RabbitMQ的安装与配置
yum install -y rabbitmq-server
#systemctl enable rabbitmq-server.service
#systemctl start rabbitmq-server.service
创建一个RabbitMQ的用户openstack,密码也是openstack
[root@linux-node1 ~]# rabbitmqctl add_user
openstack openstack
Creating user “openstack” …
[root@controller ~]# rabbitmqctl list_users
Listing users
openstack []
guest [administrator]
**设置
权限**
[root@linux-node1 ~]# rabbitmqctl
set_permissions openstack ".*" ".*" ".*"
Setting permissions for user
“openstack” in vhost “/” …
查看rabbitMQ的插件
[root@linux-node1 ~]# rabbitmq-plugins list
启动上面的监控插件
[root@linux-node1 ~]# rabbitmq-plugins enable
rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to
rabbit@linux-node1… started 6 plugins.
重启RabbitMQ服务
[root@linux-node1 ~]# systemctl restart
rabbitmq-server
[root@linux-node1 ~]#netstat -ntlp
![在这
里插入图片描述](https://img-blog.csdnimg.cn/20200722150627705.png)
注意:这里我们要确认数据库是安装成功的,RabbitMQ是安装成功的,这两个组件是整个openstack的核心基础组件,它们的正常工作才能支持平台的运行!!!
RabbitMQ的验证
验证RabbitMQ
在登录界面默认用户名和密码都是guest
Openstack的认证服务——keystone
Keystone概述
Keystone的部署
1、 安装keystone的支撑服务
#yum install openstack-keystone httpd mod_wsgi -y
结果:
安装内存缓冲服务memcached
Memcached 是一个高性能的分布式内存对象缓存系统,用于动态Web应用以减轻数据库负载。它通过在内存中缓存数据和对象来减少读取数据库的次数,从而提高动态、数据库驱动网站的速度。Memcached基于一个存储键/值对的hashmap。其守护进程(daemon )是用C写的,但是客户端可以用任何语言来编写,并通过memcached协议与守护进程通信。
#yum install -y memcached python-memecached
运行结果:
编辑 vim/etc/sysconfig/memcached
OPTIONS="-l
127.0.0.1,::1,192.168.56.11" 将自己的ip要加进去
开启memcache服务
#systemctl enable memcached.service
#systemctl start memcached.service
keystone的配置
1、 keystone的配置文件
所在路径 /etc/keystone
[root@controller ~]# cd
/etc/keystone
[root@controller
keystone]# ll
total 144
-rw-r----- 1 root keystone
2303 Jul 26 12:47 default_catalog.templates
-rw-r----- 1 root keystone 117987 Jul 26 19:38 keystone.conf
-rw-r----- 1 root keystone
2759 Jul 26 12:47 keystone-paste.ini
-rw-r----- 1 root keystone
1046 Jul 26 12:47 logging.conf
-rw-r----- 1 keystone
keystone 9821 Jul 26 12:47 policy.json
-rw-r----- 1 keystone
keystone 665 Jul 26 12:47
sso_callback_template.html
2、 keystone的配置
[root@linux-node1
keystone]# openssl rand -hex 10
9350cfec8e680ac68fd8 作为一个令牌用
f1348f9c5151a71f3471
[root@linux-node1
keystone]#vim keystone.conf
[DEFAULT]
...
admin_token = ADMIN_TOKEN
注意:ADMIN_TOKEN上面使用openssl生成的随机数,当然你自己也可以写一个复杂的数来代替,记好这个ADMIN_TOKEN
[database]
...
713(行数) connection = mysql+pymysql://keystone:keystone@controller/keystone
注意:KEYSTONE_DBPASS是你先前在数据库中创建keystone数据库时设定的密码,先前所设密码为keystone 查找 :/connection 可以找到connection语句。
connection = mysql+pymysql://keystone:keystone@192.168.56.104/keystone
[token]
...
