Openstack Newton Install Guide

zhanghong

Install and Configure

mysql 数据配置



$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
Keystone安装和配置
　　1、Install keystone

# apt install keystone
2、Edit the /etc/keystone/keystone.conf file and complete the following actions:
　　In the [database] section, configure database access:



[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@mysqlserver-ip/keystone
　　In the [token] section, configure the Fernet token provider:



[token]
...
provider = fernet
　　3、初始化身份认证服务的数据库：



# su -s /bin/sh -c "keystone-manage db_sync" keystone
　　4、Initialize Fernet key repositories:



# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
　　5、Bootstrap the Identity service:



# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:35357/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
Configure the Apache HTTP server
　　Edit the /etc/apache2/apache2.conf file and configure the ServerName option to reference the controller node:

ServerName controller
　　Restart the Apache service and remove the default SQLite database:

# service apache2 restart
# rm -f /var/lib/keystone/keystone.db
　　Configure the administrative account



$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://192.168.20.180:35357/v3
$ export OS_IDENTITY_API_VERSION=3
Create a domain, projects, users, and roles
　　Create the service project:



$ openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+
　　Create the demo project:



$ openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+




Note: Do not repeat this step when creating additional users for this project.



Create the demo user:




$ openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aeda23aa78f44e859900e22c24817832 |
| name                | demo                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+
　　Create the user role:



$ openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 997ce8d05fc143ac97d83fdfb5998552 |
| name      | user                             |
+-----------+----------------------------------+
　　Add the user role to the demo project and user:



$ openstack role add --project demo --user demo user
Note:This command provides no output.




Note:
You can repeat this procedure to create additional projects and users.

Verify operation


Note:Perform these commands on the controller node.



1、For security reasons, disable the temporary authentication token mechanism:　　Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.



2、Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable:
　　$ unset OS_AUTH_URL OS_PASSWORD
3、As the admin user, request an authentication token:



$ openstack --os-auth-url http://192.168.20.180:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+




Note：This command uses the password for the admin user.



4、As the demo user, request an authentication token:




$ openstack --os-auth-url http://192。168.20.180:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:15:39.014479Z                                     |
| id         | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U       |
| project_id | ed0b60bf607743088218b0a533d5943f                                |
| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |
+------------+-----------------------------------------------------------------+

Create OpenStack client environment scripts
　　Create client environment scripts for the admin and demo projects and users. Future portions of this guide reference these scripts to load appropriate credentials for client operations.
1、Edit the admin-openrc.sh file and add the following content:



export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://192.168.20.180:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
　　2、Edit the demo-openrc file and add the following content:



export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Using the script
　　1、Load the admin-openrc file to populate environment variables with the location of the Identity service and the admin project and user credentials:



$ source admin-openrc.sh
　　2、Request an authentication token:



$ openstack token issue
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:44:35.659723Z                                     |
| id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+
　　3、服务验证



root@server01:~# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 5bda189156494f4ca4a9c0a2e4fbe8f8 | demo  |
| e0fca99beba84e6bb9fe1e81647fe9df | admin |
+----------------------------------+-------+
root@server01:~# vim /etc/keystone/keystone.conf
root@server01:~# openstack catalog list
+----------+----------+---------------------------------------------+
| Name     | Type     | Endpoints                                   |
+----------+----------+---------------------------------------------+
| keystone | identity | RegionOne                                   |
|          |          |   public: http://192.168.20.180:5000/v3/    |
|          |          | RegionOne                                   |
|          |          |   admin: http://192.168.20.180:35357/v3/    |
|          |          | RegionOne                                   |
|          |          |   internal: http://192.168.20.180:35357/v3/ |
|          |          |                                             |
+----------+----------+---------------------------------------------+
root@server01:~#

至此...Keystone Service全部安装完成