CentOS 7部署OpenStack（2）―安装keystone服务

1、创建数据库[root@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;"Enter password:[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"Enter password:[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"Enter password:2、安装keystone[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached3、配置keystone3.1、同步数据库[root@controller ~]# openssl rand -hex 102608ad88f344a5288056[root@controller ~]# vim /etc/keystone/keystone.conf12 admin_token = 2608ad88f344a5288056495 connection = mysql://keystone:keystone@192.168.1.11/keystone[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone3.2、配置连接memcache[root@controller ~]# vim /etc/keystone/keystone.conf1305 servers = 192.168.1.11:112111710 driver = sql1903 provider = uuid1908 driver = memcache3.3启动memcache和httpd服务[root@controller ~]# systemctl enable memcached[root@controller ~]# systemctl start memcached[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.confListen 5000Listen 35357 <VirtualHost *:5000> WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP} WSGIProcessGroupkeystone-public WSGIScriptAlias //usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.logcombined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost> <VirtualHost *:35357> WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias //usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog/var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost>[root@controller ~]# vim /etc/httpd/conf/httpd.conf95 ServerName 192.168.1.11:80[root@controller ~]# systemctl enable httpd[root@controller ~]# systemctl start httpd4、创建keystone用户4.1、设置环境变量此步要慎重，和前面设置的token要一样[root@controller ~]# export OS_TOKEN=2608ad88f344a5288056[root@controller ~]# export OS_URL=http://192.168.1.11:35357/v3[root@controller ~]# export OS_IDENTITY_API_VERSION=34.2、创建一个admin用户[root@controller ~]# openstack project create --domain default --description "Admin Project"admin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Admin Project || domain_id | default || enabled | True || id |69d1967e59d247e6b7c4c3937d5baa89 || is_domain | False || name | admin || parent_id | None |+-------------+----------------------------------+[root@controller ~]# openstack user create --domain default--password-prompt admin //此步是设置admin密码，要记住密码User Password: //编者设置为123456Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id |8c0b8dc884f742bea6f882a2b487f092 || name | admin |+-----------+----------------------------------+[root@controller ~]# openstack role create admin+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id |4d8224cda53e4b29b6963163ed64af65 || name | admin |+-------+----------------------------------+[root@controller ~]# openstack role add --project admin --user adminadmin4.3、创建一个普通用户[root@controller ~]# openstack project create --domain default--description "Demo Project" kevin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Demo Project || domain_id | default || enabled | True || id |1ee793c741f64d25be9010d59e4b5a3d || is_domain | False || name | kevin || parent_id | None |+-------------+----------------------------------+[root@controller ~]# openstack user create --domain default--password=kevin kevin+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | c5baee07132c40f9841a607af1789ed6 || name | kevin |+-----------+----------------------------------+[root@controller ~]# openstack role create user+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id |ac35ef5dc2624526af25859497616ecd || name | user |+-------+----------------------------------+[root@controller ~]# openstack role add --project kevin --user kevin user[root@controller ~]# openstack project create --domain default--description "Service Project" service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Service Project || domain_id | default || enabled | True || id |e88fa8670b704fe88c668ac4d6f9d499 || is_domain | False || name | service || parent_id | None |+-------------+----------------------------------+4.4、查看验证[root@controller ~]# openstack user list+----------------------------------+-------+| ID | Name |+----------------------------------+-------+| 8c0b8dc884f742bea6f882a2b487f092 | admin || c5baee07132c40f9841a607af1789ed6 | kevin |+----------------------------------+-------+[root@controller ~]# openstack role list+----------------------------------+-------+| ID | Name |+----------------------------------+-------+| 4d8224cda53e4b29b6963163ed64af65 | admin || ac35ef5dc2624526af25859497616ecd | user |+----------------------------------+-------+[root@controller ~]# openstack project list+----------------------------------+---------+| ID | Name |+----------------------------------+---------+| 1ee793c741f64d25be9010d59e4b5a3d | kevin || 69d1967e59d247e6b7c4c3937d5baa89 | admin || e88fa8670b704fe88c668ac4d6f9d499 | service |+----------------------------------+---------+[root@controller ~]# openstack domain list+---------+---------+---------+----------------------------------------------------------------------+| ID | Name | Enabled | Description |+---------+---------+---------+----------------------------------------------------------------------+| default | Default | True |Owns users and tenants (i.e. projects) available on Identity API v2. |+---------+---------+---------+----------------------------------------------------------------------+5、注册keystone服务5.1、注册服务下面的操作一个字也不要错[root@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Identity || enabled | True || id |121189562a324f5d9f6ef83c4755d671 || name | keystone || type | identity |+-------------+----------------------------------+[root@controller ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |6f4d026024e14082ada914b14bb0c9ff || interface | public || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url | http://192.168.1.11:5000/v2.0 |+--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |acc2890a596c406fb42f4926ad86937a || interface | internal || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url |http://192.168.1.11:5000/v2.0 |+--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id |f7f1182dd4c44cadac94345466275296 || interface | admin || region | RegionOne || region_id | RegionOne || service_id |121189562a324f5d9f6ef83c4755d671 || service_name | keystone || service_type | identity || url |http://192.168.1.11:35357/v2.0 |+--------------+----------------------------------+5.2、查看验证[root@controller ~]# openstack service list+----------------------------------+----------+----------+| ID | Name | Type |+----------------------------------+----------+----------+| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |+----------------------------------+----------+----------+[root@controller ~]# openstack endpoint list+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+| ID | Region | Service Name |Service Type | Enabled | Interface | URL |+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+| 6f4d026024e14082ada914b14bb0c9ff | RegionOne | keystone | identity | True | public |http://192.168.1.11:5000/v2.0 || acc2890a596c406fb42f4926ad86937a | RegionOne | keystone | identity | True | internal | http://192.168.1.11:5000/v2.0 || f7f1182dd4c44cadac94345466275296 | RegionOne | keystone | identity | True | admin |http://192.168.1.11:35357/v2.0 |+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+5.3、尝试连接keystone[root@controller ~]# unset OS_TOKEN[root@controller ~]# unset OS_URL[root@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\--os-project-domain-id default --os-user-domain-id default \--os-project-name admin --os-username admin --os-auth-type password \token issuePassword:+------------+----------------------------------+| Field | Value |+------------+----------------------------------+| expires |2015-12-27T09:58:41.540674Z || id |ccca55a979da427b849ecd2957901f74 || project_id | 69d1967e59d247e6b7c4c3937d5baa89 || user_id |8c0b8dc884f742bea6f882a2b487f092 |+------------+----------------------------------+5.4、配置环境变量进行该步骤的原因是为了方便执行命令，否则必须输入一大串的参数
[root@controller ~]# vim admin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http://192.168.1.11:35357/v3export OS_IDENTITY_API_VERSION=3[root@controller ~]# vim kevin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=kevinexport OS_TENANT_NAME=kevinexport OS_USERNAME=kevinexport OS_PASSWORD=kevinexport OS_AUTH_URL=http://192.168.1.11:5000/v3export OS_IDENTITY_API_VERSION=3[root@controller ~]# chmod +x admin-openrc.sh kevin-openrc.shLinux运维开发群：298324302北京linux运维求职招聘群：153677549本文出自 “黑夜路人” 博客，请务必保留此出处/article/4422508.html