OpenStack部署:安装KeyStone组件
来自CloudWiki
目录
安装Keystone认证服务
Controller
安装keystone服务软件包
yum install -y openstack-keystone httpd mod_wsgi
创建Keystone数据库
[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码)
mysql> CREATE DATABASE keystone; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; mysql> exit
配置数据库连接
yum install -y openstack-utils
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone
为keystone服务创建数据库表
su -s /bin/sh -c "keystone-manage db_sync" keystone
创建令牌
ADMIN_TOKEN=$(openssl rand -hex 10)
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf token provider fernet
创建签名密钥和证书
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
定义用户、租户和角色
设置环境变量
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建keystone相关内容
[root@controller ~]# openstack service create --name keystone --description "Ope nStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 45373d5cae0342c49fb1e7c8b8867b76 | | name | keystone | | type | identity | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity publi c http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 9377c5d1fc104ecf89965e722b6dfdec | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 45373d5cae0342c49fb1e7c8b8867b76 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity inter nal http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cac9fe5e8f8949b5b55e7de1fc33c166 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 45373d5cae0342c49fb1e7c8b8867b76 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 9522bd08de834021871ba6b188aae426 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 45373d5cae0342c49fb1e7c8b8867b76 | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack domain create --description "Default Domain" defa ult +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | 028cc75ea0294daca751e9eefc26c0e0 | | name | default | +-------------+----------------------------------+ [root@controller ~]# openstack project create --domain default --description "Ad min Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | d851ecb7679f4b10b22a1619d6df7fe8 | | is_domain | False | | name | admin | | parent_id | 028cc75ea0294daca751e9eefc26c0e0 | +-------------+----------------------------------+ [root@controller ~]# openstack user create --domain default --password 000000 ad min +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | a3f28f0c743d47ffb57f002a910dee63 | | name | admin | +-----------+----------------------------------+ [root@controller ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 851f00f2336f4e28bf5c8752d46cf346 | | name | admin | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project admin --user admin admin [root@controller ~]# openstack project create --domain default --description "Se rvice Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | e1d64bfbfa114b77b953ed312dacb7cd | | is_domain | False | | name | service | | parent_id | 028cc75ea0294daca751e9eefc26c0e0 | +-------------+----------------------------------+ [root@controller ~]# openstack project create --domain default --description "De mo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | 2463f9c0d2f342c0ba78871dc147efb8 | | is_domain | False | | name | demo | | parent_id | 028cc75ea0294daca751e9eefc26c0e0 | +-------------+----------------------------------+ [root@controller ~]# openstack user create --domain default --password 000000 de mo +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | d3e55803dde6453abceca477f9fb326b | | name | demo | +-----------+----------------------------------+ [root@controller ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 36cea15cd23a4df190630a1e8c50647d | | name | user | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project demo --user demo user
清除环境变量
unset OS_TOKEN OS_URL
创建admin-openrc.sh
创建admin环境变量admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
生效环境变量
source admin-openrc.sh
验证是否成功
如果可以获取到token说明验证正常,如果没有获取到说明验证失败。
[root@controller ~]# openstack token issue +------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2019-03-21T05:45:06.691681Z | | id | gAAAAABckxbTcFF-zfjgZWs9l_OMeQ66Ex6X051W7NMmoNyorwz2NqzW6WqTcP2g0F-n_-Hx_C_aUETE7wTAbGdMazqbINvIrvYxhFUaN-RGueq0A2D0trqZaD3dHZtvmfYKyrrBRwUipqeow- | | | 918pf0Owz10LVXvt1zk2VYpu4GQnGhUweVF_4 | | project_id | d851ecb7679f4b10b22a1619d6df7fe8 | | user_id | a3f28f0c743d47ffb57f002a910dee63 | +------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@controller ~]#
