下载新版本并备份相关文件及数据
前面已经比较过Keystone在E版和F版中的一些差异,现在该是升级的时候了。原Keystone的Essex版本是在CentOS6.2下通过源代码安装的,后面在epel的rpm安装包找了个init脚本,使得Keystone能通过service管理并在开机时自动运行,因此这里仍然通过源代码进行升级。以防万一,首先要备份相关旧版的文件、数据,要备份的文件主要包括/usr/bin下的三个文件,/etc/keystone下的所有配置文件以及数据库keystone,命令如下所示:
[root@stackcc update_keystone]# wget https://launchpad.net/keystone/folsom/2012.2/+download/keystone-2012.2.tar.gz
[root@stackcc update_keystone]# mkdir -p backup/bin
[root@stackcc update_keystone]# cp /usr/bin/keystone* backup/bin/
[root@stackcc update_keystone]# mkdir backup/etc
[root@stackcc update_keystone]# cp /etc/keystone/* backup/etc/
[root@stackcc update_keystone]# mysqldump -ukeystone -p keystone > backup/keystone.sql
停止Keystone服务并安装F版Keystone
[root@stackcc update_keystone]# service keystone stop
[root@stackcc update_keystone]# tar -zxf keystone-2012.2.tar.gz
[root@stackcc update_keystone]# cd keystone-2012.2
[root@stackcc keystone-2012.2]# python setup.py install > keystone.info
配置F版Keystone
主要修改了admin_token、log选项、sql选项、token和ec2选项,如下所示:
[root@stackcc keystone-2012.2]# rm -fr /etc/keystone/*
[root@stackcc keystone-2012.2]# cp etc/* /etc/keystone/
[root@stackcc keystone-2012.2]# ll /etc/keystone/
total 20
-rw-r--r-- 1 root root 1539 Nov 4 19:42 default_catalog.templates
-rw-r--r-- 1 root root 5753 Nov 4 19:42 keystone.conf.sample
-rw-r--r-- 1 root root 758 Nov 4 19:42 logging.conf.sample
-rw-r--r-- 1 root root 59 Nov 4 19:42 policy.json
[root@stackcc keystone-2012.2]# mv /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf
[root@stackcc keystone-2012.2]# mv /etc/keystone/logging.conf.sample /etc/keystone/logging.conf
[root@stackcc keystone-2012.2]# cat /etc/keystone/keystone.conf
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token = 7d97448231c0a2bac8a3
# The IP address of the network interface to listen on
# bind_host = 0.0.0.0
# The port number which the public service listens on
# public_port = 5000
# The port number which the public admin listens on
# admin_port = 35357
# The port number which the OpenStack Compute service listens on
# compute_port = 8774
# === Logging Options ===
# Print debugging output
# verbose = False
# Print more verbose output
# (includes plaintext request logging, potentially including passwords)
# debug = False
# Name of log file to output to. If not set, logging will go to stdout.
log_file = keystone.log
# The directory to keep log files in (will be prepended to --logfile)
log_dir = /var/log/keystone
# Use syslog for logging.
# use_syslog = False
# syslog facility to receive log lines
# syslog_log_facility = LOG_USER
# If this option is specified, the logging configuration file specified is
# used and overrides any other logging options specified. Please see the
# Python logging module documentation for details on logging configuration
# files.
# log_config = logging.conf
# A logging.Formatter log message format string which may use any of the
# available logging.LogRecord attributes.
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# Format string for %(asctime)s in log records.
