openstack controller ha测试环境搭建记录(六)——配置keystone

在所有节点的hosts文件添加:
10.0.0.10 myvip

在所有节点安装
# yum install -y openstack-keystone python-keystoneclient
# yum install -y openstack-utils

在所有节点设置keystone.conf文件使用mysql集群地址:
# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:[email protected]/keystone

在mysql中创建keystone用户:
# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘123456‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘123456‘;
MariaDB [(none)]> exit

为keystone创建一系列表:
# su -s /bin/sh -c "keystone-manage db_sync" keystone

在所有节点设置keystone.conf文件中的token:
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
de0ae6fc7397dd76dfb5
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token de0ae6fc7397dd76dfb5

在节点1创建keystone密钥:
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl

在节点1拷贝至其它节点并解压:
# cd /etc/keystone
# tar -cf keystonessl.tar ssl
# scp keystonessl.tar [email protected]:/etc/keystone
# scp keystonessl.tar [email protected]:/etc/keystone
# rm -f keystonessl.tar

在其它节点解压:
# cd /etc/keystone
# tar -xf keystonessl.tar
# rm -f keystonessl.tar

在所有节点设置keystone服务开机启动:
# systemctl enable openstack-keystone.service
# systemctl start openstack-keystone.service

在所有节点设置token两小时自动过期:
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo ‘@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1‘ >> /var/spool/cron/keystone

在节点1设置环境变量:
# export OS_SERVICE_TOKEN=de0ae6fc7397dd76dfb5
# export OS_SERVICE_ENDPOINT=http://controller1:35357/v2.0

在节点1创建相关用户、角色、租户、服务等:
# keystone user-create --name=admin --pass=123456
# keystone role-create --name=admin
# keystone role-create --name=_member_
# keystone tenant-create --name=admin --description="Admin Tenant"
# keystone user-role-add --user=admin --tenant=admin --role=admin
# keystone user-role-add --user=admin --role=_member_ --tenant=admin
# keystone user-create --name=demo --pass=123456
# keystone tenant-create --name=demo --description="Demo Tenant"
# keystone user-role-add --user=demo --role=_member_ --tenant=demo
# keystone tenant-create --name=service --description="Service Tenant"
# keystone service-create --name=keystone --type=identity --description="OpenStack Identity"

endpoint设置成VIP:
# keystone endpoint-create \
  --service-id=$(keystone service-list | awk ‘/ identity / {print $2}‘) \
  --publicurl=http://myvip:5000/v2.0 \
  --internalurl=http://myvip:5000/v2.0 \
  --adminurl=http://myvip:35357/v2.0

为防止keystone绑定地址与haproxy冲突,为各节点设置绑定地址:
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_bind_host controller1
# openstack-config --set /etc/keystone/keystone.conf DEFAULT public_bind_host controller1
# systemctl restart openstack-keystone.service

在所有节点编辑haproxy.cfg添加以下内容:
# vi /etc/haproxy/haproxy.cfg
listen keystone_admin_cluster
  bind 10.0.0.10:35357
  balance  source
  option  tcpka
  option  httpchk
  option  tcplog
  server controller1 10.0.0.14:35357 check inter 2000 rise 2 fall 5
  server controller2 10.0.0.12:35357 check inter 2000 rise 2 fall 5
  server controller3 10.0.0.13:35357 check inter 2000 rise 2 fall 5

listen keystone_public_internal_cluster
  bind 10.0.0.10:5000
  balance  source
  option  tcpka
  option  httpchk
  option  tcplog
  server controller1 10.0.0.14:5000 check inter 2000 rise 2 fall 5
  server controller2 10.0.0.12:5000 check inter 2000 rise 2 fall 5
  server controller3 10.0.0.13:5000 check inter 2000 rise 2 fall 5

查看haproxy资源当前在哪个节点:
# crm_mon

重启资源所在节点的haproxy服务:
# systemctl restart haproxy.service
# systemctl status -l haproxy.service

