CentOS7部署OpenStack（2）―安装keystone服务

作者：徐小倩是你叫的 | 来源：互联网 | 2023-09-14 11:31

1、创建数据库[root@controller~]#mysql-uroot-p-eCREATEDATABASEkeystone;Enterpassword:[root

1、创建数据库

[root@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

Enter password:

2、安装keystone

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

3、配置keystone

3.1、同步数据库

[root@controller ~]# openssl rand -hex 10

2608ad88f344a5288056

[root@controller ~]# vim /etc/keystone/keystone.conf

12 admin_token = 2608ad88f344a5288056

495 cOnnection= mysql://keystone:keystone@192.168.1.11/keystone

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone

3.2、配置连接memcache

[root@controller ~]# vim /etc/keystone/keystone.conf

1305 servers = 192.168.1.11:11211

1710 driver = sql

1903 provider = uuid

1908 driver = memcache

3.3启动memcache和httpd服务

[root@controller ~]# systemctl enable memcached

[root@controller ~]# systemctl start memcached

[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP}

WSGIProcessGroupkeystone-public

WSGIScriptAlias //usr/bin/keystone-wsgi-public

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

= 2.4>

ErrorLogFormat "%{cu}t%M"

ErrorLog/var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.logcombined

= 2.4>

Require all granted

Order allow,deny

Allow from all

WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias //usr/bin/keystone-wsgi-admin

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

= 2.4>

ErrorLogFormat "%{cu}t%M"

ErrorLog/var/log/httpd/keystone-error.log

CustomLog/var/log/httpd/keystone-access.log combined

= 2.4>

Require all granted

Order allow,deny

Allow from all

[root@controller ~]# vim /etc/httpd/conf/httpd.conf

95 ServerName 192.168.1.11:80

[root@controller ~]# systemctl enable httpd

[root@controller ~]# systemctl start httpd

4、创建keystone用户

4.1、设置环境变量

此步要慎重，和前面设置的token要一样

[root@controller ~]# export OS_TOKEN=2608ad88f344a5288056

[root@controller ~]# export OS_URL=http://192.168.1.11:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

4.2、创建一个admin用户

[root@controller ~]# openstack project create --domain default --description "Admin Project"admin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Admin Project |

| domain_id | default |

| enabled | True |

| id |69d1967e59d247e6b7c4c3937d5baa89 |

| is_domain | False |

| name | admin |

| parent_id | None |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password-prompt admin //此步是设置admin密码，要记住密码

User Password: //编者设置为123456

Repeat User Password:

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id |8c0b8dc884f742bea6f882a2b487f092 |

| name | admin |

+-----------+----------------------------------+

[root@controller ~]# openstack role create admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id |4d8224cda53e4b29b6963163ed64af65 |

| name | admin |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project admin --user adminadmin

4.3、创建一个普通用户

[root@controller ~]# openstack project create --domain default--description "Demo Project" kevin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Demo Project |

| domain_id | default |

| enabled | True |

| id |1ee793c741f64d25be9010d59e4b5a3d |

| is_domain | False |

| name | kevin |

| parent_id | None |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password=kevin kevin

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | c5baee07132c40f9841a607af1789ed6 |

| name | kevin |

+-----------+----------------------------------+

[root@controller ~]# openstack role create user

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id |ac35ef5dc2624526af25859497616ecd |

| name | user |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project kevin --user kevin user

[root@controller ~]# openstack project create --domain default--description "Service Project" service

