OpenStack kilo版 keystone部署

部署在controller节点

配置数据库

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'127.0.0.1' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 se

MariaDB [(none)]> flush privileges ;
Query OK, 0 rows affected (0.00 sec)

安装keystone

KeyStone服务的监听端口是5000和35357,配置Apache HTTP服务监听这两个端口,为了避免端口冲突,禁止KeyStone开机自启动:

[email protected]:~#?echo "manual" > /etc/init/keystone.override

安装keystone及相关软件包:

[email protected]:~# apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

生成admin token?:

[email protected]:~# openssl rand -hex 10
38b35fc6a494b91f56cc

配置keystone

配置文件:/etc/keystone/keystone.conf

[email protected]:~# vi /etc/keystone/keystone.conf
#[default]部分,配置初始admin_token
[DEFAULT]
verbose = True
admin_token = 38b35fc6a494b91f56cc?

#[database]部分,配置数据库连接
[database]
connection = mysql://keystone:[email protected]/keystone

#[memcache]部分,配置memcache服务
[memcache]
servers = 127.0.0.1:11211

#[revoke] 部分,配置SQL的撤回驱动
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke

#[token]部分,配置UUID令牌的提供者和memcached的持久化驱动
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token

初始化keystone数据库:

[email protected]:~# su -s /bin/sh -c "keystone-manage db_sync" keystone

配置keystone的apache2接口

apache2.conf添加:

[email protected]:~# vi /etc/apache2/apache2.conf
ServerName controller

创建/etc/apache2/sites-available/wsgi-keystone.conf文件,添加如下内容:

Listen 5000
Listen 35357
<VirtualHost *:5000>
? ? WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
? ? WSGIProcessGroup keystone-public
? ? WSGIScriptAlias / /var/www/cgi-bin/keystone/main
? ? WSGIApplicationGroup %{GLOBAL}
? ? WSGIPassAuthorization On
? ? <IfVersion >= 2.4>
? ? ? ErrorLogFormat "%{cu}t %M"
? ? </IfVersion>
? ? LogLevel info
? ? ErrorLog /var/log/apache2/keystone-error.log
? ? CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
? ? WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
? ? WSGIProcessGroup keystone-admin
? ? WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
? ? WSGIApplicationGroup %{GLOBAL}
? ? WSGIPassAuthorization On
? ? <IfVersion >= 2.4>
? ? ? ErrorLogFormat "%{cu}t %M"
? ? </IfVersion>
? ? LogLevel info
? ? ErrorLog /var/log/apache2/keystone-error.log
? ? CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>

启用身份认证服务的虚拟主机:

[email protected]:~# ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

为WSGI组件创建目录结构:

[email protected]:~# mkdir -p /var/www/cgi-bin/keystone

WSGI组件:

[email protected]:~# vi /var/www/cgi-bin/keystone/admin
import os
from keystone.server import wsgi as wsgi_server
name = os.path.basename(__file__)
application = wsgi_server.initialize_application(name)

[email protected]:~# vi /var/www/cgi-bin/keystone/main
import os
from keystone.server import wsgi as wsgi_server
name = os.path.basename(__file__)
application = wsgi_server.initialize_application(name)

设置目录权限,并重启apache2:

[email protected]:~# chown -R keystone:keystone /var/www/cgi-bin/keystone
[email protected]:~# chmod 755 /var/www/cgi-bin/keystone/*
[email protected]:~# service apache2 restart
?* Restarting web server apache2? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[ OK ]?

删除ubuntu默认创建的SQLite数据库:

[email protected]:~# rm -f /var/lib/keystone/keystone.db

配置服务实体与API端点

设置临时环境变量,校验令牌、端点URL:

[email protected]:~#? export OS_TOKEN=ADMIN_TOKEN
[email protected]:~#? export OS_URL=http://controller:35357/v2.0

为认证服务创建服务实体:

[email protected]:~# openstack service create --name keystone --description "OpenStack Identity" identity

配置认证服务的API端点:

[email protected]:~# openstack endpoint create --publicurl http://controller:5000/v2.0 --internalurl http://controller:5000/v2.0 --adminurl http://controller:35357/v2.0 --region RegionOne identity

创建项目(租户)、用户和角色

创建admin租户:

[email protected]:~# openstack project create --description "Admin Project" admin

创建admin用户:

[email protected]:~# openstack user create --password-prompt admin
User Password:admin
Repeat User Password:admin

创建admin角色:

[email protected]:~# openstack role create admin

添加admin角色到admin租户和用户:

[email protected]:~# openstack role add --project admin --user admin admin

创建服务项目

为其他的OpenStack服务创建服务项目:

[email protected]:~# openstack project create --description "Service Project" service

创建普通项目和用户

创建demo项目:

[email protected]:~# openstack project create --description "Demo Project" demo

创建demo用户:

[email protected]:~# openstack user create --password-prompt demo
User Password:demo
Repeat User Password:demo

创建demo角色:

[email protected]:~# openstack role create user

添加user角色到demo租户和用户:

[email protected]:~# openstack role add --project demo --user demo user

其他

基于安全的原因,禁止校验令牌的机制

  1. 编辑 vi /etc/keystone/keystone-paste.ini:

移除 admin_token_auth从 [pipeline:public_api], [pipeline:admin_api], 和 [pipeline:api_v3] 部分

  1. 取消设置的操作系统环境变量:
[email protected]:~# unset OS_TOKEN OS_URL
  1. admin脚本,/root/admin-openrc.sh:
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://$(hostname):35357/v3
export OS_IMAGE_API_VERSION=2
export OS_VOLUME_API_VERSION=2
export OS_REGION_NAME=RegionOne
export OS_COMPUTE_API_VERSION=3
export OS_IDENTITY_API_VERSION=2

原文地址:https://www.cnblogs.com/wshenjin/p/11365916.html

时间: 2024-10-01 04:49:44

OpenStack kilo版 keystone部署的相关文章

OpenStack kilo版 Nova部署

部署在controller和compute节点 配置数据库 MariaDB [(none)]> CREATE DATABASE nova;? Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';? ? ? ? Query OK, 0 rows affected (0.00 sec) MariaDB [(non

OpenStack kilo版 Glance部署

部署在controller节点 配置数据库 MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';? ? ? ? Query OK, 0 rows affected (0.00 sec) MariaDB [(none

OpenStack kilo版 Neutron部署

在 controller节点.network节点.compute节点部署 安装neutron-server [email protected]:~# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient 配置neutron-server /etc/neutron/neutron.conf: [DEFAULT] router_distributed = False rpc_backend = rabbit au

OpenStack Kilo版加CEPH部署手册

OpenStack Kilo版加CEPH部署手册 作者: yz联系方式: QQ: 949587200日期: 2015-7-13版本: Kilo 转载地址: http://mp.weixin.qq.com/s__biz=MzAxOTAzMDEwMA==&mid=209225237&idx=1&sn=357afdabafc03e8fb75eb4e1fb9d4bf9&scene=5&ptlang=2052&ADUIN=724042315&ADSESSION

OpenStack kilo版 部署环境

虚拟机网络规划 管理网络: eth0, nat 192.168.31.0/24 外部网络: eth1, host only 192.168.32.0/24 数据网络: eth2, lan 192.168.33.0/24 节点规划 controller: 管理网络:eth0 192.168.31.10 外部网络:eth1 192.168.32.10 network: 管理网络:eth0 192.168.31.11 外部网络:eth1 192.168.32.11 数据网络:eth2 192.168.

OpenStack kilo版(6) 启动第一台虚拟机

创建网络 提供者为external,类型为fla,网络名称为public,: [email protected]:~# neutron net-create --shared --provider:physical_network external? --provider:network_type flat public Created a new network: +---------------------------+------------------------------------

openstack【Kilo】汇总:包括20英文文档、各个组件新增功能及Kilo版部署

OpenStack Kilo版本发布 20英文文档OpenStack Kilo版本文档汇总:各个操作系统安装部署.配置文档.用户指南等文档 Kilo版部署 openstack[Kilo]入门 [准备篇]零:整体介绍 openstack[Kilo]入门 [准备篇]一: Ubuntu14.04远程连接(ssh安装) openstack[Kilo]入门 [准备篇]二:NTP安装 openstack[Kilo]入门 [准备篇]三:mysql(MariaDB)安装[控制节点] openstack[Kilo

Oracle VM + centos7.1+openstack kilo 多结点安装教程---keystone的安装(2)

声明:最近在进行openstack的kilo版本的安装,发现现有的网络教程非常少,而且多数教程并不能安装成功,故写此教程.openstack的安装较为复杂,本教程并不能保证在不同环境下也能将其安装成功.个人安装教程,也难免出错.同时,安装是在虚拟机环境下,真实安装环境需要进行更改. 转载请声明出处: 作者:张某人ER 原文链接:http://blog.csdn.net/xinxing__8185/article/details/51154549 第二部分 keystone的安装 (2) 配置Ap

CentOS7.2非HA分布式部署Openstack Pike版 (实验)

部署环境 一.组网拓扑 二.设备配置 笔记本:联想L440处理器:i3-4000M 2.40GHz内存:12G虚拟机软件:VMware? Workstation 12 Pro(12.5.2 build-4638234) 三.虚拟机配置 Controller节点:系统:CentOS7.2 64位(最小化安装)处理器:4核内存:4G硬盘:100G网卡:3块 Compute节点:系统:CentOS7.2 64位(最小化安装)处理器:4核内存:4G硬盘:100G网卡:3块 Cinder节点:系统:Cen