2832 provider = fernet
2840 driver = memcache (添加这一行)
3、 同步数据库
[root@linux-node1
keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1
keystone]# mysql -u root -p (use keystone show)
Enter password:
Welcome to the MariaDB
monitor. Commands end with ; or \g.
Your MariaDB connection
id is 4
Server version:
10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016,
Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for
help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use
keystone;
Reading table information
for completion of table and column names
You can turn off this
feature to get a quicker startup with -A
Database changed
MariaDB [keystone]>
show tables;
MariaDB [keystone]>exit
Bye
[root@linux-node1 keystone]#
注意同步数据库时我们使用的命令是:
su -s /bin/sh -c
"keystone-manage db_sync" keystone
如果是root用户同步的话权限改为root,后续在启动keystone时,keystone用户就无法向该日志文件写内容了,就没法正常启动keystone服务了。
(chown keystone
keystone.log)把根用户root改为keystone。
这里keystone的配置就完成了,我们做了哪些配置工作呢?可以使用如下命令进行查看
[root@linux-node1
keystone]#
grep '^[a-Z]'
/etc/keystone/keystone.conf
admin_token = 9350cfec8e680ac68fd8
connection =
mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet
driver = memcache
初始化Fernet keys
[root@linux-node1 keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
发现多了一个目录fernet-keys
配置Apache HTTP Server
(1)设置HTTP ServerName
编辑配置文件 /etc/httpd/conf/httpd.conf
[root@linux-node1 ~]#
95 ServerName
192.168.56.11:80
(2) 配置HTTP下的keystone文件
在/etc/httpd/conf.d/下创建文件
wsgi-keystone.conf,将以下内容写入配置文件中
[root@linux-node1 ~]# vim/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost
*:5000>
WSGIDaemonProcess keystone-public
processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias /
/usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log
combined
<Directory /usr/bin>
Require all granted
</Directory>
<VirtualHost
*:35357>
WSGIDaemonProcess keystone-admin
processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias /
/usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog
/var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
保存退出
(3) 启动Apache
[root@linux-node1 conf.d]# systemctl enable httpd.service
Created symlink from
/etc/systemd/system/multi-user.target.wants/httpd.service to
/usr/lib/systemd/system/httpd.service.
[root@linux-node1
conf.d]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service
to /usr/lib/systemd/system/memcached.service.
[root@linux-node1
conf.d]# systemctl start memcached
[root@linux-node1
conf.d]# systemctl start httpd
[root@linux-node1
conf.d]# netstat -ntlp
注意:这里只要看到上述端口的监听就表示keystone的工作时正常的,后续工作可以继续!!
这里如果启动不成功,大家可以修改keystone的配置文件中的debug,然后查看日志文件来排错
日志文件的路径
/var/log/keystone/keystone.log
Keystone的权限管理
1、 Create the service entity and API endpoints
export OS_TOKEN=9350cfec8e680ac68fd8
export OS_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@linux-node1 ~]#
export OS_TOKEN=f1348f9c5151a71f3471
[root@linux-node1 ~]#
export OS_URL=http://192.168.56.104:35357/v3
[root@linux-node1 ~]#
export OS_IDENTITY_API_VERSION=3
2、创建default域
[root@linux-node1 ~]#
openstack domain create --description "Default Domain" default
3 、Create an administrative project
(1)创建一个Admin项目
[root@linux-node1 ~]#
openstack project create --domain default --description "Admin
Project" admin
(2)创建一个admin user
[root@linux-node1
Password:admin
(3)创建一个admin role
[root@linux-node1 ~]#
openstack role create admin
Add the admin role to the
admin project and user
[root@linux-node1 ~]#
openstack role add --project admin --user admin admin
4 、创建一个Service Project
[root@linux-node1 ~]#
openstack project create --domain default --description "Service
Project" service
