下载新版本并备份相关文件及数据
前面已经比较过Keystone在E版和F版中的一些差异,现在该是升级的时候了。原Keystone的Essex版本是在CentOS6.2下通过源代码安装的,后面在epel的rpm安装包找了个init脚本,使得Keystone能通过service管理并在开机时自动运行,因此这里仍然通过源代码进行升级。以防万一,首先要备份相关旧版的文件、数据,要备份的文件主要包括/usr/bin下的三个文件,/etc/keystone下的所有配置文件以及数据库keystone,命令如下所示:
- [root@stackcc update_keystone]# wget https://launchpad.net/keystone/folsom/2012.2/+download/keystone-2012.2.tar.gz
- [root@stackcc update_keystone]# mkdir -p backup/bin
- [root@stackcc update_keystone]# cp /usr/bin/keystone* backup/bin/
- [root@stackcc update_keystone]# mkdir backup/etc
- [root@stackcc update_keystone]# cp /etc/keystone/* backup/etc/
- [root@stackcc update_keystone]# mysqldump -ukeystone -p keystone > backup/keystone.sql
停止Keystone服务并安装F版Keystone
- [root@stackcc update_keystone]# service keystone stop
- [root@stackcc update_keystone]# tar -zxf keystone-2012.2.tar.gz
- [root@stackcc update_keystone]# cd keystone-2012.2
- [root@stackcc keystone-2012.2]# python setup.py install > keystone.info
配置F版Keystone
主要修改了admin_token、log选项、sql选项、token和ec2选项,如下所示:
- [root@stackcc keystone-2012.2]# rm -fr /etc/keystone/*
- [root@stackcc keystone-2012.2]# cp etc/* /etc/keystone/
- [root@stackcc keystone-2012.2]# ll /etc/keystone/
- total 20
- -rw-r--r-- 1 root root 1539 Nov 4 19:42 default_catalog.templates
- -rw-r--r-- 1 root root 5753 Nov 4 19:42 keystone.conf.sample
- -rw-r--r-- 1 root root 758 Nov 4 19:42 logging.conf.sample
- -rw-r--r-- 1 root root 59 Nov 4 19:42 policy.json
- [root@stackcc keystone-2012.2]# mv /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf
- [root@stackcc keystone-2012.2]# mv /etc/keystone/logging.conf.sample /etc/keystone/logging.conf
- [root@stackcc keystone-2012.2]# cat /etc/keystone/keystone.conf
- [DEFAULT]
- # A "shared secret" between keystone and other openstack services
- admin_token = 7d97448231c0a2bac8a3
- # The IP address of the network interface to listen on
- # bind_host = 0.0.0.0
- # The port number which the public service listens on
- # public_port = 5000
- # The port number which the public admin listens on
- # admin_port = 35357
- # The port number which the OpenStack Compute service listens on
- # compute_port = 8774
- # === Logging Options ===
- # Print debugging output
- # verbose = False
- # Print more verbose output
- # (includes plaintext request logging, potentially including passwords)
- # debug = False
- # Name of log file to output to. If not set, logging will go to stdout.
- log_file = keystone.log
- # The directory to keep log files in (will be prepended to --logfile)
- log_dir = /var/log/keystone
- # Use syslog for logging.
- # use_syslog = False
- # syslog facility to receive log lines
- # syslog_log_facility = LOG_USER
- # If this option is specified, the logging configuration file specified is
- # used and overrides any other logging options specified. Please see the
- # Python logging module documentation for details on logging configuration
- # files.
- # log_config = logging.conf
- # A logging.Formatter log message format string which may use any of the
- # available logging.LogRecord attributes.
- # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
- # Format string for %(asctime)s in log records.
