Ubuntu 14.04一步一步安装Openstack Kilo版本-7(keystone)

最新推荐文章于 2023-01-17 20:34:37 发布
最新推荐文章于 2023-01-17 20:34:37 发布
阅读量2.3k 收藏 1
点赞数
分类专栏: 云计算

7.1.  创建数据库

mysql -u root -p

create database keystone;

grant all privileges on keystone.* to'keystone'@'kilo' identified by 'keystone_dbpass';

grant all privileges on keystone.* to'keystone'@'localhost' identified by 'keystone_dbpass';

grant all privileges on keystone.* to'keystone'@'%' identified by 'keystone_dbpass';

exit

7.2.  生成token

openssl rand -hex 10

ae3b19ba29ee81a66b3a

7.3.  安装keystone

默认keystone服务监听端口5000 和 35357,尽管如此向导配置 Apache HTTP server 监听这些端口,为了避免端口冲突,安装后禁止开机启动keystone 服务

sudo bash -c "echo manual > /etc/init/keystone.override"

 

sudo apt-get install keystonepython-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

 

sudo apt-get install libmysqld-dev python2.7-dev

 

sudo apt-get install python-dateutilpython-docutils python-feedparser python-gdata python-jinja2 python-ldappython-libxslt1 python-lxml python-mako python-mock python-openidpython-psycopg2 python-psutil python-pybabel python-pychart python-pydotpython-pyparsing python-reportlab python-simplejson python-tz python-unittest2python-vatnumber python-vobject python-webdav python-werkzeug python-xlwtpython-yaml python-zsi

 

sudo apt-get install python-pip

sudo easy_install MySQL-python

7.4.  编辑keystone.conf

vim /etc/keystone.conf

 

[DEFAULT]

admin_token=ae3b19ba29ee81a66b3a

verbose = true

log_dir = /var/log/keystone

 

 

 

[database]

connection =mysql://keystone:keystone_dbpass@kilo/keystone

 

[memcache]

servers = localhost:11211

 

[token]

provider =keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

 

[revoke]

driver =keystone.contrib.revoke.backends.sql.Revoke

7.5.  生成keystone数据库

sudo bash -c "keystone-managedb_sync" keystone

 

7.6.  配置Apache HTTP Server

7.6.1.   apache2.conf

vim /etc/apache2/apache2.conf

ServerName kilo

7.6.2.   wsgi-keystone.conf

vim/etc/apache2/sites-available/wsgi-keystone.conf

Listen 5000

Listen 35357

 

<VirtualHost*:5000>

    WSGIDaemonProcess keystone-publicprocesses=5 threads=1 user=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /var/www/cgi-bin/keystone/main

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    <IfVersion >= 2.4>

      ErrorLogFormat "%{cu}t %M"

    </IfVersion>

    LogLevel info

    ErrorLog/var/log/apache2/keystone-error.log

    CustomLog/var/log/apache2/keystone-access.log combined

</VirtualHost>

 

<VirtualHost*:35357>

    WSGIDaemonProcess keystone-adminprocesses=5 threads=1 user=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    <IfVersion >= 2.4>

      ErrorLogFormat "%{cu}t %M"

    </IfVersion>

    LogLevel info

    ErrorLog/var/log/apache2/keystone-error.log

    CustomLog /var/log/apache2/keystone-access.logcombined

</VirtualHost>

 

7.6.3.   禁用默认的虚拟主机

sudo rm/etc/apache2/sites-enabled/000-default.conf

7.6.4.   启用Identify服务virtual host

sudo ln -s/etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

7.6.5.   创建WSGI组件的目录结构

 

mkdir -p /var/www/cgi-bin/keystone

7.6.6.   下载WSGI 组件

sudo apt-get install curl

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo| tee admin main

其中admin和main的内容:

