“OpenStack部署:安装KeyStone组件”的版本间的差异
(创建页面,内容为“==安装Keystone认证服务 Controller 2.2安装keystone服务软件包 yum install -y openstack-keystone httpd mod_wsgi 2.3创建Keystone数据库 [root@control…”) |
|||
第2行: | 第2行: | ||
Controller | Controller | ||
− | + | ===安装keystone服务软件包=== | |
− | |||
yum install -y openstack-keystone httpd mod_wsgi | yum install -y openstack-keystone httpd mod_wsgi | ||
− | + | ===创建Keystone数据库=== | |
[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码) | [root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码) | ||
− | mysql> CREATE DATABASE keystone; | + | |
+ | <nowiki>mysql> CREATE DATABASE keystone; | ||
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; | mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; | ||
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; | mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; | ||
− | mysql> exit | + | mysql> exit</nowiki> |
− | + | ||
+ | === 配置数据库连接 === | ||
yum install -y openstack-utils | yum install -y openstack-utils | ||
+ | |||
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone | openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone | ||
− | + | ||
+ | |||
+ | === 为keystone服务创建数据库表 === | ||
+ | |||
#su -s /bin/sh -c "keystone-manage db_sync" keystone | #su -s /bin/sh -c "keystone-manage db_sync" keystone | ||
− | + | ===创建令牌=== | |
ADMIN_TOKEN=$(openssl rand -hex 10) | ADMIN_TOKEN=$(openssl rand -hex 10) | ||
+ | |||
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN | openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN | ||
+ | |||
openstack-config --set /etc/keystone/keystone.conf token provider fernet | openstack-config --set /etc/keystone/keystone.conf token provider fernet | ||
− | + | ===创建签名密钥和证书=== | |
− | + | keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone | |
+ | 修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller | ||
− | |||
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下: | 创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下: | ||
− | Listen 5000 | + | |
+ | <nowiki>Listen 5000 | ||
Listen 35357 | Listen 35357 | ||
第57行: | 第65行: | ||
Require all granted | Require all granted | ||
</Directory> | </Directory> | ||
− | </VirtualHost> | + | </VirtualHost></nowiki> |
systemctl enable httpd.service | systemctl enable httpd.service | ||
systemctl start httpd.service | systemctl start httpd.service | ||
− | + | ==定义用户、租户和角色== | |
− | + | ===设置环境变量=== | |
export OS_TOKEN=$ADMIN_TOKEN | export OS_TOKEN=$ADMIN_TOKEN | ||
+ | |||
export OS_URL=http://controller:35357/v3 | export OS_URL=http://controller:35357/v3 | ||
+ | |||
export OS_IDENTITY_API_VERSION=3 | export OS_IDENTITY_API_VERSION=3 | ||
− | + | ===创建keystone相关内容=== | |
openstack service create --name keystone --description "OpenStack Identity" identity | openstack service create --name keystone --description "OpenStack Identity" identity | ||
+ | |||
openstack endpoint create --region RegionOne identity public http://controller:5000/v3 | openstack endpoint create --region RegionOne identity public http://controller:5000/v3 | ||
+ | |||
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 | openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 | ||
+ | |||
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 | openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 | ||
+ | |||
openstack domain create --description "Default Domain" default | openstack domain create --description "Default Domain" default | ||
+ | |||
openstack project create --domain default --description "Admin Project" admin | openstack project create --domain default --description "Admin Project" admin | ||
+ | |||
openstack user create --domain default --password 000000 admin | openstack user create --domain default --password 000000 admin | ||
+ | |||
openstack role create admin | openstack role create admin | ||
+ | |||
openstack role add --project admin --user admin admin | openstack role add --project admin --user admin admin | ||
+ | |||
openstack project create --domain default --description "Service Project" service | openstack project create --domain default --description "Service Project" service | ||
+ | |||
openstack project create --domain default --description "Demo Project" demo | openstack project create --domain default --description "Demo Project" demo | ||
+ | |||
openstack user create --domain default --password 000000 demo | openstack user create --domain default --password 000000 demo | ||
+ | |||
openstack role create user | openstack role create user | ||
+ | |||
openstack role add --project demo --user demo user | openstack role add --project demo --user demo user | ||
− | + | ===清除环境变量=== | |
− | + | unset OS_TOKEN OS_URL | |
− | + | ===创建admin-openrc.sh=== | |
创建admin环境变量admin-openrc.sh | 创建admin环境变量admin-openrc.sh | ||
− | export OS_PROJECT_DOMAIN_NAME=default | + | |
+ | <nowiki>export OS_PROJECT_DOMAIN_NAME=default | ||
export OS_USER_DOMAIN_NAME=default | export OS_USER_DOMAIN_NAME=default | ||
export OS_PROJECT_NAME=admin | export OS_PROJECT_NAME=admin | ||
第93行: | 第117行: | ||
export OS_AUTH_URL=http://controller:35357/v3 | export OS_AUTH_URL=http://controller:35357/v3 | ||
export OS_IDENTITY_API_VERSION=3 | export OS_IDENTITY_API_VERSION=3 | ||
− | export OS_IMAGE_API_VERSION=2 | + | export OS_IMAGE_API_VERSION=2</nowiki> |
+ | |||
生效环境变量 | 生效环境变量 | ||
− | + | ||
+ | source admin-openrc.sh |
2018年9月8日 (六) 14:15的版本
==安装Keystone认证服务 Controller
目录
安装keystone服务软件包
yum install -y openstack-keystone httpd mod_wsgi
创建Keystone数据库
[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码)
mysql> CREATE DATABASE keystone; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; mysql> exit
配置数据库连接
yum install -y openstack-utils
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone
为keystone服务创建数据库表
- su -s /bin/sh -c "keystone-manage db_sync" keystone
创建令牌
ADMIN_TOKEN=$(openssl rand -hex 10)
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf token provider fernet
创建签名密钥和证书
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
定义用户、租户和角色
设置环境变量
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建keystone相关内容
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password 000000 admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password 000000 demo
openstack role create user
openstack role add --project demo --user demo user
清除环境变量
unset OS_TOKEN OS_URL
创建admin-openrc.sh
创建admin环境变量admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
生效环境变量
source admin-openrc.sh