安装及配置keystone
Install Keystone# Install from EPEL OpenStack,EPEL
# yum –enablerepo=epel-openstack-grizzly,epel -y install openstack-keystone openstack-utils
Configure Keyston
# set database ( set any password you like for “password” section )
# openstack-db –init –service keystone –password password
Please enter the password for the ‘root’ MySQL user:
Verified connectivity to MySQL.
Creating ‘keystone’ database.
Updating ‘keystone’ database password in /etc/keystone/keystone.conf
Initializing the keystone database, please wait…
Complete!
# vim /etc/keystone/keystone.conf
# line 4: uncomment and change
admin_token = admintoken
# line 7: uncomment
bind_host = 0.0.0.0
# line 10: uncomment
public_port = 5000
# line 13: uncomment
admin_port = 35357
# line 21: uncomment
compute_port = 8774
# line 136: uncomment
token_format = UUID #change
# keystone-manage pki_setup
Generating RSA private key, 1024 bit long modulus
…………++++++
…++++++
e is 65537 (0×10001)
Generating RSA private key, 1024 bit long modulus
……….++++++
………………………….++++++
e is 65537 (0×10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’US’
stateOrProvinceName :PRINTABLE:’Unset’
localityName :PRINTABLE:’Unset’
organizationName :PRINTABLE:’Unset’
commonName :PRINTABLE:’www.example.com’
Certificate is to be certified until Sep 29 01:50:37 2014 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
# chown -R keystone /etc/keystone/ssl/
# /etc/rc.d/init.d/openstack-keystone start
Starting keystone:
# chkconfig openstack-keystone on
Add User or Roles,Services and so on in Keystone
# load environment variables first, set value for “SERVICE_TOKE” from the value “admin_token” in keystone.conf.
# export SERVICE_TOKEN=admintoken
# export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/
# Add Tenants ( like group )
# add admin tenant
# keystone tenant-create –name admin –description “Admin Tenant” –enabled true
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| description| Admin Tenant |
| enabled | True |
| id | 3ceabc05db1d45c89503fc1e995369db|
| name | admin |
+————-+——————————————-+
# admin_id=3ceabc05db1d45c89503fc1e995369db
# echo $admin_id
3ceabc05db1d45c89503fc1e995369db
# keystone tenant-create –name service –description “Service Tenant” –enabled true
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| description| Service Tenant |
| enabled | True |
| id | 1d03b7fda50e411e8a8c299952a65948 |
| name | service |
+————-+——————————————+
# service_id=1d03b7fda50e411e8a8c299952a65948
# echo $service_id
1d03b7fda50e411e8a8c299952a65948
# confirm settings
# keystone tenant-list
+——————————————-+———+———-+
| id | name | enabled|
+——————————————–+——–+———-+
| 3ceabc05db1d45c89503fc1e995369db |admin | True |
| 1d03b7fda50e411e8a8c299952a65948 | service | True |
+——————————————+———-+———-+
# add Roles
# keystone role-create –name admin
+————+——————————————–+
| Property | Value |
+————+——————————————–+
| id | ea7aa83b4beb4553bdf17b88bbf458dd |
| name | admin |
+————+——————————————–+
# roleid_admin=ea7aa83b4beb4553bdf17b88bbf458dd
# echo $roleid_admin
ea7aa83b4beb4553bdf17b88bbf458dd
# add Member role
# keystone role-create –name Member
+————–+——————————————+
| Property | Value |
+————–+——————————————+
| id | 7c79d5640109477f8245f91be58b27f2 |
| name | Member |
+————-+——————————————-+
# confirm settings
# keystone role-list
+——————————————–+————-+
| id | name |
+——————————————–+————-+
| 7c79d5640109477f8245f91be58b27f2 |Member |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| ea7aa83b4beb4553bdf17b88bbf458dd|admin |
+——————————————–+————-+
