首先登录controller1创建keystone数据库,并赋于远程和本地访问的权限。
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘venic8888‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘venic8888‘;
flush PRIVILEGES;
2台controller服务器(kxcontrolelr1 kxcontroller2) 安装其它无状态服务的组件,
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
先开启memcache
systemctl enable memcached.service
systemctl start memcached.service
controller1上
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = venicchina
verbose = True
[database]
connection = mysql://keystone:[email protected]/keystone
[memcache]
servers = controller1:11211
[token]
provider = uuid
driver = memcache
expiration = 86400
caching = true
cache_time = 86400
[revoke]
driver = sql
expiration_buffer = 86400
caching = true
cache_time = 86400
[catalog]
driver = keystone.catalog.backends.sql.Catalog
[identity]
driver = keystone.identity.backends.sql.Identity
controller2上
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = venicchina
verbose = True
[database]
connection = mysql://keystone:[email protected]/keystone
[memcache]
servers = controller2:11211
[token]
provider = uuid
driver = memcache
expiration = 86400
caching = true
cache_time = 86400
[revoke]
driver = sql
expiration_buffer = 86400
caching = true
cache_time = 86400
[catalog]
driver = keystone.catalog.backends.sql.Catalog
[identity]
driver = keystone.identity.backends.sql.Identity
以上的每个配置中两组黄色底86400的是给token定义失效时间,默认30分钟或1小时,因为有时迁移一些很大的实例时,迁移大200G的时候,时间会超过,到时会有token报错,到时实例就废掉了。加大时长是必须,这里我定义1天超时
在其中一台kxcontroller1同步数据库,生成表单
su -s /bin/sh -c "keystone-manage db_sync" keystone
---------------------------------------
修改httpd配置
controller1上
vi /etc/httpd/conf/httpd.conf
ServerName controller1
改
Listen 80 这一条为以下行:
Listen 10.40.42.1:80#与VIP监听的IP不同
controller2上
vi /etc/httpd/conf/httpd.conf
ServerName controller2
改
Listen 80 这一条为以下行:
Listen 10.40.42.2:80#与VIP监听的IP不同
------------------------------------------
controller1上
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 10.40.42.1:5000
Listen 10.40.42.1:35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
controller2上
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 10.40.42.2:5000
Listen 10.40.42.2:35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
2台controller服务启动,加入开机自启
# systemctl enable httpd.service
# systemctl start httpd.service
验证:在haproxy的页面http://10.40.42.10:8888/stats上查看80 5000 35357端口状态转发是否成功