在所有节点,下载ocf资源定义:
# mkdir -p /usr/lib/ocf/resource.d/openstack
# cd /usr/lib/ocf/resource.d/openstack
# wget https://git.openstack.org/cgit/openstack/openstack-resource-agents/plain/ocf/keystone
# chmod a+rx *

在任意节点,使用“crm configure”命令添加keystone资源:
# crm configure primitive p_keystone ocf:openstack:keystone params config="/etc/keystone/keystone.conf" os_password="123456" os_username="admin" os_tenant_name="admin" os_auth_url="http://myvip:5000/v2.0/" op monitor interval="30s" timeout="30s"

时间: 2024-10-20 10:09:12

openstack controller ha测试环境搭建记录(六)——配置keystone的相关文章

openstack controller ha测试环境搭建记录(一)——操作系统准备篇

为了初步了解openstack controller ha的工作原理,搭建测试环境进行学习. 在学习该方面知识时,当前采用的操作系统版本是centos 7.1 x64.首先在ESXi中建立2台用于测试的虚机,最小化安装完成centos,配置IP分别为10.0.0.12.10.0.0.13,主机名分别为controller2.controller3. 关闭防火墙:# systemctl stop firewalld# systemctl disable firewalld 修改主机名:# host

openstack controller ha测试环境搭建记录(二)——配置corosync和pacemaker

corosync.conf请备份再编辑:# vi /etc/corosync/corosync.conf totem {        version: 2 token: 10000        token_retransmits_before_loss_const: 10        secauth: off        rrp_mode: active interface {                ringnumber: 0                bindnetaddr

openstack controller ha测试环境搭建记录(十三)——配置cinder(控制节点)

在任一控制节点创建用户:mysql -u root -pCREATE DATABASE cinder;GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456'; 在任一控制节点创建相关用户:source admin-openrc.shkeystone u

openstack controller ha测试环境搭建记录(三)——配置haproxy

haproxy.cfg请备份再编辑:# /etc/haproxy/haproxy.cfg global    chroot /var/lib/haproxy    daemon    group haproxy    maxconn 4000    pidfile /var/run/haproxy.pid    user haproxy defaults    log global    maxconn 4000    option redispatch    retries 3    time

openstack controller ha测试环境搭建记录(四)——配置mysql数据库集群

内容正式开始前,我已经在集群中添加了新的节点controller1(IP地址为10.0.0.14). 安装软件:# yum install -y mariadb-galera-server xinetd rsync 创建用于健康检查的用户:# systemctl start mysqld.service# mysql -e "CREATE USER 'clustercheck'@'localhost' IDENTIFIED BY '123456';"# systemctl stop m

openstack controller ha测试环境搭建记录(十二)——配置neutron(计算节点)

在计算节点配置内核参数:vi /etc/sysctl.confnet.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0 在计算节点使内核参数立即生效:sysctl -p 在计算节点安装软件:yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch 在计算节点修改配置文件:openstack-config --set /etc/neutron/neutro

openstack controller ha测试环境搭建记录(十四)——配置cinder(存储节点)

先简述cinder存储节点的配置:  1.IP地址是10.0.0.41:  2.主机名被设置为block1:  3.所有节点的hosts文件已添加相应条目:  4.已经配置了ntp时间同步:  5.已安装lvm2,并设置为开机自动启动:  6.已经挂载了新的存储设备/dev/sdb. 在存储节点执行下列命令:pvcreate /dev/sdb1vgcreate cinder-volumes /dev/sdb1 在存储节点和计算节点执行df命令:# df -hFilesystem         

openstack controller ha测试环境搭建记录(十一)——配置neutron(网络节点)

在网络节点配置内核参数:vi /etc/sysctl.confnet.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0 在网络节点使内核参数立即生效:sysctl -p 在网络节点安装软件:yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch 在网络节点修改配置文件:ope

openstack controller ha测试环境搭建记录(十五)——创建实例

# source demo-openrc.sh # ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh