【Openstack】实录手动部署Openstack Rocky 双节点(2)- Keystone
第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
上一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
下一篇:手动部署Openstack Rocky 双节点(3)- Glance
文章目录
- 参考文档
- Keystone (controller-only)
- 安装软件包
- 修改配置文件
- 创建keystone数据库
- 初始化keystone数据库
- 启用Fernet key
- Bootstrap Keystone Services
- 配置Apache HTTP Server for Keystone
- keystone配置文件
- Apache配置文件
- 启动Apache服务
- 创建租户
- 注入临时身份鉴权环境变量
- 创建service项目
- 创建myproject项目
- 创建myuser账户
- 创建myrole角色
- 检验
- 创建adminrc文件
- 结语
参考文档
手动部署OpenStack Rocky双节点
Keystone (controller-only)
安装软件包
[tony@controller ~]$ sudo yum install -y openstack-keystone httpd mod_wsgi# 检查httpd包的版本
[tony@controller ~]$ yum info httpd
...
Installed Packages
Name : httpd
Arch : x86_64
Version : 2.4.6
Release : 88.el7.centos
Size : 9.4 M
Repo : installed
From repo : base
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible: web server.
修改配置文件
在/etc/keystone/keystone.conf文件中添加如下行。
[database]
connection = mysql+pymysql://keystone:$password@controller/keystone
[token]
provider = fernet
[tony@controller ~]$ sudo cat /etc/keystone/keystone.conf | grep -v -E '^#|^$'
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:$password@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
[wsgi]
创建keystone数据库
[tony@controller ~]$ mysql -u root -p
Enter password: Enter Password
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server
Copyright © 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to ‘keystone’@‘localhost’ identified by ‘$password’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to ‘keystone’@’%’ identified by ‘$password’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
初始化keystone数据库
[tony@controller ~]$ sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
启用Fernet key
[tony@controller ~]$ sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[tony@controller ~]$ sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Bootstrap Keystone Services
[tony@controller ~]$ sudo keystone-manage bootstrap \
--bootstrap-password $password \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache HTTP Server for Keystone
keystone配置文件
[tony@controller ~]$ sudo ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/# 检查软连接创建成功
[tony@controller ~]$ ls -l /etc/httpd/conf.d/wsgi-keystone.conf
lrwxrwxrwx. 1 root root 38 Apr 3 21:39 /etc/httpd/conf.d/wsgi-keystone.conf -> /usr/share/keystone/wsgi-keystone.conf
注:无需修改默认的/usr/share/keystone/wsgi-keystone.conf配置文件。
Apache配置文件
修改/etc/httpd/conf/httpd.conf文件,找到ServerName配置项(默认是注释掉的),将其设置为“ServerName controller”。
[tony@controller ~]$ sudo vim /etc/httpd/conf/httpd.conf
88 #
89 # ServerName gives the name and port that the server uses to identify itself.
90 # This can often be determined automatically, but we recommend you specify
91 # it explicitly to prevent problems during startup.
92 #
93 # If your host doesn’t have a registered DNS name, enter its IP address here.
94 #
95 #ServerName www.example.com:80
96 ServerName controller
启动Apache服务
# 启用Apache服务
[tony@controller ~]$ sudo systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.# 启动Apache服务并检查其状态
[tony@controller ~]$ sudo systemctl restart httpd.service
[tony@controller ~]$ sudo systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-04-03 22:02:29 EDT; 9s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 78562 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /system.slice/httpd.service
├─78562 /usr/sbin/httpd -DFOREGROUND
├─78563 (wsgi:keystone- -DFOREGROUND
├─78564 (wsgi:keystone- -DFOREGROUND
├─78565 (wsgi:keystone- -DFOREGROUND
├─78566 (wsgi:keystone- -DFOREGROUND
├─78567 (wsgi:keystone- -DFOREGROUND
├─78568 /usr/sbin/httpd -DFOREGROUND
├─78569 /usr/sbin/httpd -DFOREGROUND
├─78570 /usr/sbin/httpd -DFOREGROUND
├─78571 /usr/sbin/httpd -DFOREGROUND
└─78572 /usr/sbin/httpd -DFOREGROUND
Apr 03 22:02:29 controller systemd[1]: Starting The Apache HTTP Server…
Apr 03 22:02:29 controller systemd[1]: Started The Apache HTTP Server.
