CentOS 7部署OpenStack(2)—安装keystone服务
1、创建数据库# mysql -u root -p -e "CREATE DATABASEkeystone;"Enter password:# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"Enter password:# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"Enter password:2、安装keystone# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached3、配置keystone3.1、同步数据库# openssl rand -hex 102608ad88f344a5288056# vim /etc/keystone/keystone.conf12 admin_token = 2608ad88f344a5288056495 connection = mysql://keystone:keystone@192.168.1.11/keystone# su -s /bin/sh -c "keystone-manage db_sync"keystone3.2、配置连接memcache# vim /etc/keystone/keystone.conf1305 servers = 192.168.1.11:112111710 driver = sql1903 provider = uuid1908 driver = memcache3.3启动memcache和httpd服务# systemctl enable memcached# systemctl start memcached# vim /etc/httpd/conf.d/wsgi-keystone.confListen 5000Listen 35357 <VirtualHost *:5000> WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP} WSGIProcessGroupkeystone-public WSGIScriptAlias //usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.logcombined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost> <VirtualHost *:35357> WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias //usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog/var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost># vim /etc/httpd/conf/httpd.conf95 ServerName 192.168.1.11:80# systemctl enable httpd# systemctl start httpd4、创建keystone用户4.1、设置环境变量此步要慎重,和前面设置的token要一样# export OS_TOKEN=2608ad88f344a5288056# export OS_URL=http://192.168.1.11:35357/v3# export OS_IDENTITY_API_VERSION=34.2、创建一个admin用户# openstack project create --domain default --description "Admin Project"admin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Admin Project || domain_id | default || enabled | True || id |69d1967e59d247e6b7c4c3937d5baa89 || is_domain | False || name | admin || parent_id | None |+-------------+----------------------------------+# openstack user create --domain default--password-prompt admin //此步是设置admin密码,要记住密码User Password: //编者设置为123456Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id |8c0b8dc884f742bea6f882a2b487f092 || name | admin |+-----------+----------------------------------+# openstack role create admin+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id |4d8224cda53e4b29b6963163ed64af65 || name| admin |+-------+----------------------------------+# openstack role add --project admin --user adminadmin4.3、创建一个普通用户# openstack project create --domain default--description "Demo Project" kevin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Demo Project || domain_id | default || enabled | True || id |1ee793c741f64d25be9010d59e4b5a3d || is_domain | False || name | kevin || parent_id | None |+-------------+----------------------------------+# openstack user create --domain default--password=kevin kevin+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | c5baee07132c40f9841a607af1789ed6 || name | kevin |+-----------+----------------------------------+# openstack role create user+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id |ac35ef5dc2624526af25859497616ecd || name| user |+-------+----------------------------------+# openstack role add --project kevin --user kevin user# openstack project create --domain default--description "Service Project" service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Service Project || domain_id | default || enabled | True || id |e88fa8670b704fe88c668ac4d6f9d499 || is_domain | False || name | service || parent_id | None |+-------------+----------------------------------+4.4、查看验证# openstack user list+----------------------------------+-------+| ID | Name|+----------------------------------+-------+| 8c0b8dc884f742bea6f882a2b487f092 | admin || c5baee07132c40f9841a607af1789ed6 | kevin |+----------------------------------+-------+# openstack role list+----------------------------------+-------+| ID | Name|+----------------------------------+-------+| 4d8224cda53e4b29b6963163ed64af65 | admin || ac35ef5dc2624526af25859497616ecd | user |+----------------------------------+-------+# openstack project list+----------------------------------+---------+| ID | Name |+----------------------------------+---------+| 1ee793c741f64d25be9010d59e4b5a3d | kevin || 69d1967e59d247e6b7c4c3937d5baa89 | admin || e88fa8670b704fe88c668ac4d6f9d499 | service |+----------------------------------+---------+# openstack domain list+---------+---------+---------+----------------------------------------------------------------------+| ID | Name | Enabled | Description |+---------+---------+---------+----------------------------------------------------------------------+| default | Default | True |Owns users and tenants (i.e. projects) available on Identity API v2. |+---------+---------+---------+----------------------------------------------------------------------+5、注册keystone服务5.1、注册服务下面的操作一个字也不要错# openstack service create --name keystone--description "OpenStack Identity" identity+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Identity || enabled | True || id |121189562a324f5d9f6ef83c4755d671 || name | keystone || type | identity |+-------------+----------------------------------+#openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |6f4d026024e14082ada914b14bb0c9ff || interface | public || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url | http://192.168.1.11:5000/v2.0 |+--------------+----------------------------------+# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |acc2890a596c406fb42f4926ad86937a || interface | internal || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url |http://192.168.1.11:5000/v2.0 |+--------------+----------------------------------+# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |f7f1182dd4c44cadac94345466275296 || interface | admin || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url |http://192.168.1.11:35357/v2.0 |+--------------+----------------------------------+5.2、查看验证# openstack service list+----------------------------------+----------+----------+| ID | Name | Type |+----------------------------------+----------+----------+| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |+----------------------------------+----------+----------+# openstack endpoint list+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+| ID | Region | Service Name |Service Type | Enabled | Interface | URL |+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+| 6f4d026024e14082ada914b14bb0c9ff | RegionOne | keystone | identity | True | public |http://192.168.1.11:5000/v2.0|| acc2890a596c406fb42f4926ad86937a | RegionOne | keystone | identity | True | internal| http://192.168.1.11:5000/v2.0|| f7f1182dd4c44cadac94345466275296 | RegionOne | keystone | identity | True | admin |http://192.168.1.11:35357/v2.0 |+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+5.3、尝试连接keystone# unset OS_TOKEN# unset OS_URL# openstack --os-auth-url http://192.168.1.11:35357/v3\--os-project-domain-id default --os-user-domain-id default \--os-project-name admin --os-username admin --os-auth-type password \token issuePassword: +------------+----------------------------------+| Field | Value |+------------+----------------------------------+| expires |2015-12-27T09:58:41.540674Z || id |ccca55a979da427b849ecd2957901f74 || project_id | 69d1967e59d247e6b7c4c3937d5baa89 || user_id |8c0b8dc884f742bea6f882a2b487f092 |+------------+----------------------------------+5.4、配置环境变量进行该步骤的原因是为了方便执行命令,否则必须输入一大串的参数# vim admin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http://192.168.1.11:35357/v3export OS_IDENTITY_API_VERSION=3# vim kevin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=kevinexport OS_TENANT_NAME=kevinexport OS_USERNAME=kevinexport OS_PASSWORD=kevinexport OS_AUTH_URL=http://192.168.1.11:5000/v3export OS_IDENTITY_API_VERSION=3# chmod +x admin-openrc.sh kevin-openrc.sh
页:
[1]