|
1、创建数据库 [iyunv@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;" Enter password: [iyunv@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';" Enter password: [iyunv@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';" Enter password: 2、安装keystone [iyunv@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached 3、配置keystone 3.1、同步数据库 [iyunv@controller ~]# openssl rand -hex 10 2608ad88f344a5288056 [iyunv@controller ~]# vim /etc/keystone/keystone.conf 12 admin_token = 2608ad88f344a5288056 495 connection = mysql://keystone:keystone@192.168.1.11/keystone [iyunv@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone 3.2、配置连接memcache [iyunv@controller ~]# vim /etc/keystone/keystone.conf 1305 servers = 192.168.1.11:11211 1710 driver = sql 1903 provider = uuid 1908 driver = memcache 3.3启动memcache和httpd服务 [iyunv@controller ~]# systemctl enable memcached [iyunv@controller ~]# systemctl start memcached [iyunv@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP} WSGIProcessGroupkeystone-public WSGIScriptAlias //usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.logcombined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias //usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t%M" </IfVersion> ErrorLog/var/log/httpd/keystone-error.log CustomLog/var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> [iyunv@controller ~]# vim /etc/httpd/conf/httpd.conf 95 ServerName 192.168.1.11:80 [iyunv@controller ~]# systemctl enable httpd [iyunv@controller ~]# systemctl start httpd 4、创建keystone用户 4.1、设置环境变量 此步要慎重,和前面设置的token要一样 [iyunv@controller ~]# export OS_TOKEN=2608ad88f344a5288056 [iyunv@controller ~]# export OS_URL=http://192.168.1.11:35357/v3 [iyunv@controller ~]# export OS_IDENTITY_API_VERSION=3 4.2、创建一个admin用户 [iyunv@controller ~]# openstack project create --domain default --description "Admin Project"admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id |69d1967e59d247e6b7c4c3937d5baa89 | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+ [iyunv@controller ~]# openstack user create --domain default--password-prompt admin //此步是设置admin密码,要记住密码 User Password: //编者设置为123456 Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id |8c0b8dc884f742bea6f882a2b487f092 | | name | admin | +-----------+----------------------------------+ [iyunv@controller ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id |4d8224cda53e4b29b6963163ed64af65 | | name | admin | +-------+----------------------------------+ [iyunv@controller ~]# openstack role add --project admin --user adminadmin 4.3、创建一个普通用户 [iyunv@controller ~]# openstack project create --domain default--description "Demo Project" kevin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id |1ee793c741f64d25be9010d59e4b5a3d | | is_domain | False | | name | kevin | | parent_id | None | +-------------+----------------------------------+ [iyunv@controller ~]# openstack user create --domain default--password=kevin kevin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | c5baee07132c40f9841a607af1789ed6 | | name | kevin | +-----------+----------------------------------+ [iyunv@controller ~]# openstack role create user +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id |ac35ef5dc2624526af25859497616ecd | | name | user | +-------+----------------------------------+ [iyunv@controller ~]# openstack role add --project kevin --user kevin user [iyunv@controller ~]# openstack project create --domain default--description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id |e88fa8670b704fe88c668ac4d6f9d499 | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+ 4.4、查看验证 [iyunv@controller ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 8c0b8dc884f742bea6f882a2b487f092 | admin | | c5baee07132c40f9841a607af1789ed6 | kevin | +----------------------------------+-------+ [iyunv@controller ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 4d8224cda53e4b29b6963163ed64af65 | admin | | ac35ef5dc2624526af25859497616ecd | user | +----------------------------------+-------+ [iyunv@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 1ee793c741f64d25be9010d59e4b5a3d | kevin | | 69d1967e59d247e6b7c4c3937d5baa89 | admin | | e88fa8670b704fe88c668ac4d6f9d499 | service | +----------------------------------+---------+ [iyunv@controller ~]# openstack domain list +---------+---------+---------+----------------------------------------------------------------------+ | ID | Name | Enabled | Description | +---------+---------+---------+----------------------------------------------------------------------+ | default | Default | True |Owns users and tenants (i.e. projects) available on Identity API v2. | +---------+---------+---------+----------------------------------------------------------------------+ 5、注册keystone服务 5.1、注册服务 下面的操作一个字也不要错 [iyunv@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id |121189562a324f5d9f6ef83c4755d671 | | name | keystone | | type | identity | +-------------+----------------------------------+ [iyunv@controller ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id |6f4d026024e14082ada914b14bb0c9ff | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id |121189562a324f5d9f6ef83c4755d671 | | service_name | keystone | | service_type | identity | | url | http://192.168.1.11:5000/v2.0 | +--------------+----------------------------------+ [iyunv@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id |acc2890a596c406fb42f4926ad86937a | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id |121189562a324f5d9f6ef83c4755d671 | | service_name | keystone | | service_type | identity | | url |http://192.168.1.11:5000/v2.0 | +--------------+----------------------------------+ [iyunv@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id |f7f1182dd4c44cadac94345466275296 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id |121189562a324f5d9f6ef83c4755d671 | | service_name | keystone | | service_type | identity | | url |http://192.168.1.11:35357/v2.0 | +--------------+----------------------------------+ 5.2、查看验证 [iyunv@controller ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 121189562a324f5d9f6ef83c4755d671 | keystone | identity | +----------------------------------+----------+----------+ [iyunv@controller ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | ID | Region | Service Name |Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ | 6f4d026024e14082ada914b14bb0c9ff | RegionOne | keystone | identity | True | public |http://192.168.1.11:5000/v2.0 | | acc2890a596c406fb42f4926ad86937a | RegionOne | keystone | identity | True | internal | http://192.168.1.11:5000/v2.0 | | f7f1182dd4c44cadac94345466275296 | RegionOne | keystone | identity | True | admin |http://192.168.1.11:35357/v2.0 | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+ 5.3、尝试连接keystone [iyunv@controller ~]# unset OS_TOKEN [iyunv@controller ~]# unset OS_URL [iyunv@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\ --os-project-domain-id default --os-user-domain-id default \ --os-project-name admin --os-username admin --os-auth-type password \ token issue Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires |2015-12-27T09:58:41.540674Z | | id |ccca55a979da427b849ecd2957901f74 | | project_id | 69d1967e59d247e6b7c4c3937d5baa89 | | user_id |8c0b8dc884f742bea6f882a2b487f092 | +------------+----------------------------------+ 5.4、配置环境变量 进行该步骤的原因是为了方便执行命令,否则必须输入一大串的参数
[iyunv@controller ~]# vim admin-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://192.168.1.11:35357/v3 export OS_IDENTITY_API_VERSION=3 [iyunv@controller ~]# vim kevin-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=kevin export OS_TENANT_NAME=kevin export OS_USERNAME=kevin export OS_PASSWORD=kevin export OS_AUTH_URL=http://192.168.1.11:5000/v3 export OS_IDENTITY_API_VERSION=3 [iyunv@controller ~]# chmod +x admin-openrc.sh kevin-openrc.sh
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2015-12-28 11:18:56
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