# log_date_format = %Y-%m-%d %H:%M:%S
# onready allows you to send a notification when the process is ready to serve
# For example, to have it notify using systemd, one could set shell command:
# onready = systemd-notify --ready
# or a module with notify() method:
# onready = keystone.common.systemd
[sql]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://keystone:keystone@localhost/keystone
# the timeout before idle sql connections are reaped
# idle_timeout = 200
[identity]
# driver = keystone.identity.backends.sql.Identity
[catalog]
# dynamic, sql-based backend (supports API/CLI-based management commands)
# driver = keystone.catalog.backends.sql.Catalog
# static, file-based backend (does *NOT* support any management commands)
# driver = keystone.catalog.backends.templated.TemplatedCatalog
# template_file = default_catalog.templates
[token]
driver = keystone.token.backends.sql.Token
# Amount of time a token should remain valid (in seconds)
# expiration = 86400
[policy]
# driver = keystone.policy.backends.rules.Policy
[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2
[ssl]
#enable = True
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True
[signing]
#token_format = UUID
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None
#token_format = PKI
[ldap]
# url = ldap://localhost
# user = dc=Manager,dc=example,dc=com
# password = None
# suffix = cn=example,cn=com
# use_dumb_member = False
# user_tree_dn = ou=Users,dc=example,dc=com
# user_objectclass = inetOrgPerson
# user_id_attribute = cn
# user_name_attribute = sn
# tenant_tree_dn = ou=Groups,dc=example,dc=com
# tenant_objectclass = groupOfNames
# tenant_id_attribute = cn
# tenant_member_attribute = member
# tenant_name_attribute = ou
# role_tree_dn = ou=Roles,dc=example,dc=com
# role_objectclass = organizationalRole
# role_id_attribute = cn
# role_member_attribute = roleOccupant
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
[filter:url_normalize]
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
[pipeline:admin_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = stats_monitoring url_normalize xml_body public_version_service
[pipeline:admin_version_api]
pipeline = stats_monitoring url_normalize xml_body admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api
同步数据库并启动Keystone
[root@stackcc keystone-2012.2]# keystone-manage db_sync
[root@stackcc keystone-2012.2]# chmod 640 /etc/keystone/*
[root@stackcc keystone-2012.2]# chown -R keystone:keystone /etc/keystone
[root@stackcc keystone-2012.2]# service keystone start
验证
[root@stackcc keystone-2012.2]# source ~/.openstackrc
[root@stackcc keystone-2012.2]# keystone user-list
+----------------------------------+---------+--------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+--------------------+--------+
| 397dd3be88b6492caa88521502b07617 | True | sigsit@example.com | sigsit |
| 4014d8d779c7463e8e7c3253360ff448 | True | admin@example.com | admin |
| 63e2819834924b39be950d14fcb25120 | True | nova@example.com | nova |
| 88e6450633c944eca7a1c5bc74b994ce | True | ugyn@qq.com | ugyn |
| a94110d755f9415b9adb685b43beb093 | True | glance@example.com | glance |
| bdfaf996fbdf4e42b3d7898b365a72cb | True | swift@example.com | swift |
+----------------------------------+---------+--------------------+--------+
[root@stackcc keystone-2012.2]# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 64498ea937dd411385e13b40dbf43061 | admin | True |
| b61cec3f3a47403e9cfeb49c12af29ab | service | True |
| c6159a4f3dd34a2b83527499a40dbd2b | sigsit | True |
+----------------------------------+---------+---------+
[root@stackcc keystone-2012.2]# keystone service-list
+----------------------------------+-------------+--------------+---------------------------+
| id | name | type | description |
+----------------------------------+-------------+--------------+---------------------------+
| 00217d2721e94cee9f4c27c8c2f89f52 | swift | object-store | Swift Service |
| 0b0ec80909084f6f9ca8e6c880bd9e6a | nova-volume | volume | Nova Volume Service |
| 109991c86f00437aa8d6cb068acc142e | nova | compute | Nova Compute Service |
| 5ed302eedbfe4635b5af14f81200c826 | ec2 | ec2 | EC2 Compatibility Layer |
| 621f008efd9146db8b395eefc078de3f | glance | image | Glance Image Service |
| 8cda7f68aee6458ca80dd6b13f7cb205 | horizon | dashboard | OpenStack Dashboard |
| e0ac1fb0b21d4ec5ae8299c8ba3b3fed | keystone | identity | Keystone Identity Service |
+----------------------------------+-------------+--------------+---------------------------+
[root@stackcc keystone-2012.2]# keystone endpoint-list
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
| 7794675fe0d34564a3e36f3a9abf0dde | RegionOne | http://10.61.2.12:8773/services/Cloud | http://10.61.2.12:8773/services/Cloud | http://10.61.2.12:8773/services/Admin |
| 7e4496ad141343daa1de46fc84bedfa2 | RegionOne | http://10.61.2.12:$(public_port)s/v2.0 | http://10.61.2.12:$(admin_port)s/v2.0 | http://10.61.2.12:$(admin_port)s/v2.0 |
| 945017f40c8d47c8bd3e9adc85d90d79 | RegionOne | http://10.61.2.12:8888/v2/AUTH_$(tenant_id)s | http://10.61.2.12:8888/v2/AUTH_$(tenant_id)s | http://10.61.2.12:8888/ |
| 9584cc8ab68e40da86d624f62cf29331 | RegionOne | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s |
| bfb6a52efd3e4bd68dcfd1df51367740 | RegionOne | http://10.61.2.12:8776/v1/$(tenant_id)s | http://10.61.2.12:8776/v1/$(tenant_id)s | http://10.61.2.12:8776/v1/$(tenant_id)s |
| ef02c9245d3144219b1548bc633061c3 | RegionOne | http://10.61.2.12:9292/v1 | http://10.61.2.12:9292/v1 | http://10.61.2.12:9292/v1 |
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
最后测试从Horizon登录,创建实例再删除,从Object Store下载一个小文件,上传文件,删除文件均正常。因此Keystone的升级算圆满完成了。接下来考虑Glance的升级。。。