CentOS部署keystone服务
部署keystone服务有官方教程,当然也可以参考此文档。
不废话,下面直接上部署流程,希望能帮到需要的人。
本次部署使用的基础环境是CentOS7
1. 安装依赖
yum install mariadb mariadb-server centos-release-openstack-stein openstack-keystone httpd mod_wsgi -y
2. 数据库配置
# 设置开机启动,并启动mariadb
systemctl enable mariadb
systemctl start mariadb
# 初始化数据库密码
mysqladmin -u root password 'password'
# 登陆数据库进行相关操作
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
3. 配置hosts文件
vim /etc/hosts # 添加如下内容
ip controller
4. 配置keystone
vim /etc/keystone/keystone.conf
# 分别在[database]和[token]下方添加如下配置
[database]
connection = mysql+pymysql://keystone:password@controller/keystone
[token]
provider = fernet
5. 为keystone配置数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6. 初始化keystone服务
keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
7. 配置Apache服务
vim /etc/httpd/conf/httpd.conf # 添加如下配置
ServerName controller
# 为/usr/share/keystone/wsgi-keystone.conf建立软连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# 启动Apache http服务,并设置开机启动
systemctl enable httpd.service
systemctl start httpd.service
8. 配置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
9. keystone验证
# 使用如下命令访问keystone服务,如果能正常输出则表示服务正常。
curl -si -H "Content-type: application/json" -X POST -d '{"auth": {"identity": {"methods": ["password"],"password": {"user": {"domain": {"name": "Default"},"name": "admin","password": "admin"}}}}}' http://controller:5000/v3/auth/tokens