# Copyright 2013OpenStack Foundation

#

#    Licensed under the Apache License, Version2.0 (the "License"); you may

#    not use this file except in compliance withthe License. You may obtain

#    a copy of the License at

#

#        http://www.apache.org/licenses/LICENSE-2.0

#

#    Unless required by applicable law or agreedto in writing, software

#    distributed under the License isdistributed on an "AS IS" BASIS, WITHOUT

#    WARRANTIES OR CONDITIONS OF ANY KIND, eitherexpress or implied. See the

#    License for the specific language governingpermissions and limitations

#    under the License.

 

import os

 

fromkeystone.server import wsgi as wsgi_server

 

 

name =os.path.basename(__file__)

 

# NOTE(ldbragst):'application' is required in this context by WSGI spec.

# The followingis a reference to Python Paste Deploy documentation

#http://pythonpaste.org/deploy/

application =wsgi_server.initialize_application(name)

 

sudo mkdir -p /var/www/cgi-bin/keystone

sudo cp main admin/var/www/cgi-bin/keystone/

 

7.6.7.   修改权限

sudo chown -R keystone:keystone/var/www/cgi-bin/keystone

sudo chmod 755 /var/www/cgi-bin/keystone/*

 

7.6.8.   重启apache

sudo service keystone stop

sudo rm -rf /var/lib/keystone/keystone.db

sudo service apache2 restart

7.7.  创建服务实例和API endpoint

7.7.1.   配置token

此token就是最前面生成的,在/etc/keystone/keystone.conf的里面的值

export OS_TOKEN=ae3b19ba29ee81a66b3a

7.7.2.   配置endpoint URL

export OS_URL=http://kilo:35357/v2.0

7.7.3.   服务实例和API endpoint

openstack service create --name keystone--description "Openstack Identity" identity

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description |Openstack Identity               |

| enabled     | True                             |

| id          | 4bd57cab43ca468e88a7400f9fb1f408 |

| name        | keystone                         |

| type        | identity                         |

+-------------+----------------------------------+

 

openstack endpoint create --publicurlhttp://kilo:5000/v2.0 --internalurl http://kilo:5000/v2.0 --adminurlhttp://kilo:35357/v2.0 --region RegionOne identity

 

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| adminurl     | http://kilo:35357/v2.0           |

| id           | 06ec8b819388494a98cb88a7c78203f8 |

|internalurl  | http://kilo:5000/v2.0            |

| publicurl    | http://kilo:5000/v2.0            |

| region       | RegionOne                        |

| service_id   | 4bd57cab43ca468e88a7400f9fb1f408 |

| service_name |keystone                         |

| service_type |identity                         |

+--------------+----------------------------------+

 

7.8.  创建管理员租户、用户和角色

7.8.1.   创建admin租户

openstack project create --description"Admin Project" admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description |Admin Project                    |

| enabled     | True                             |

| id          | 9e4ff200c6994bd6bd6e589c21afa2f8 |

| name        | admin                            |

+-------------+----------------------------------+

 

 

7.8.2.   创建admin用户

openstack user create --password-promptadmin

User Password:

Repeat UserPassword:

+----------+----------------------------------+

| Field    | Value                            |

+----------+----------------------------------+

| email    | None                             |

| enabled  | True                             |

| id       | 4d95b044ee0b45b689feb081c59c4dd2 |

| name     | admin                            |

| username |admin                            |

+----------+----------------------------------+

 

7.8.3.   创建admin角色

openstack role create admin

+-------+----------------------------------+

| Field |Value                            |

+-------+----------------------------------+

| id    | 14b826a870464c67900a963d675cc8cb |

| name  | admin                            |

+-------+----------------------------------+

7.8.4.   添加admin角色到admin租户和用户

openstack role add --project admin --useradmin admin

+-------+----------------------------------+

| Field |Value                            |

+-------+----------------------------------+

| id    | 14b826a870464c67900a963d675cc8cb |

| name  | admin                            |

+-------+----------------------------------+

 

7.9.  创建一个service租户

openstack project create --description"Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description |Service Project                  |

| enabled     | True                             |

| id          | 59ed3315efaa43f1aba5b935b7509157 |

| name        | service                          |

+-------------+----------------------------------+

7.10. 创建非管理员demo租户

7.10.1.  创建demo租户

openstack project create --description"Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description |Demo Project                     |

| enabled     | True                             |

| id          | 76f2a7cabeae4075af5b4f8b0aff4619 |

| name        | demo                             |

+-------------+----------------------------------+

7.10.2.  创建demo用户

openstack user create --password-promptdemo

User Password:

Repeat UserPassword:

+----------+----------------------------------+

| Field    | Value                            |

+----------+----------------------------------+

| email    | None                             |

| enabled  | True                             |

| id       | 3b9b50cce7c243059862dc8f4d1e5438 |

| name     | demo                             |

| username |demo                             |

+----------+----------------------------------+

 

7.10.3.  创建_member_角色

openstack role create _member_

+-------+----------------------------------+

| Field |Value                            |

+-------+----------------------------------+

| id    | 9fe2ff9ee4384b1894a90878d3e92bab |

| name  | _member_                         |

+-------+----------------------------------+

7.10.4.  添加_member_角色到demo租户和用户

openstack role add --project demo --userdemo _member_

+-------+----------------------------------+

| Field |Value                            |

+-------+----------------------------------+

| id    | 9fe2ff9ee4384b1894a90878d3e92bab |

| name  | _member_                         |

+-------+----------------------------------+

 

7.11. 验证keystone安装部署

7.11.1.  为了安全,禁用临时token

编辑/etc/keystone/keystone-paste.ini 文件 , 移除 admin_token_auth从 [pipeline:public_api], [pipeline:admin_api], 和 [pipeline:api_v3] 部分

7.11.2.  去掉环境变量OS_TOKEN和OS_URL

unset OS_TOKEN OS_URL

7.11.3.  作为管理员,请求身份验证令牌API版本2

openstack --os-auth-url http://kilo:35357--os-project-name admin --os-username admin --os-auth-type password token issue

Password: (admin的密码)

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2015-05-25T06:36:29Z             |

| id         | dfc8bf7eb61449b2a88e80985c5e51a8 |

| project_id |9e4ff200c6994bd6bd6e589c21afa2f8 |

| user_id    | 4d95b044ee0b45b689feb081c59c4dd2 |

+------------+----------------------------------+

 

7.11.4.    Identity版本 3 API 添加支持域

openstack --os-auth-url http://kilo:35357--os-project-domain-id default --os-user-domain-id default --os-project-nameadmin --os-username admin --os-auth-type password token issue

Password: (admin的密码)

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2015-05-25T06:39:16.198261Z      |

| id         | e3cbd99b3e1f42cb96ee5b98464a0cf1 |

| project_id |9e4ff200c6994bd6bd6e589c21afa2f8 |

| user_id    | 4d95b044ee0b45b689feb081c59c4dd2 |

+------------+----------------------------------+

7.11.5.  admin,列出用户作为admin核实admin可以执行 admin-only CLI 命令

openstack --os-auth-url http://kilo:35357--os-project-name admin --os-username admin --os-auth-type password projectlist

Password: (admin的密码)

+----------------------------------+---------+

| ID                               | Name    |

+----------------------------------+---------+

| 59ed3315efaa43f1aba5b935b7509157| service |

|76f2a7cabeae4075af5b4f8b0aff4619 | demo   |

|9e4ff200c6994bd6bd6e589c21afa2f8 | admin  |

+----------------------------------+---------+

 

7.11.6.  admin,列出用户核实认证服务

openstack --os-auth-url http://kilo:35357--os-project-name admin --os-username admin --os-auth-type password user list

Password: (admin的密码)

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| 4d95b044ee0b45b689feb081c59c4dd2| admin |

|3b9b50cce7c243059862dc8f4d1e5438 | demo |

+----------------------------------+-------+

 

7.11.7.  admin列出角色验证keystone服务

openstack --os-auth-url http://kilo:35357--os-project-name admin --os-username admin --os-auth-type password role list

Password: (admin的密码)

+----------------------------------+----------+

| ID                               | Name     |

+----------------------------------+----------+

|14b826a870464c67900a963d675cc8cb | admin   |

| 9fe2ff9ee4384b1894a90878d3e92bab| _member_ |

+----------------------------------+----------+

 