5、 创建一个Demo Project
(1)创建一个Demo项目
[root@linux-node1
~]# openstack project create --domain
default --description "Demo Project" demo
(2)创建一个Demo用户
[root@linux-node1 ~]#
openstack user create --domain default
--password-prompt demo
Password:demo
(3)创建一个Demo的角色
[root@linux-node1 ~]#
openstack role create user
(4)Add the user role to the demo project and user
[root@linux-node1 ~]#
openstack role add --project demo --user demo user
5、 创建各个项目连接keystone的用户
显示已经创建的项目
[root@linux-node1 ~]#
openstack project list
下面给service添加用户
1 、创建Glance
[root@linux-node1 ~]#
openstack user create --domain default --password-prompt Glance
Password:glance
然后将Glance用户添加到service项目并赋予admin角色
[root@linux-node1 ~]#
openstack role add --project service --user Glance admin
2 、创建nova用户
[root@linux-node1 ~]#
openstack user create --domain default --password-prompt nova
Password:nova
[root@linux-node1 ~]#
openstack role add --project service --user nova admin
3、 创建neutron用户
[root@linux-node1 ~]#
openstack user create --domain default --password-prompt neutron
Password:neutron
[root@linux-node1 ~]#
openstack role add --project service --user neutron admin
创建完毕后,我们可以使用如下命令来查看所创建的用户信息
[root@linux-node1 ~]#
openstack user list
可以使用下面的命令来查看所创建的角色信息
[root@linux-node1 ~]#
openstack role list (删除命令:openstack role
delete 950989.。。。)
[root@linux-node1 ~]#
mysql -u root -p
MariaDB [(none)]>use
keystone;
MariaDB
[keystone]>select * from user
注意:user表中的id代表的是什么呢?
6、 创建service entity and API endpoints
确定需要的环境变量存在
[root@linux-node1 ~]# env
| grep OS
HOSTNAME=linux-node1.example.com
OS_IDENTITY_API_VERSION=3
OS_TOKEN=8444437044b916001196
OS_URL=http://192.168.56.104:35357/v3
1 、创建Openstack Identity
[root@linux-node1 ~]#
openstack service create --name keystone --description "OpenStack
Identity" identity
2、 创建 Openstack 的url-public
[root@linux-node1 ~]#
openstack endpoint create --region RegionOne identity public http://192.168.56.104:5000/v3
3 、创建 Openstack 的url-internal
[root@linux-node1 ~]#
openstack endpoint create --region RegionOne identity internal http://192.168.56.104:5000/v3
4、 创建 Openstack 的url-admin
[root@linux-node1 ~]#
openstack endpoint create --region RegionOne identity admin http://192.168.56.104:35357/v3
5、 测试能否连接keystone
(1)释放掉环境变量 OS_TOEKN OS_URL
[root@linux-node1 ~]#
unset OS_TOKEN OS_URL
(2)连接keystone
[root@linux-node1
keystone]# openstack --os-auth-url http://192.168.56.104:35357/v3
--os-project-domain-name default --os-user-domain-name default
--os-project-name admin --os-username admin token issue
Password :admin
验证demo用户能否登录
[root@linux-node1
keystone]# openstack --os-auth-url http://192.168.56.104:35357/v3
--os-project-domain-name default --os-user-domain-name default
--os-project-name demo --os-username demo token issue
大家也发现这样的方法书写的命令太长,不便于记忆,我们可以将环境变量写在文件中,每次调用即可。
[root@linux-node1 ~]# pwd/root
[root@linux-node1 ~]# vim admin-openrc.sh
将以下内容写在该文件中,并保存
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
将ADMIN_PASS修改为admin,controller修改为192.168.56.104
当环境变量修改后,使其生效用source 加文件名。
下面我们来测试
[root@linux-node1 ~]#
openstack endpoint list
Missing parameter(s):
Set a username with
–os-username, OS_USERNAME, or auth.username
Set an authentication
URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a
project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME
or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME
or auth.domain_name
[root@linux-node1 ~]#
source admin-openrc.sh
[root@linux-node1 ~]#
openstack endpoint list
同样的方法,配置demo登录需要的环境变量
[root@linux-node1 ~]# vim
demo-openrc.sh
将以下内容写在该文件中,并保存
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
将DEMO_PASS修改为demo