# 检查一下侦听端口
[tony@controller ~]$ sudo netstat -nap | grep -w LISTEN
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 19955/beam.smp
tcp 0 0 172.18.22.231:3306 0.0.0.0:* LISTEN 19699/mysqld
tcp 0 0 172.18.22.231:2379 0.0.0.0:* LISTEN 21710/etcd
tcp 0 0 172.18.22.231:2380 0.0.0.0:* LISTEN 21710/etcd
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9283/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9681/master
tcp6 0 0 :::5000 :::* LISTEN 78562/httpd
tcp6 0 0 :::5672 :::* LISTEN 19955/beam.smp
tcp6 0 0 :::80 :::* LISTEN 78562/httpd
tcp6 0 0 :::22 :::* LISTEN 9283/sshd
tcp6 0 0 ::1:25 :::* LISTEN 9681/master
创建租户
注入临时身份鉴权环境变量
export OS_USERNAME=admin
export OS_PASSWORD=$password
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
创建service项目
[tony@controller ~]$ openstack project create \
--domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 73d22898ffae4e0e934541c205a8e927 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# 显示一下新创建的service项目
[tony@controller ~]$ openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+---------+
创建myproject项目
[tony@controller ~]$ openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 976721d634c941c181336e40ec40d565 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[tony@controller ~]$ openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| 976721d634c941c181336e40ec40d565 | myproject |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+-----------+
创建myuser账户
# 默认只有admin账户,是bootstrap过程创建的。
[tony@controller ~]$ openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0cbf612fcf114563b66d0a834a4fd014 | admin |
+----------------------------------+-------+# 创建myuser账户
[tony@controller ~]$ openstack user create --domain default --password-prompt myuser
User Password: <Enter Password>
Repeat User Password: <Repeat Password>
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 29e50100032e4d3aa94d6eaff0289b51 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+# 现在我们有两个账户了
[tony@controller ~]$ openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 0cbf612fcf114563b66d0a834a4fd014 | admin |
| 29e50100032e4d3aa94d6eaff0289b51 | myuser |
+----------------------------------+--------+
创建myrole角色
# 创建myrole角色
[tony@controller ~]$ openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | eed9c1f724574af7b32e3905ce43ba6b |
| name | myrole |
+-----------+----------------------------------+[tony@controller ~]$ openstack role add --project myproject --user myuser myrole# member/reader/admin角色都是bootstrap步骤创建的
# myrole是刚刚创建的
[tony@controller ~]$ openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| ccccd49cbf004f3ea8f9419cf8de82bc | member |
| e283f90409524da78b126e6099cb0d60 | reader |
| e5989464809546a3a53442064957fb76 | admin |
| eed9c1f724574af7b32e3905ce43ba6b | myrole |
+----------------------------------+--------+
检验
[tony@controller ~]$ openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name admin \
--os-username admin token issue
Password: <Enter Password>
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-04-04T10:10:36+0000 |
| id | gAAAAABcpcoMh0866iQOmhHfXDIa5sUMpye4dVccB3jBjj5xxMsT0HEDy6ZPWbmzOFT7RtZpbCYvp-wrlFYh5ijsOwHmla5CVBPqsxJMB83xuT4fqkBsJlFGGgOZ3JCm3bt_L-RIyI5HqfWr03NRNqPiCUnFEeHLoGjq1F6Pz9ROg3mphXK1G24 |
| project_id | bcb33d5868a7442e914bd0568228d5ed |
| user_id | 0cbf612fcf114563b66d0a834a4fd014 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建adminrc文件
[tony@controller ~]$ vim adminrc
[tony@controller ~]$ cat adminrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$password
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# 没有source adminrc之前,无法简单执行openstack
[tony@controller ~]$ openstack project list
Missing value auth-url required for auth plugin password# 加载adminrc中的环境变量后,可以列举project
[tony@controller ~]$ source adminrc
[tony@controller ~]$ openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| 976721d634c941c181336e40ec40d565 | myproject |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+-----------+# 可以列举catalog
[tony@controller ~]$ openstack catalog list
+----------+----------+----------------------------------------+
| Name | Type | Endpoints |
+----------+----------+----------------------------------------+
| keystone | identity | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | |
+----------+----------+----------------------------------------+
结语
至此,keystone以及相关服务都正常运行起来了。
在/var/log/httpd与/var/log/keystone目录下有httpd与keystone服务的日志,如果发生错误,可以通过分析这些日志解决问题。
第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
上一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
下一篇:手动部署Openstack Rocky 双节点(3)- Glance
【Openstack】实录手动部署Openstack Rocky 双节点(2)- Keystone相关推荐
- 【Openstack】实录手动部署Openstack Rocky 双节点(4)- Nova
第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务 上一篇:实录手动部署Openstack Rocky 双节点(3)- Glance 下一篇:实录手动部署Openstack ...
