件中将驱动程序设置为 LDAP 并定义所有必需的 LDAP 配置参数,如https://docs.openstack.org/keystone/latest/admin/configuration.html中所引用的
[identity]
driver=ldap
[ldap]
# Your LDAP config settings go here
That is all you need to configure before deployment.这就是您在部署之前需要配置的全部内容。 After running the deploy and post-deploy jobs in Kolla, source the /etc/kolla/admin-openrc.sh file to get the admin credentials and create your domain that will authenticate with LDAP via the CLI:在 Kolla 中运行deploy和post-deploy作业后,获取/etc/kolla/admin-openrc.sh文件以获取管理员凭据并创建将通过 CLI 使用 LDAP 进行身份验证的域:
openstack domain create ${your_domain_name}
After restarting the Keystone container, it should now have connected that domain to LDAP which can be confirmed via the CLI:重新启动 Keystone 容器后,它现在应该已将该域连接到 LDAP,这可以通过 CLI 确认:
openstack user list --domain ${your_domain_name}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.