部署版本:pike
部署环境:CentOS7.6
配置文件中所有controller可修改为控制节点ip地址
配置过程中使用 echo $?
验证命令执行情况
Identity service
身份识别服务Keystone Installation
OpenStack标识服务为管理身份验证、授权和服务目录提供了单点集成。
身份服务通常是用户与之交互的第一个服务。一旦通过身份验证,最终用户就可以使用自己的身份访问其他OpenStack服务。同样,其他OpenStack服务也利用身份服务来确保用户是他们所说的人,并发现其他服务在部署中的位置。
一、安装和配置
先决条件:
1.以root身份连接数据库
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.
2.创建 keystone 数据库
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.01 sec)
3.授予对keystone数据库的正确访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.00 sec)
安装和配置组件:
1.安装openstack-keystone httpd mod_wsgi软件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi
2.编辑/etc/keystone/keystone.conf 文件下
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:qwer1234@controller/keystone
配置Fernet令牌提供程序
[token]
# ...
provider = fernet
3.填充标识服务数据库
[root@controller yum.repos.d]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller yum.repos.d]# echo $?
1
此时执行失败,查看日志
[root@controller yum.repos.d]# tail -f /var/log/keystone/keystone.log
2022-02-20 19:38:59.605 87638 ERROR keystone sql_connection=sql_connection, **engine_kwargs)
2022-02-20 19:38:59.605 87638 ERROR keystone File "/usr/lib/python2.7/site-packages/debtcollector/renames.py", line 43, in decorator
2022-02-20 19:38:59.605 87638 ERROR keystone return wrapped(*args, **kwargs)
2022-02-20 19:38:59.605 87638 ERROR keystone File "/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/engines.py", line 184, in create_engine
2022-02-20 19:38:59.605 87638 ERROR keystone test_conn = _test_connection(engine, max_retries, retry_interval)
2022-02-20 19:38:59.605 87638 ERROR keystone File "/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/engines.py", line 370, in _test_connection
2022-02-20 19:38:59.605 87638 ERROR keystone six.reraise(type(de_ref), de_ref)
2022-02-20 19:38:59.605 87638 ERROR keystone File "<string>", line 2, in reraise
2022-02-20 19:38:59.605 87638 ERROR keystone DBConnectionError: (pymysql.err.OperationalError) (2003, "Can't connect to MySQL server on 'controller' ([Errno 111] Connection refused)") (Background on this error at: http://sqlalche.me/e/e3q8)
2022-02-20 19:38:59.605 87638 ERROR keystone
通过日志查找问题,发现文件keystone.conf参数书写错误,修改后重新执行,成功(在书写配置文件的时候需要注意缩进与配置内容)
[root@controller yum.repos.d]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller yum.repos.d]# echo $?
0
4.初始化Fernet密钥存储库
[root@controller yum.repos.d]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller yum.repos.d]# echo $?
0
[root@controller yum.repos.d]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller yum.repos.d]# echo $?
0
5.引导标识服务