- 【Openstack】实录手动部署Openstack Rocky 双节点(3)- Glance
第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务 上一篇:实录手动部署Openstack Rocky 双节点(2)- Keystone 下一篇:手动部署Openstack ...
- 【Openstack】实录手动部署Openstack Rocky 双节点(1)- 基础服务
第一篇:本文 上一篇:无 下一篇:实录手动部署Openstack Rocky 双节点(2)- Keystone 文章目录 参考文档 虚拟机准备 OS准备 controller虚拟机 compute虚拟 ...
- 【Openstack】实录手动部署Openstack Rocky 双节点(6)- Horizon
第一篇:手动部署Openstack Rocky 双节点(1)- 基础服务 上一篇:手动部署Openstack Rocky 双节点(5)- Neutron 下一篇:无 文章目录 参考文档 关于机器名变更 ...
- 【Openstack】实录手动部署Openstack Rocky 双节点(5)- Neutron
第一篇:手动部署Openstack Rocky 双节点(1)- 基础服务 上一篇:手动部署Openstack Rocky 双节点(4)- Nova 下一篇:手动部署Openstack Rocky 双节 ...
- 手动部署OpenStack之环境部署
手动部署OpenStack之环境部署 一.虚拟机信息 二.基础环境配置 三.系统环境配置 一.虚拟机信息 1.控制节点ct CPU:双核双线程-CPU虚拟化开启 内存:8G 硬盘:300G+300G( ...
- 手动部署OpenStack环境(六:出现的问题与解决方案总结)
排错一:keystone服务安装中demo用户表单没信息. 排错思路: 组件安装是否有问题: 用户创建畲缶有问题: 用户认证信息是否合适: 原因:用户的认证信息配置错误. 解决方案: a)删除有关de ...
- 手动部署OpenStack环境(四:安装控制器必备软件)
任务四.安装控制器必备组件 4.1.安装MySQL服务(controller0) 4.2.安装Rabbitmq消息队列(controller0) 4.3.Keystone认证(controller0) ...
- 手动部署OpenStack环境(三:OpenStack环境预配置)
任务三.OpenStack环境预配置 3.1.本地OpenStack yum源制作 任务三:OpenStack环境预配置 3.1.本地OpenStack yum 源制作 3.1.1.拷贝镜像文件源到本 ...
最新文章
- 计算机及网络应用基础思维导图_计算机基础/算法/面试题 PDF+思维导图下载
- cisco路由交换防火墙命令配置详解
- 推荐系统笔记: 基于邻居的协同过滤问题 中的降维
- 建立最简单的repo服务器实例讲解
- java高级教程_高级Java教程
- 狂妄之人怎么用计算机弹,【B】 Undertale Sans战斗曲 MEGALOVANIA狂妄之人
- python读取Excel实例详细教程
- 【Liunx】Linux 文件基本属性
- linux知识点查阅
- SlidingMenu 源码分析
- 机器学习基石12-Nonlinear Transformation
- vbs按钮传递过程_iOS面试题:事件传递和响应机制
- PHP程序员测试题及答案
- Samba服务的安装
- Halcon深度学习自定义网络模型-VGG16
- 微信存储空间占用问题
- win7如何设置通电自动开机_win7系统设置自动开机
- mixpanel实验教程(1)
- 2022南理工824专考研经验
- 计算机课还无聊吗,《快乐星球Ⅴ》电脑课还可以这样?
热门文章
- MySQL入门(一) MacOS端配置与基本命令
- selenium自动化案例(二)滑动验证码破解
- LeetCode-438. 找到字符串中所有字母异位词
- max open files mysql_MySQL 重启提示超出可打开文件数限制|Buffered warning: Changed limits: max_open_files: 1024...
- python编程软件免费吗_MRT7-Python编程软件
- 【图像处理基础知识】-傅里叶变换
- 山东大学2017-2018年校历
- unity3d 求两个点长度_用Scratch3.0模拟求π的近似值(二) #寻找真知派#
- Linux(五):Ubuntu 16.04 更改系统语言为简体中文(Chinese simplified)
- spark的数三角形算法_Spark任务调度概述