openstack 安装keystone

2019年4月 openstack 
控制节点:
CREATE DATABASE keystone; #创建数据库
 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ 
IDENTIFIED BY 'KEYSTONE_DBPASS'; #对``keystone``数据库授予恰当的权限 并设置密码为KEYSTONE_DBPASS
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ 
IDENTIFIED BY 'KEYSTONE_DBPASS'; #对``keystone``数据库授予恰当的权限 并设置密码为KEYSTONE_DBPASS

yum install openstack-keystone httpd mod_wsgi -y #安装keystone

#修改配置文件:在 [database] 部分,配置数据库访问 在``[token]``部分,配置Fernet UUID令牌的提供者
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak #备份很重要
>/etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
i[DEFAULT]

[assignment]

[auth]

[cache]

[catalog]

[cors]

[cors.subdomain]

[credential]

[database]

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[domain_config]

[endpoint_filter]

[endpoint_policy]

[eventlet_server]

[federation]

[fernet_tokens]

[healthcheck]

[identity]

[identity_mapping]

[kvs]

[ldap]

[matchmaker_redis]

[memcache]

[oauth1]

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[paste_deploy]

[policy]

[profiler]

[resource]

[revoke]

[role]

[saml]

[security_compliance]

[shadow_users]

[signing]

[token]

provider = fernet

[tokenless_auth]

[trust]

初始化身份认证服务的数据库:

su -s /bin/sh -c “keystone-manage db_sync” keystone #同步数据库

初始化fernet key:

keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
keystone-manage credential_setup –keystone-user keystone –keystone-group keystone

初始化keystone:

keystone-manage bootstrap –bootstrap-password ADMIN_PASS \
–bootstrap-admin-url http://controller:35357/v3/ \
–bootstrap-internal-url http://controller:5000/v3/ \
–bootstrap-public-url http://controller:5000/v3/ \
–bootstrap-region-id RegionOne

配置httpd: 编辑/etc/httpd/conf/httpd.conf 文件,配置ServerName 选项为控制节点:

echo “ServerName controller” >>/etc/httpd/conf/httpd.conf

创建一个链接到/usr/share/keystone/wsgi-keystone.conf文件

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动httpd:

systemctl start httpd
systemctl enable httpd

验证keystone:

vim admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

source admin-openrc

设置开机自启

vim .bashrc
source admin-openrc

获取token测试

openstack token issue

创建services项目:

本指南使用一个你添加到你的环境中每个服务包含独有用户的service 项目。创建service项目

openstack project create –domain default \
–description “Service Project” service
+————-+———————————-+
| Field | Value |
+————-+———————————-+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
+————-+———————————-+

测试环境外的情况:

常规(非管理)任务应该使用无特权的项目和用户

openstack project create –domain default \
–description “Demo Project” demo

+————-+———————————-+
| Field | Value |
+————-+———————————-+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | demo |
| parent_id | default |
+————-+———————————-+

“`

You may also like...