# add usres ( add admin user (in admin tenant))
# keystone user-create –tenant_id $admin_id –name admin –pass admin –enabled true
+———-+——————————————-+
| Property| Value |
+———-+——————————————-+
|email | |
| enabled| True |
| id | b1bf7e913ccb4f23baff7905c2845831 |
| name | admin |
| tenantId | 3ceabc05db1d45c89503fc1e995369db|
+———-+——————————————-+
# user_admin=b1bf7e913ccb4f23baff7905c2845831
# echo $user_admin
b1bf7e913ccb4f23baff7905c2845831
# add admin user in admin role
# keystone user-role-add –user-id $user_admin –tenant-id $admin_id –role-id $roleid_admin
# add cinder user (in service tenant)
# keystone user-create –tenant_id $service_id –name cinder –pass servicepassword –enabled true
+———-+——————————————-+
| Property| Value |
+———-+——————————————-+
|email | |
| enabled| True |
| id | b9015f542324445080af50219e9afd68 |
| name | cinder |
| tenantId | 1d03b7fda50e411e8a8c299952a65948 |
+———-+——————————————+
# user_cinder=b9015f542324445080af50219e9afd68
# echo $user_cinder
b9015f542324445080af50219e9afd68
# add cinder user in admin role
# keystone user-role-add –user-id $user_cinder –tenant_id $service_id –role-id $roleid_admin
# add glance user ( in service tenant)
# keystone user-create –tenant-id $service_id –name glance –pass servicepassword –enabled true
+———- +—————————————–+
| Property | Value |
+———-+—————————————–+
|email | |
| enabled| True |
| id | 27f9f60c13f744f393ce4ba945269711|
| name | glance |
| tenantId | 1d03b7fda50e411e8a8c299952a65948 |
+———-+—————————————–+
# user_glance=27f9f60c13f744f393ce4ba945269711
# echo $user_glance
27f9f60c13f744f393ce4ba945269711
# add glance user in admin role
# keystone user-role-add –user-id $user_glance –tenant_id $service_id –role-id $roleid_admin
# add nova user (in service tenant)
# keystone user-create –tenant_id $service_id –name nova –pass servicepassword –enabled true
+———-+——————————————–+
| Property| Value |
+———-+——————————————–+
|email | |
| enabled | True |
| id | ae3c1a7d95be4954b2a817adcba59fa3|
| name | nova |
| tenantId| 1d03b7fda50e411e8a8c299952a65948|
+———-+——————————————-+
#add nova user in admin role
# user_nova=ae3c1a7d95be4954b2a817adcba59fa3
# echo $user_nova
ae3c1a7d95be4954b2a817adcba59fa3
# keystone user-role-add –user-id $user_nova –tenant_id $service_id –role-id $roleid_admin
# confirm settings
# keystone user-list
+———————————-+——–+———+———-+——-+
| id |name | enabled| email |
+———————————-+——–+———+———-+——-+
| b1bf7e913ccb4f23baff7905c2845831 | admin | True | |
| b9015f542324445080af50219e9afd68 | cinder | True | |
| 27f9f60c13f744f393ce4ba945269711 | glance | True | |
| ae3c1a7d95be4954b2a817adcba59fa3 |nova | True | |
+———————————-+——–+———+———–+——+
# Add entries for services
# add for keystone
# keystone service-create –name=keystone –type=identity –description=”Keystone Identity Service”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| description | Keystone Identity Service |
| id |9cda339bce7148d5a9d8b6b99e8d4bf4 |
| name | keystone |
| type | identity |
+————-+——————————————-+
# add for cinder
# keystone service-create –name=cinder –type=volume –description=”Cinder Service”
+————-+——————————————-+
| Property | Value |
+————-+——————————————+
| description| Cinder Service |
| id | 140d9ad5c0a34e7988b44c93b5ffb81a |
| name | cinder |
| type | volume |
+————-+——————————————-+
# add for glance
# keystone service-create –name=glance –type=image –description=”Glance Image Service”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| description| Glance Image Service |
| id | 77845645332c4dd5a1348b28695be80b |
| name | glance |
| type | image |
+————-+——————————————-+
# keystone service-create –name=nova –type=compute –description=”Nova Compute Service”
+————-+———————————————+
| Property | Value |
+————-+———————————————+
| description| Nova Compute Service |
| id | c7b0d67a745042e9983bb7cad9b30641 |
| name | nova |
| type | compute |
+————-+———————————————+
# keystone service-list
+———————————-+———-+———-+—————————————–+
| id | name | type | description |
+———————————-+———-+———-+—————————————–+
| 140d9ad5c0a34e7988b44c93b5ffb81a |cinder |volume | Cinder Service |
| 77845645332c4dd5a1348b28695be80b |glance |image | Glance Image Service |
| 9cda339bce7148d5a9d8b6b99e8d4bf4 | keystone | identity | Keystone Identity Service|
| c7b0d67a745042e9983bb7cad9b30641 | nova | compute| Nova Compute Service |
+———————————-+———-+———-+——————————————+
# Add Endpoints
# export my_host=127.0.0.1
# keystone_id=9cda339bce7148d5a9d8b6b99e8d4bf4
# cinder_id=140d9ad5c0a34e7988b44c93b5ffb81a
# glance_id=77845645332c4dd5a1348b28695be80b
# nova_id=c7b0d67a745042e9983bb7cad9b30641
# add endpoints for keystone
# keystone endpoint-create –region RegionOne \
> –service_id=$keystone_id \
> –publicurl=”http://$my_host:\$(public_port)s/v2.0″ \
> –internalurl=”http://$my_host:\$(public_port)s/v2.0″ \
> –adminurl=”http://$my_host:\$(admin_port)s/v2.0″
+————-+———————————————-+
| Property | Value |
+————-+———————————————-+
| adminurl|http://127.0.0.1:$(admin_port)s/v2.0 |
| id | aeceeba3a6c446beb87e447c61d7ef90 |
| internalurl | http://127.0.0.1:$(public_port)s/v2.0 |
|publicurl| http://127.0.0.1:$(public_port)s/v2.0 |
| region | RegionOne |
|service_id | 9cda339bce7148d5a9d8b6b99e8d4bf4 |
+————-+———————————————-+
# add endpoints for cinder
# keystone endpoint-create –region RegionOne \
> –service_id=$cinder_id \
> –publicurl=”http://$my_host:8776/v1/\$(tenant_id)s” \
> –internalurl=”http://$my_host:8776/v1/\$(tenant_id)s” \
> –adminurl=”http://$my_host:8776/v1/\$(tenant_id)s”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| adminurl| http://127.0.0.1:8776/v1/$(tenant_id)s |
| id | 13ddf20764f44f6586146fccfc1b57a6 |
| internalurl| http://127.0.0.1:8776/v1/$(tenant_id)s |
|publicurl | http://127.0.0.1:8776/v1/$(tenant_id)s |
| region | RegionOne |
|service_id| 140d9ad5c0a34e7988b44c93b5ffb81a |
+————-+——————————————–+
# add endpoint for glance
# keystone endpoint-create –region RegionOne \
> –service_id=$glance_id \
> –publicurl=”http://$my_host:9292/v1″ \
> –internalurl=”http://$my_host:9292/v1″ \
> –adminurl=”http://$my_host:9292/v1″
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| adminurl| http://127.0.0.1:9292/v1 |
| id | 344f7c1998414742a5a7fd14a70a81c1 |
| internalurl| http://127.0.0.1:9292/v1 |
|publicurl | http://127.0.0.1:9292/v1 |
| region | RegionOne |
|service_id| 77845645332c4dd5a1348b28695be80b|
+————-+——————————————-+
# keystone endpoint-create –region RegionOne \
> –service_id=$nova_id \
> –publicurl=”http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s” \
> –internalurl=”http://$my_host:\$(compute_port)sv1.1/\$(tenant_id)s” \
> –adminurl=”http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s”
+————-+——————————————————–+
| Property | Value |
+————-+———————————————————+
| adminurl| http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
| id | 90e7036a82694457bd913dc94269f4e3 |
| internalurl | http://127.0.0.1:$(compute_port)sv1.1/$(tenant_id)s|
|publicurl| http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
| region | RegionOne |
|service_id | c7b0d67a745042e9983bb7cad9b30641 |
+————-+——————————————————–+
页:
[1]