7.11.8.  Demo,请求token认证从3版本的API

 

openstack --os-auth-url http://kilo:35357--os-project-domain-id default --os-user-domain-id default --os-project-namedemo --os-username demo --os-auth-type password token issue

Password: (demo的密码)

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2015-05-25T06:48:22.322489Z      |

| id         | c3cc2c309e454a65a8d6a7b45a6c56c3 |

| project_id |76f2a7cabeae4075af5b4f8b0aff4619 |

| user_id    | 3b9b50cce7c243059862dc8f4d1e5438 |

+------------+----------------------------------+

 

 

7.12. keystone环境变量

7.12.1.  创建脚本

vim admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

exportOS_USER_DOMAIN_ID=default

exportOS_PROJECT_NAME=admin

exportOS_TENANT_NAME=admin

exportOS_USERNAME=admin

exportOS_PASSWORD=admin

exportOS_AUTH_URL=http://kilo:35357/v3

 

vim demo-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

exportOS_USER_DOMAIN_ID=default

exportOS_PROJECT_NAME=demo

exportOS_TENANT_NAME=demo

exportOS_USERNAME=demo

exportOS_PASSWORD=demo

exportOS_AUTH_URL=http://kilo:5000/v3

 

7.12.2.  执行脚本,认证令牌

source admin-openrc.sh

openstack token issue

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2015-05-25T07:00:18.609990Z      |

| id         | d9d853c69d76433fb0a95b41bb5bd8d6 |

| project_id |9e4ff200c6994bd6bd6e589c21afa2f8 |

| user_id    | 4d95b044ee0b45b689feb081c59c4dd2 |

+------------+----------------------------------+

 