- # log_date_format = %Y-%m-%d %H:%M:%S
- # onready allows you to send a notification when the process is ready to serve
- # For example, to have it notify using systemd, one could set shell command:
- # onready = systemd-notify --ready
- # or a module with notify() method:
- # onready = keystone.common.systemd
- [sql]
- # The SQLAlchemy connection string used to connect to the database
- connection = mysql://keystone:keystone@localhost/keystone
- # the timeout before idle sql connections are reaped
- # idle_timeout = 200
- [identity]
- # driver = keystone.identity.backends.sql.Identity
- [catalog]
- # dynamic, sql-based backend (supports API/CLI-based management commands)
- # driver = keystone.catalog.backends.sql.Catalog
- # static, file-based backend (does *NOT* support any management commands)
- # driver = keystone.catalog.backends.templated.TemplatedCatalog
- # template_file = default_catalog.templates
- [token]
- driver = keystone.token.backends.sql.Token
- # Amount of time a token should remain valid (in seconds)
- # expiration = 86400
- [policy]
- # driver = keystone.policy.backends.rules.Policy
- [ec2]
- driver = keystone.contrib.ec2.backends.sql.Ec2
- [ssl]
- #enable = True
- #certfile = /etc/keystone/ssl/certs/keystone.pem
- #keyfile = /etc/keystone/ssl/private/keystonekey.pem
- #ca_certs = /etc/keystone/ssl/certs/ca.pem
- #cert_required = True
- [signing]
- #token_format = UUID
- #certfile = /etc/keystone/ssl/certs/signing_cert.pem
- #keyfile = /etc/keystone/ssl/private/signing_key.pem
- #ca_certs = /etc/keystone/ssl/certs/ca.pem
- #key_size = 1024
- #valid_days = 3650
- #ca_password = None
- #token_format = PKI
- [ldap]
- # url = ldap://localhost
- # user = dc=Manager,dc=example,dc=com
- # password = None
- # suffix = cn=example,cn=com
- # use_dumb_member = False
- # user_tree_dn = ou=Users,dc=example,dc=com
- # user_objectclass = inetOrgPerson
- # user_id_attribute = cn
- # user_name_attribute = sn
- # tenant_tree_dn = ou=Groups,dc=example,dc=com
- # tenant_objectclass = groupOfNames
- # tenant_id_attribute = cn
- # tenant_member_attribute = member
- # tenant_name_attribute = ou
- # role_tree_dn = ou=Roles,dc=example,dc=com
- # role_objectclass = organizationalRole
- # role_id_attribute = cn
- # role_member_attribute = roleOccupant
- [filter:debug]
- paste.filter_factory = keystone.common.wsgi:Debug.factory
- [filter:token_auth]
- paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
- [filter:admin_token_auth]
- paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
- [filter:xml_body]
- paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
- [filter:json_body]
- paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
- [filter:user_crud_extension]
- paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
- [filter:crud_extension]
- paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
- [filter:ec2_extension]
- paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
- [filter:s3_extension]
- paste.filter_factory = keystone.contrib.s3:S3Extension.factory
- [filter:url_normalize]
- paste.filter_factory = keystone.middleware:NormalizingFilter.factory
- [filter:stats_monitoring]
- paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
- [filter:stats_reporting]
- paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
- [app:public_service]
- paste.app_factory = keystone.service:public_app_factory
- [app:admin_service]
- paste.app_factory = keystone.service:admin_app_factory
- [pipeline:public_api]
- pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
- [pipeline:admin_api]
- pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
- [app:public_version_service]
- paste.app_factory = keystone.service:public_version_app_factory
- [app:admin_version_service]
- paste.app_factory = keystone.service:admin_version_app_factory
- [pipeline:public_version_api]
- pipeline = stats_monitoring url_normalize xml_body public_version_service
- [pipeline:admin_version_api]
- pipeline = stats_monitoring url_normalize xml_body admin_version_service
