注意事项!!!
Openstack主要组件安装的顺序
- Keystone(apache)
- glance
- nova
- neutron
Controller节点配置
创建数据库和授权用户
[root@controller ~]# mysql -uroot -p000000 MariaDB [(none)]>create database keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit
安装Keystone,Apache
[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi
配置Keystone
生成干净整洁的配置文件
[root@controller ~]# cp -a /etc/keystone/keystone.conf{,.bak} #在保留源文件属性的前提下进行批量复制 [root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf # 对keystone.conf.bak反向过滤掉空格和注释项,覆盖到keystone.conf
编辑配置文件
[root@controller ~]# vi /etc/keystone/keystone.conf 添加数据 [database] connection = mysql+pymysql://keystone:000000@controller/keystone [token] provider = fernet
初始化认证服务数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet 密钥存储库
会生成两个密钥,生成的密钥放于/etc/keystone/目录下,用于加密数据
[root@controller ~]# cd /etc/keystone/ [root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller keystone]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置bootstrap身份认证服务
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \ < --bootstrap-admin-url http://controller:5000/v3/ #admin-url \ < --bootstrap-internal-url http://controller:5000/v3/ \ < --bootstrap-region-id RegionOne
配置Apache
[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
创建,编辑配置文件
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d [root@controller ~]# vi /etc/httpd/conf.d/wsgi-keystone.conf
开启服务
[root@controller ~]# systemctl enable httpd [root@controller ~]# systemctl start httpd
配置管理员账户环境变量
这些环境变量用于创建角色和项目使用,但是创建角色和项目需要有认证信息,所以通过环境变量声明用户名和密码等认证信息,欺骗openstack已经登录且通过认证,这样就可以创建项目和角色;也可以通过创建.sh脚本的方式执行
[root@controller ~]# vi ~/.bashrc 最后面添加 export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 :wq [root@controller ~]# source ~/.bashrc
创建项目和角色
[root@controller ~]# openstack project create --domain default --description "Service Project" service [root@controller ~]# openstack role create user
服务验证
admin为管理员
member为租户
user为用户
查看是否能列出role
[root@controller ~]# openstack role list
查看是否可以不指定密码就可以获取到token信息
[root@controller ~]# openstack token issue