“OpenStack部署:安装KeyStone组件”的版本间的差异

来自CloudWiki
跳转至: 导航搜索
(创建页面,内容为“==安装Keystone认证服务 Controller 2.2安装keystone服务软件包 yum install -y openstack-keystone httpd mod_wsgi 2.3创建Keystone数据库 [root@control…”)
 
第2行: 第2行:
 
Controller
 
Controller
  
 
+
===安装keystone服务软件包===
2.2安装keystone服务软件包
 
 
yum install -y openstack-keystone httpd mod_wsgi  
 
yum install -y openstack-keystone httpd mod_wsgi  
2.3创建Keystone数据库
+
===创建Keystone数据库===
 
[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码)
 
[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码)
mysql> CREATE DATABASE keystone;
+
 
 +
<nowiki>mysql> CREATE DATABASE keystone;
 
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY  '000000';
 
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY  '000000';
 
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY  '000000';
 
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY  '000000';
mysql> exit
+
mysql> exit</nowiki>
2.4配置数据库连接
+
 
 +
=== 配置数据库连接 ===
 
yum install -y openstack-utils
 
yum install -y openstack-utils
 +
 
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:000000@controller/keystone  
 
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:000000@controller/keystone  
2.5为keystone服务创建数据库表
+
 
 +
 
 +
=== 为keystone服务创建数据库表 ===
 +
 
 
#su -s /bin/sh -c "keystone-manage db_sync" keystone
 
#su -s /bin/sh -c "keystone-manage db_sync" keystone
2.6创建令牌
+
===创建令牌===
 
ADMIN_TOKEN=$(openssl rand -hex 10)
 
ADMIN_TOKEN=$(openssl rand -hex 10)
 +
 
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
 
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
 +
 
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
 
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
2.7创建签名密钥和证书
+
===创建签名密钥和证书===
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
+
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
  
 +
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
  
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
 
 
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:
 
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:
Listen 5000
+
 
 +
<nowiki>Listen 5000
 
Listen 35357
 
Listen 35357
  
第57行: 第65行:
 
         Require all granted
 
         Require all granted
 
     </Directory>
 
     </Directory>
</VirtualHost>
+
</VirtualHost></nowiki>
  
 
systemctl enable httpd.service
 
systemctl enable httpd.service
  
 
systemctl start httpd.service
 
systemctl start httpd.service
2.8定义用户、租户和角色
+
==定义用户、租户和角色==
(1)设置环境变量
+
===设置环境变量===
 
export OS_TOKEN=$ADMIN_TOKEN
 
export OS_TOKEN=$ADMIN_TOKEN
 +
 
export OS_URL=http://controller:35357/v3
 
export OS_URL=http://controller:35357/v3
 +
 
export OS_IDENTITY_API_VERSION=3
 
export OS_IDENTITY_API_VERSION=3
(2)创建keystone相关内容
+
===创建keystone相关内容===
 
openstack service create --name keystone --description "OpenStack Identity" identity
 
openstack service create --name keystone --description "OpenStack Identity" identity
 +
 
openstack endpoint create --region RegionOne identity public http://controller:5000/v3  
 
openstack endpoint create --region RegionOne identity public http://controller:5000/v3  
 +
 
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
 
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
 +
 
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
 
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
 +
 
openstack domain create --description "Default Domain" default
 
openstack domain create --description "Default Domain" default
 +
 
openstack project create --domain default --description "Admin Project" admin
 
openstack project create --domain default --description "Admin Project" admin
 +
 
openstack user create --domain default --password 000000 admin
 
openstack user create --domain default --password 000000 admin
 +
 
openstack role create admin
 
openstack role create admin
 +
 
openstack role add --project admin --user admin admin
 
openstack role add --project admin --user admin admin
 +
 
openstack project create --domain default --description "Service Project" service
 
openstack project create --domain default --description "Service Project" service
 +
 
openstack project create --domain default --description "Demo Project" demo
 
openstack project create --domain default --description "Demo Project" demo
 +
 
openstack user create --domain default --password 000000 demo
 
openstack user create --domain default --password 000000 demo
 +
 
openstack role create user
 
openstack role create user
 +
 
openstack role add --project demo --user demo user
 
openstack role add --project demo --user demo user
(3)清除环境变量
+
===清除环境变量===
#unset OS_TOKEN OS_URL
+
unset OS_TOKEN OS_URL
2.9创建admin-openrc.sh
+
===创建admin-openrc.sh===
 
创建admin环境变量admin-openrc.sh  
 
创建admin环境变量admin-openrc.sh  
export OS_PROJECT_DOMAIN_NAME=default
+
 
 +
<nowiki>export OS_PROJECT_DOMAIN_NAME=default
 
export OS_USER_DOMAIN_NAME=default
 
export OS_USER_DOMAIN_NAME=default
 
export OS_PROJECT_NAME=admin
 
export OS_PROJECT_NAME=admin
第93行: 第117行:
 
export OS_AUTH_URL=http://controller:35357/v3
 
export OS_AUTH_URL=http://controller:35357/v3
 
export OS_IDENTITY_API_VERSION=3
 
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
+
export OS_IMAGE_API_VERSION=2</nowiki>
 +
 
 
生效环境变量
 
生效环境变量
#source admin-openrc.sh
+
 
 +
source admin-openrc.sh

2018年9月8日 (六) 14:15的版本

==安装Keystone认证服务 Controller

安装keystone服务软件包

yum install -y openstack-keystone httpd mod_wsgi

创建Keystone数据库

[root@controller ~]# mysql -u root -p(此处数据库密码为之前安装Mysql设置的密码) 

mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY  '000000';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY  '000000';
mysql> exit

配置数据库连接

yum install -y openstack-utils

openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone


为keystone服务创建数据库表

  1. su -s /bin/sh -c "keystone-manage db_sync" keystone

创建令牌

ADMIN_TOKEN=$(openssl rand -hex 10)

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN

openstack-config --set /etc/keystone/keystone.conf token provider fernet

创建签名密钥和证书

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller

创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下: 

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

systemctl enable httpd.service

systemctl start httpd.service

定义用户、租户和角色

设置环境变量

export OS_TOKEN=$ADMIN_TOKEN

export OS_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

创建keystone相关内容

openstack service create --name keystone --description "OpenStack Identity" identity

openstack endpoint create --region RegionOne identity public http://controller:5000/v3

openstack endpoint create --region RegionOne identity internal http://controller:5000/v3

openstack endpoint create --region RegionOne identity admin http://controller:35357/v3

openstack domain create --description "Default Domain" default

openstack project create --domain default --description "Admin Project" admin

openstack user create --domain default --password 000000 admin

openstack role create admin

openstack role add --project admin --user admin admin

openstack project create --domain default --description "Service Project" service

openstack project create --domain default --description "Demo Project" demo

openstack user create --domain default --password 000000 demo

openstack role create user

openstack role add --project demo --user demo user

清除环境变量

unset OS_TOKEN OS_URL

创建admin-openrc.sh

创建admin环境变量admin-openrc.sh 

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

生效环境变量

source admin-openrc.sh

取自“http://www.openbrains.net/mediawiki/index.php?title=OpenStack部署:安装KeyStone组件&oldid=9403