[9] Install Keystone # Install from EPEL OpenStack,EPEL [root@cloud01 ~]# yum –enablerepo=epel-openstack-grizzly,epel -y install openstack-keystone openstack-utils [10] Configure Keyston # set database ( set any password you like for “password” section ) [root@cloud01 ~]# openstack-db –init –service keystone –password password Please enter the password for the ‘root’ MySQL user: Verified connectivity to MySQL. Creating ‘keystone’ database. Updating ‘keystone’ database password in /etc/keystone/keystone.conf Initializing the keystone database, please wait… Complete! [root@cloud01 ~]# vim /etc/keystone/keystone.conf # line 4: uncomment and change admin_token = admintoken # line 7: uncomment bind_host = 0.0.0.0 # line 10: uncomment public_port = 5000 # line 13: uncomment admin_port = 35357 # line 21: uncomment compute_port = 8774 # line 136: uncomment token_format = UUID #change [root@cloud01 ~]# keystone-manage pki_setup Generating RSA private key, 1024 bit long modulus …………++++++ …++++++ e is 65537 (0×10001) Generating RSA private key, 1024 bit long modulus ……….++++++ ………………………….++++++ e is 65537 (0×10001) Using configuration from /etc/keystone/ssl/certs/openssl.conf Check that the request matches the signature Signature ok The Subject’s Distinguished Name is as follows countryName :PRINTABLE:’US’ stateOrProvinceName :PRINTABLE:’Unset’ localityName :PRINTABLE:’Unset’ organizationName :PRINTABLE:’Unset’ commonName :PRINTABLE:’www.example.com’ Certificate is to be certified until Sep 29 01:50:37 2014 GMT (365 days) Write out database with 1 new entries Data Base Updated [root@cloud01 ~]# chown -R keystone /etc/keystone/ssl/ [root@cloud01 ~]# /etc/rc.d/init.d/openstack-keystone start [root@cloud01 ~]# chkconfig openstack-keystone on [11] Add User or Roles,Services and so on in Keystone # load environment variables first, set value for “SERVICE_TOKE” from the value “admin_token” in keystone.conf. [root@cloud01 ~]# export SERVICE_TOKEN=admintoken [root@cloud01 ~]# export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/ # Add Tenants ( like group ) # add admin tenant [root@cloud01 ~]# keystone tenant-create –name admin –description “Admin Tenant” –enabled true +————-+——————————————-+ | Property | Value | +————-+——————————————-+ | description | Admin Tenant | | enabled | True | | id | 3ceabc05db1d45c89503fc1e995369db | | name | admin | +————-+——————————————-+ [root@cloud01 ~]# admin_id=3ceabc05db1d45c89503fc1e995369db [root@cloud01 ~]# echo $admin_id [root@cloud01 ~]# keystone tenant-create –name service –description “Service Tenant” –enabled true [root@cloud01 ~]# service_id=1d03b7fda50e411e8a8c299952a65948 [root@cloud01 ~]# echo $service_id 1d03b7fda50e411e8a8c299952a65948 [root@cloud01 ~]# keystone tenant-list +——————————————-+———+———-+ | id | name | enabled | +——————————————–+——–+———-+ | 3ceabc05db1d45c89503fc1e995369db | admin | True | | 1d03b7fda50e411e8a8c299952a65948 | service | True | +——————————————+———-+———-+ # add Roles [root@cloud01 ~]# keystone role-create –name admin +————+——————————————–+ | Property | Value | +————+——————————————–+ | id | ea7aa83b4beb4553bdf17b88bbf458dd | | name | admin | +————+——————————————–+ [root@cloud01 ~]# roleid_admin=ea7aa83b4beb4553bdf17b88bbf458dd [root@cloud01 ~]# echo $roleid_admin # add Member role [root@cloud01 ~]# keystone role-create –name Member +————–+——————————————+ | Property | Value | +————–+——————————————+ | id | 7c79d5640109477f8245f91be58b27f2 | | name | Member | +————-+——————————————-+ # confirm settings [root@cloud01 ~]# keystone role-list +——————————————–+————-+ | id | name | +——————————————–+————-+ | 7c79d5640109477f8245f91be58b27f2 | Member | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | ea7aa83b4beb4553bdf17b88bbf458dd | admin | +——————————————–+————-+ # add usres ( add admin user (in admin tenant)) [root@cloud01 ~]# keystone user-create –tenant_id $admin_id –name admin –pass admin –enabled true +———-+——————————————-+ | Property | Value | +———-+——————————————-+ | email | | | enabled | True | | id | b1bf7e913ccb4f23baff7905c2845831 | | name | admin | | tenantId | 3ceabc05db1d45c89503fc1e995369db | +———-+——————————————-+ [root@cloud01 ~]# user_admin=b1bf7e913ccb4f23baff7905c2845831 [root@cloud01 ~]# echo $user_admin # add admin user in admin role [root@cloud01 ~]# keystone user-role-add –user-id $user_admin –tenant-id $admin_id –role-id $roleid_admin # add cinder user (in service tenant) [root@cloud01 ~]# keystone user-create –tenant_id $service_id –name cinder –pass servicepassword –enabled true +———-+——————————————-+ | Property | Value | +———-+——————————————-+ | email | | | enabled | True | | id | b9015f542324445080af50219e9afd68 | | name | cinder | | tenantId | 1d03b7fda50e411e8a8c299952a65948 | +———-+——————————————+ [root@cloud01 ~]# user_cinder=b9015f542324445080af50219e9afd68 [root@cloud01 ~]# echo $user_cinder b9015f542324445080af50219e9afd68 # add cinder user in admin role [root@cloud01 ~]# keystone user-role-add –user-id $user_cinder –tenant_id $service_id –role-id $roleid_admin # add glance user ( in service tenant) [root@cloud01 ~]# keystone user-create –tenant-id $service_id –name glance –pass servicepassword –enabled true +———- +—————————————–+ | Property | Value | +———-+—————————————–+ | email | | | enabled | True | | id | 27f9f60c13f744f393ce4ba945269711 | | name | glance | | tenantId | 1d03b7fda50e411e8a8c299952a65948 | +———-+—————————————–+ [root@cloud01 ~]# user_glance=27f9f60c13f744f393ce4ba945269711 [root@cloud01 ~]# echo $user_glance # add glance user in admin role [root@cloud01 ~]# keystone user-role-add –user-id $user_glance –tenant_id $service_id –role-id $roleid_admin # add nova user (in service tenant) [root@cloud01 ~]# keystone user-create –tenant_id $service_id –name nova –pass servicepassword –enabled true +———-+——————————————–+ | Property | Value | +———-+——————————————–+ | email | | | enabled | True | | id | ae3c1a7d95be4954b2a817adcba59fa3 | | name | nova | | tenantId | 1d03b7fda50e411e8a8c299952a65948 | +———-+——————————————-+ # add nova user in admin role [root@cloud01 ~]# user_nova=ae3c1a7d95be4954b2a817adcba59fa3 [root@cloud01 ~]# echo $user_nova ae3c1a7d95be4954b2a817adcba59fa3 [root@cloud01 ~]# keystone user-role-add –user-id $user_nova –tenant_id $service_id –role-id $roleid_admin # confirm settings [root@cloud01 ~]# keystone user-list +———————————-+——–+———+———-+——-+ | id | name | enabled | email | +———————————-+——–+———+———-+——-+ | b1bf7e913ccb4f23baff7905c2845831 | admin | True | | | b9015f542324445080af50219e9afd68 | cinder | True | | | 27f9f60c13f744f393ce4ba945269711 | glance | True | | | ae3c1a7d95be4954b2a817adcba59fa3 | nova | True | | +———————————-+——–+———+———–+——+ # Add entries for services # add for keystone [root@cloud01 ~]# keystone service-create –name=keystone –type=identity –description=”Keystone Identity Service” # add for cinder [root@cloud01 ~]# keystone service-create –name=cinder –type=volume –description=”Cinder Service” +————-+——————————————-+ | Property | Value | +————-+——————————————+ | description | Cinder Service | | id | 140d9ad5c0a34e7988b44c93b5ffb81a | | name | cinder | | type | volume | +————-+——————————————- + # add for glance [root@cloud01 ~]# keystone service-create –name=glance –type=image –description=”Glance Image Service” [root@cloud01 ~]# keystone service-create –name=nova –type=compute –description=”Nova Compute Service” +————-+———————————————+ | Property | Value | +————-+———————————————+ | description | Nova Compute Service | | id | c7b0d67a745042e9983bb7cad9b30641 | | name | nova | | type | compute | +————-+———————————————+ [root@cloud01 ~]# keystone service-list # Add Endpoints [root@cloud01 ~]# export my_host=127.0.0.1 [root@cloud01 ~]# keystone_id=9cda339bce7148d5a9d8b6b99e8d4bf4 [root@cloud01 ~]# cinder_id=140d9ad5c0a34e7988b44c93b5ffb81a [root@cloud01 ~]# glance_id=77845645332c4dd5a1348b28695be80b [root@cloud01 ~]# nova_id=c7b0d67a745042e9983bb7cad9b30641 # add endpoints for keystone [root@cloud01 ~]# keystone endpoint-create –region RegionOne \ > –service_id=$keystone_id \ > –publicurl=”http://$my_host:\$(public_port)s/v2.0″ \ > –internalurl=”http://$my_host:\$(public_port)s/v2.0″ \ > –adminurl=”http://$my_host:\$(admin_port)s/v2.0″ # add endpoints for cinder [root@cloud01 ~]# keystone endpoint-create –region RegionOne \ > –service_id=$cinder_id \ > –publicurl=”http://$my_host:8776/v1/\$(tenant_id)s” \ > –internalurl=”http://$my_host:8776/v1/\$(tenant_id)s” \ > –adminurl=”http://$my_host:8776/v1/\$(tenant_id)s” ————-+——————————————–+ | Property | Value | +————-+——————————————–+ | adminurl | http://127.0.0.1:8776/v1/$(tenant_id)s | | id | 13ddf20764f44f6586146fccfc1b57a6 | | internalurl | http://127.0.0.1:8776/v1/$(tenant_id)s | | publicurl | http://127.0.0.1:8776/v1/$(tenant_id)s | | region | RegionOne | | service_id | 140d9ad5c0a34e7988b44c93b5ffb81a | +————-+——————————————–+ # add endpoint for glance [root@cloud01 ~]# keystone endpoint-create –region RegionOne \ > –service_id=$glance_id \ > –publicurl=”http://$my_host:9292/v1″ \ > –internalurl=”http://$my_host:9292/v1″ \ > –adminurl=”http://$my_host:9292/v1″ [root@cloud01 ~]# keystone endpoint-create –region RegionOne \ > –service_id=$nova_id \ > –publicurl=”http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s” \ > –internalurl=”http://$my_host:\$(compute_port)sv1.1/\$(tenant_id)s” \ > –adminurl=”http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s”
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003运维网
QQ群⑧:
窥视卡
雷达卡
发表于 2018-6-2 10:14:28
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