牛角上的男孩
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Ubuntu 14.04一步一步安装Openstack Kilo版本
06-14
ubuntu 14.04安装部署openstack kilo版本,用于想了解云计算方面的工程师等
openstack-kilo-multinode-U14.04-v1:在Ubuntu 14.04安装OpenStack Kilo
05-08
[0.Openstack在多节点上的KILO安装指南-英语版本]( [第一的。 链接以在多个服务器上安装OpenStack 英语]( 2.执行组: 名字和姓氏 尼克·斯凯普(Nick Skype) 电子邮件 琅Hu团 ulu头ulu Le Quang Hieu ...
ubuntu14.04安装openstack kilo
liukuan73的专栏
09-16 3567
1.cd /home/lk    git clone -b stable/kilo https://git.openstack.org/openstack-dev/devstack 2.为避免网络的各种问题浪费时间,提前把各种所需包下载到本地:    cd /opt/stack    git clone -b stable/kilo https://github.com/openstack
Ubuntu 14.04 LTS 配置 Juno Keystone
weixin_33795743的博客
07-09 87
keystone配置概况 采用包安装方式安装keystone,重要的文件结构有如下: /etc/keystone/    - 包含keystone所有的配置信息 /var/log/keystone/   - 默认的日志输出目录 /usr/share/keystone/  - 包含初始化数据库需要的脚本sample_data.sh 这里建议将系统的日志输出、keystone的数据库、初始...
Ubuntu 18.04 源码安装 Keystone (Victoria)
Elegant Coding
05-17 291
推广博客: Ubuntu 18.04 源码安装 Keystone (Victoria)
Ubuntu14.04安装OpenStack Juno—keystone
u013322876的博客
06-07 381
经过我们前面的准备工作,我们就可以顺利的进行keystone组件的安装。Identity是OpenStack重要的组件之一,各个组件间的认证都是通过keystone。 工具/原料 完成准备工作的服务器 方法/步骤 1 我们要确保在我们的数据库中有相应的keystone数据库,如果没有就
Ubuntu 14.04安装Openstack kilo 官方手册
07-06
Ubuntu14.04官方安装手册,值得拥有。
openstack kilo安装部署(ubuntu14.04LTS)
08-03
Ubuntu 14.04 LTS(长期支持)上安装OpenStack Kilo,可以确保一个稳定的运行环境,因为Ubuntu LTS版本提供长达五年的支持。 ### OpenStack简介 OpenStack是一个开源的云计算平台,由一系列服务组成,这些服务...
Ubuntu14.04离线安装NFS方法和安装
03-31
Ubuntu 14.04上离线安装NFS涉及到几个关键步骤,包括理解NFS的基本概念、准备安装包、配置NFS服务器以及设置客户端。下面将详细介绍这个过程。 1. **NFS基本概念**:NFS由Sun Microsystems开发,是一种标准的...
openstackubuntu16.04安装最详细教程
06-07
openstackubuntu16.04安装最详细教程,配置了Openvswitch作为新的provider。
ubuntu操作系统Keystone源码安装方法
实践求真知
03-17 1384
一 首先安装keystone依赖的操作系统软件包sudo apt-get install git python-dev sqlite3 libxml2-dev libxslt1-dev libsasl2-dev libsqlite3-dev libssl-dev libldap2-dev sudo apt-get install mysql-server mysql-client python-m...
Ubuntu下部署 openstack N keystone组件
十里平湖的博客
06-30 465
一、准备环境 controller:Ubuntu16.04        192.168.60.219 ncnode:  Ubuntu16.04         192.168.60.218 关闭防火墙 :systemctl stop firewalld 关闭SELinux  :setenforce 0 如果yum源用的是国外的源(自己网络非常快的话),最好换成国内的源(163、阿里等)
基于Ubuntu14单机安装keystone和swift
热门推荐
mighty13的专栏
02-01 1万+
由于工作需要,需要基于swift开发应用,但是完整安装OpenStack又太麻烦,所以想用用单机利用虚拟机安装swift。基本按照网上的文章《Swift和Keystone单机安装总结》进行,由于我用的环境是Ubuntu14,所以会有些不同。安装流程简要如下: 1. 最好先更新下软件列表,要不然swift安装时会提示找不到文件。 sudo apt-get update 2. 然后安装响应软件包
MySQL基础操作大全(二)
R3332136304的博客
09-23 168
数据库用户的创建删除,权限分配与取消
keystone matlab,Ubuntu16手动安装OpenStack——keystone
weixin_39626613的博客
03-18 300
keystone简介OpenStack身份识别服务集成了身份验证,授权和服务目录。身份服务通常是用户与之交互的第一个服务。一旦通过身份验证,终端用户就可以使用他们的身份访问其他OpenStack服务。同样,其他OpenStack服务利用身份服务来确保用户是他们所说的人,并发现其他服务的位置。身份识别服务还可以与一些外部用户管理系统(如LDAP)集成。用户和服务可以通过使用由身份服务管理的服务目录来...
Ubuntu 14.04一步一步安装Openstack Kilo版本-13(heat)
流金岁月的专栏
06-09 1188
13.1.    创建数据库 mysql -u root -p create database heat; grant all privileges on heat.* to'heat'@'kilo' identified by 'heat_dbpass'; grant all privileges on heat.* to'heat'@'localhost' identified by
三、搭建OpenStack(M)之Keystone组件(重要)
weixin_49861340的博客
01-17 997
openstack云平台环境搭建,便于后期对云平台的开发实验和学习做基础
了解和使用keystone(二)安装keystone
愷风(Wei)的专栏
09-10 1万+
14.04和16.04下安装keystone,都能支持v3的api,区别前者版本0.7.1.后者2.3.1,主要是后者数据库中表格增加,换言之,增加了元素,提供了更丰富的关联逻辑。 如果我们要基于keystone的开源开发自己的东西,那就通过源码安装,但是我的目标是用,所以通过系统安装的方式。 安装keystone $ sudo apt-get install keystone 安装之后运
ubuntu14.04安装docker和docker-compose
最新发布
08-21
要在Ubuntu 14.04安装Docker和Docker Compose,可以按照以下步骤进行操作: 1. 更新系统和软件包: ``` sudo apt-get update sudo apt-get upgrade ``` 2. 安装Docker: ``` sudo apt-get install ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值