OpenStack T版-Keystone组件部署

注意事项!!!

Openstack主要组件安装的顺序

  1. Keystone(apache)
  2. glance
  3. nova
  4. neutron

Controller节点配置

创建数据库和授权用户

[root@controller ~]# mysql -uroot -p000000
MariaDB [(none)]>create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

 

安装Keystone,Apache

[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi

 

配置Keystone

生成干净整洁的配置文件

[root@controller ~]# cp -a /etc/keystone/keystone.conf{,.bak}
#在保留源文件属性的前提下进行批量复制
[root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
# 对keystone.conf.bak反向过滤掉空格和注释项,覆盖到keystone.conf

编辑配置文件

[root@controller ~]# vi /etc/keystone/keystone.conf
添加数据
[database]
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet

初始化认证服务数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化fernet 密钥存储库

会生成两个密钥,生成的密钥放于/etc/keystone/目录下,用于加密数据

[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller keystone]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

配置bootstrap身份认证服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \
< --bootstrap-admin-url http://controller:5000/v3/ #admin-url \
< --bootstrap-internal-url http://controller:5000/v3/ \
< --bootstrap-region-id RegionOne

 

配置Apache

[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf

创建,编辑配置文件

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d
[root@controller ~]# vi /etc/httpd/conf.d/wsgi-keystone.conf

开启服务

[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl start httpd

 

配置管理员账户环境变量

这些环境变量用于创建角色和项目使用,但是创建角色和项目需要有认证信息,所以通过环境变量声明用户名和密码等认证信息,欺骗openstack已经登录且通过认证,这样就可以创建项目和角色;也可以通过创建.sh脚本的方式执行

[root@controller ~]# vi ~/.bashrc
最后面添加
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
:wq
[root@controller ~]# source ~/.bashrc

 

创建项目和角色

[root@controller ~]# openstack project create --domain default --description "Service Project" service
[root@controller ~]# openstack role create user

 

服务验证

admin为管理员

member为租户

user为用户

查看是否能列出role

[root@controller ~]#  openstack role list

查看是否可以不指定密码就可以获取到token信息

 [root@controller ~]# openstack token issue

作者: 红烧悠鸽
本文采用 CC BY-NC-SA 4.0 协议
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