Ubuntu下部署 openstack N版 keystone组件

此处为N版

一、准备环境

controller:Ubuntu16.04        192.168.60.219

ncnode:  Ubuntu16.04         192.168.60.218

关闭防火墙 :systemctl stop firewalld

关闭SELinux  :setenforce 0

vi /etc/hosts

192.168.60.219   controller

 192.168.60.218  ncnode

如果yum源用的是国外的源(自己网络非常快的话),最好换成国内的源(163、阿里等),此处不做介绍。

二、启用openstack库(controller和ncnode上操作)

     # apt install software-properties-common

     # add-apt-repository cloud-archive:newton

     完成安装

 1.升级主机上的包:

  # apt update && apt dist-upgrade(如果更新了一个新内核,重启主机来使用新内核。)

2.安装openstack客户端

 # apt install python-openstackclient

三、sql数据库

1.安装软件包:

 # apt install mariadb-server python-pymysql

2.创建和编辑/etc/mysql/mariadb.conf.d/99-openstack.cnf文件,添加如下内容:

[mysqld]
bind-address = 192.168.20.219(此处为controller节点的IP)

default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

3.重启数据库

# service mysql restart
# mysql_secure_installation(为root用户创建登录数据库的密码,可不做)——

四、消息队列rabbitmq

1.安装rabbitmq
# apt install rabbitmq-server
2.加入openstack用户
# rabbitmqctl add_user openstack RABBIT_PASS

Creating user "openstack" ...
3.为openstack用户赋予权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

五、缓存服务memcache

安装memcache
# apt install memcached python-memcache
编辑文件

vi /etc/memcached.conf

-l 192.168.60.219(controller IP)

重启memcache服务
# service memcached restart

六、keystone身份认证

创建数据库,完成以下操作:

$ mysql -u root -p

mysql> CREATE DATABASE keystone;   ----创建keystone数据库


mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' \     
  IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';

(用合适的密码替换KEYSTONE_DBPASS)


安装keystone

# apt install keystone


vi /etc/keystone/keystone.conf

[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
...
provider = fernet

初始化数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化fernet秘钥数据库
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导标识服务
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \    ----admin_pass自定义
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:35357/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

vi /etc/apache2/apache2.conf

ServerName controller
# service apache2 restart
# rm -f /var/lib/keystone/keystone.db

配置管理账户
$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS(密码自定义)
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

创建项目service

$ openstack project create --domain default \
  --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+

创建demo项目
$ openstack project create --domain default \
  --description "Demo Project" demo

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+

创建demo用户

$ openstack user create --domain default \
  --password-prompt demo

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aeda23aa78f44e859900e22c24817832 |
| name                | demo                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+

创建用户角色

$ openstack role create user

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 997ce8d05fc143ac97d83fdfb5998552 |
| name      | user                             |
+-----------+----------------------------------+

向演示项目和用户添加用户角色

$ openstack role add --project demo --user demo user

编辑 /etc/keystone/keystone-paste.ini 并且删除 admin_token_auth 从 [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三部分.

$ unset OS_AUTH_URL OS_PASSWORD

作为管理员账户,请求身份认证令牌
$ openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

作为demo用户,请求身份认证令牌
$ openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name demo --os-username demo token issue

Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:15:39.014479Z                                     |
| id         | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U       |
| project_id | ed0b60bf607743088218b0a533d5943f                                |
| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |
+------------+-----------------------------------------------------------------+

vi admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


vi demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


$ . admin-openrc
$ openstack token issue

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:44:35.659723Z                                     |
| id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

  • 2
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值