安装在controller节点
一、数据库
1、要求controller和compute节点的数据库能互相访问
2、 mysql -u root -p
3、生成一个随机的字符串
二、
1、安装memcached
2、Edit the /etc/keystone/keystone.conf file and complete the following actions:
同步keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
注意:如果报错No handlers could be found for logger "oslo_config.cfg"
解决办法:去掉verbose = True这行
3、配置Apache
Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:
Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:
配置之后启动http服务
三、
1.设置环境变量
2.Create the service entity and API endpoints
报错:Unable to establish connection to http://controller:35357/v3/services
检查35357端口是否已经被监听,如果没有,就检查配置文件是否写错
3.创建endpoint
Create the Identity service API endpoints:
四、创建project、user、role并关联
1.admin
2.demo
五、
1、For security reasons, disable the temporary authentication token mechanism:
Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
2、
3、As the admin user, request an authentication token:
用这一长串访问keystone时,不能有相关的环境变量,所以要unset
4、As the demo user, request an authentication token:
六、
1.Creating the scripts
2.Using the scripts
Request an authentication token:
一、数据库
1、要求controller和compute节点的数据库能互相访问
grant all on *.* to root@'%' identified by "mima" WITH GRANT OPTION;
flush privileges;
2、 mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
3、生成一个随机的字符串
openssl rand -hex 10
假设为aaaaa
二、
1、安装memcached
yum install openstack-keystone httpd mod_wsgi memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
2、Edit the /etc/keystone/keystone.conf file and complete the following actions:
[DEFAULT]
admin_token = ADMIN_TOKEN(aaaaa)
verbose = True
[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
[memcache]
servers = localhost:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
同步keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
注意:如果报错No handlers could be found for logger "oslo_config.cfg"
解决办法:去掉verbose = True这行
3、配置Apache
Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:
ServerName controller
Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
配置之后启动http服务
systemctl enable httpd.service
systemctl start httpd.service
三、
1.设置环境变量
export OS_TOKEN=ADMIN_TOKEN(aaaaa)
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
2.Create the service entity and API endpoints
openstack service create --name keystone --description "OpenStack Identity" identity
报错:Unable to establish connection to http://controller:35357/v3/services
检查35357端口是否已经被监听,如果没有,就检查配置文件是否写错
3.创建endpoint
Create the Identity service API endpoints:
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
四、创建project、user、role并关联
1.admin
openstack project create --domain default \
--description "Admin Project" admin
openstack user create --domain default \
--password-prompt admin
User Password:
Repeat User Password:
openstack role create admin
openstack role add --project admin --user admin admin
2.demo
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
openstack role create user
openstack role add --project demo --user demo user
五、
1、For security reasons, disable the temporary authentication token mechanism:
Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
2、
unset OS_TOKEN OS_URL
3、As the admin user, request an authentication token:
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-id default --os-user-domain-id default \
--os-project-name admin --os-username admin --os-auth-type password \
token issue
Password:
用这一长串访问keystone时,不能有相关的环境变量,所以要unset
4、As the demo user, request an authentication token:
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-id default --os-user-domain-id default \
--os-project-name demo --os-username demo --os-auth-type password \
token issue
Password:
六、
1.Creating the scripts
vim admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS //注意替换
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
vim demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS //注意替换
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
2.Using the scripts
source admin-openrc.sh
Request an authentication token:
openstack token issue