- [composite:main]
- use = egg:Paste#urlmap
- /v2.0 = public_api
- / = public_version_api
- [composite:admin]
- use = egg:Paste#urlmap
- /v2.0 = admin_api
- / = admin_version_api
同步数据库并启动Keystone
- [root@stackcc keystone-2012.2]# keystone-manage db_sync
- [root@stackcc keystone-2012.2]# chmod 640 /etc/keystone/*
- [root@stackcc keystone-2012.2]# chown -R keystone:keystone /etc/keystone
- [root@stackcc keystone-2012.2]# service keystone start
验证
- [root@stackcc keystone-2012.2]# source ~/.openstackrc
- [root@stackcc keystone-2012.2]# keystone user-list
- +----------------------------------+---------+--------------------+--------+
- | id | enabled | email | name |
- +----------------------------------+---------+--------------------+--------+
- | 397dd3be88b6492caa88521502b07617 | True | sigsit@example.com | sigsit |
- | 4014d8d779c7463e8e7c3253360ff448 | True | admin@example.com | admin |
- | 63e2819834924b39be950d14fcb25120 | True | nova@example.com | nova |
- | 88e6450633c944eca7a1c5bc74b994ce | True | ugyn@qq.com | ugyn |
- | a94110d755f9415b9adb685b43beb093 | True | glance@example.com | glance |
- | bdfaf996fbdf4e42b3d7898b365a72cb | True | swift@example.com | swift |
- +----------------------------------+---------+--------------------+--------+
- [root@stackcc keystone-2012.2]# keystone tenant-list
- +----------------------------------+---------+---------+
- | id | name | enabled |
- +----------------------------------+---------+---------+
- | 64498ea937dd411385e13b40dbf43061 | admin | True |
- | b61cec3f3a47403e9cfeb49c12af29ab | service | True |
- | c6159a4f3dd34a2b83527499a40dbd2b | sigsit | True |
- +----------------------------------+---------+---------+
- [root@stackcc keystone-2012.2]# keystone service-list
- +----------------------------------+-------------+--------------+---------------------------+
- | id | name | type | description |
- +----------------------------------+-------------+--------------+---------------------------+
- | 00217d2721e94cee9f4c27c8c2f89f52 | swift | object-store | Swift Service |
- | 0b0ec80909084f6f9ca8e6c880bd9e6a | nova-volume | volume | Nova Volume Service |
- | 109991c86f00437aa8d6cb068acc142e | nova | compute | Nova Compute Service |
- | 5ed302eedbfe4635b5af14f81200c826 | ec2 | ec2 | EC2 Compatibility Layer |
- | 621f008efd9146db8b395eefc078de3f | glance | image | Glance Image Service |
- | 8cda7f68aee6458ca80dd6b13f7cb205 | horizon | dashboard | OpenStack Dashboard |
- | e0ac1fb0b21d4ec5ae8299c8ba3b3fed | keystone | identity | Keystone Identity Service |
- +----------------------------------+-------------+--------------+---------------------------+
- [root@stackcc keystone-2012.2]# keystone endpoint-list
- +----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
- | id | region | publicurl | internalurl | adminurl |
- +----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
- | 7794675fe0d34564a3e36f3a9abf0dde | RegionOne | http://10.61.2.12:8773/services/Cloud | http://10.61.2.12:8773/services/Cloud | http://10.61.2.12:8773/services/Admin |
- | 7e4496ad141343daa1de46fc84bedfa2 | RegionOne | http://10.61.2.12:$(public_port)s/v2.0 | http://10.61.2.12:$(admin_port)s/v2.0 | http://10.61.2.12:$(admin_port)s/v2.0 |
- | 945017f40c8d47c8bd3e9adc85d90d79 | RegionOne | http://10.61.2.12:8888/v2/AUTH_$(tenant_id)s | http://10.61.2.12:8888/v2/AUTH_$(tenant_id)s | http://10.61.2.12:8888/ |
- | 9584cc8ab68e40da86d624f62cf29331 | RegionOne | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s | http://10.61.2.12:$(compute_port)s/v1.1/$(tenant_id)s |
- | bfb6a52efd3e4bd68dcfd1df51367740 | RegionOne | http://10.61.2.12:8776/v1/$(tenant_id)s | http://10.61.2.12:8776/v1/$(tenant_id)s | http://10.61.2.12:8776/v1/$(tenant_id)s |
- | ef02c9245d3144219b1548bc633061c3 | RegionOne | http://10.61.2.12:9292/v1 | http://10.61.2.12:9292/v1 | http://10.61.2.12:9292/v1 |
- +----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+
最后测试从Horizon登录,创建实例再删除,从Object Store下载一个小文件,上传文件,删除文件均正常。因此Keystone的升级算圆满完成了。接下来考虑Glance的升级。。。