OpenStack Keystone服务安装脚本

Controller

#!/bin/bash

install_keystone(){
#报错即刻退出
set -o errexit
set -x
#echo "--------------将dash修改为bash"
#ls -l `which sh`
#dpkg-reconfigure dash
#ls -l `which sh`
#sleep 5s

echo "--------------安装和配置-------------"
readonly passwd=openstack

echo "--------------创建keystone数据库"
source ./sql_scripts/keystone.sql

echo "--------------安装keystone apache2"
(echo 'y')|apt install keystone  apache2 libapache2-mod-wsgi

echo "--------------修改keystone配置"

sed -i "725s#^connection = .*#connection = mysql+pymysql://keystone:openstack@controller/keystone#g" /etc/keystone/keystone.conf
head -n 725 /etc/keystone/keystone.conf | tail -n 1
sed -i -e "2823s/^#provider\s.*/provider = fernet/" /etc/keystone/keystone.conf
head -n 2823 /etc/keystone/keystone.conf | tail -n 1

echo "-------------修改mariadb配置"
sed -i "29s/^bind-address\s.*/#&/" /etc/mysql/mariadb.conf.d/50-server.cnf
head -n 29 /etc/mysql/mariadb.conf.d/50-server.cnf | tail -n 1
/etc/init.d/mysql restart

echo "--------------修改apache配置"
sed -i '/^ServerName\s.*/d' /etc/apache2/apache2.conf
sed -i '70i ServerName controller' /etc/apache2/apache2.conf
/etc/init.d/apache2 restart

echo "--------------生成keystone数据库的数据"
su -s /bin/sh -c "keystone-manage db_sync" keystone

echo "--------------初始化Fernet密钥存储库"
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

echo "--------------引导身份服务，管理密码为openstack"
keystone-manage bootstrap --bootstrap-password openstack \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

echo "--------------创建OpenStack客户端环境脚本--------"
echo "export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$passwd
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > admin-openrc
#删除行首空格
sed -i 's/^[\t]*//g' admin-openrc

echo "export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=$passwd
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > demo-openrc
#删除行首空格
sed -i 's/^[\t]*//g' demo-openrc


echo "--------------使用环境脚本"
source ./admin-openrc
openstack token issue

echo "-----------创建域、项目、用户和角色--------"
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password $passwd myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole

echo "-----------验证操作及常用命令--------"
unset OS_AUTH_URL OS_PASSWORD

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin --os-password $passwd token issue

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser --os-password $passwd token issue
}

install_keystone

./sql_scripts/keystone.sql

mysql << EOF
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '$passwd';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '$passwd';
EOF

参考

https://docs.openstack.org/keystone/rocky/install/index-ubuntu.html