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Service Project |

| domain_id | default |

| enabled | True |

| id |e88fa8670b704fe88c668ac4d6f9d499 |

| is_domain | False |

| name | service |

| parent_id | None |

+-------------+----------------------------------+

4.4、查看验证

[root@controller ~]# openstack user list

+----------------------------------+-------+

| ID | Name |

+----------------------------------+-------+

| 8c0b8dc884f742bea6f882a2b487f092 | admin |

| c5baee07132c40f9841a607af1789ed6 | kevin |

+----------------------------------+-------+

[root@controller ~]# openstack role list

+----------------------------------+-------+

| ID | Name |

+----------------------------------+-------+

| 4d8224cda53e4b29b6963163ed64af65 | admin |

| ac35ef5dc2624526af25859497616ecd | user |

+----------------------------------+-------+

[root@controller ~]# openstack project list

+----------------------------------+---------+

| ID | Name |

+----------------------------------+---------+

| 1ee793c741f64d25be9010d59e4b5a3d | kevin |

| 69d1967e59d247e6b7c4c3937d5baa89 | admin |

| e88fa8670b704fe88c668ac4d6f9d499 | service |

+----------------------------------+---------+

[root@controller ~]# openstack domain list

+---------+---------+---------+----------------------------------------------------------------------+

+---------+---------+---------+----------------------------------------------------------------------+

+---------+---------+---------+----------------------------------------------------------------------+

5、注册keystone服务

5.1、注册服务

下面的操作一个字也不要错

[root@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Identity |

| enabled | True |

| id |121189562a324f5d9f6ef83c4755d671 |

| name | keystone |

| type | identity |

+-------------+----------------------------------+

[root@controller ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |6f4d026024e14082ada914b14bb0c9ff |

| interface | public |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url | http://192.168.1.11:5000/v2.0 |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |acc2890a596c406fb42f4926ad86937a |

| interface | internal |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url |http://192.168.1.11:5000/v2.0 |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |f7f1182dd4c44cadac94345466275296 |

| interface | admin |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url |http://192.168.1.11:35357/v2.0 |

+--------------+----------------------------------+

5.2、查看验证

[root@controller ~]# openstack service list

+----------------------------------+----------+----------+

| ID | Name | Type |

+----------------------------------+----------+----------+

| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |

+----------------------------------+----------+----------+

[root@controller ~]# openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

5.3、尝试连接keystone

[root@controller ~]# unset OS_TOKEN

[root@controller ~]# unset OS_URL

[root@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\

--os-project-domain-id default --os-user-domain-id default \

--os-project-name admin --os-username admin --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field | Value |

+------------+----------------------------------+

| expires |2015-12-27T09:58:41.540674Z |

| id |ccca55a979da427b849ecd2957901f74 |

| project_id | 69d1967e59d247e6b7c4c3937d5baa89 |

| user_id |8c0b8dc884f742bea6f882a2b487f092 |

+------------+----------------------------------+

5.4、配置环境变量

进行该步骤的原因是为了方便执行命令，否则必须输入一大串的参数

[root@controller ~]# vim admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://192.168.1.11:35357/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# vim kevin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=kevin

export OS_TENANT_NAME=kevin

export OS_USERNAME=kevin

export OS_PASSWORD=kevin

export OS_AUTH_URL=http://192.168.1.11:5000/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# chmod +x admin-openrc.sh kevin-openrc.sh

Linux运维开发群：298324302

北京linux运维求职招聘群：153677549

本文出自 “长街听风人” 博客，请务必保留此出处http://kevinhao.blog.51cto.com/5204735/1728834

推荐阅读

io
解决JavaScript中法语字符排序问题

在开发一个使用JavaScript、HTML和CSS的Web应用时，遇到从SQLite数据库中提取的法语词汇排序不正确的问题，特别是带重音符号的字母未按预期排序。 ... [详细]

蜡笔小新 2024-11-21 09:08:57
int
mysql 授权!!

为什么80%的码农都做不了架构师？MySQL的权限系统围绕着两个概念：认证-确定用户是否允许连接数据库服务器授权-确定用户是否拥有足够的权限执 ... [详细]

蜡笔小新 2024-11-18 17:34:42
const
设计无SQL死锁的编码模式 - Achieving SQL Deadlock-Free Design

在运行于MS SQL Server 2005的.NET 2.0 Web应用中，我偶尔会遇到令人头疼的SQL死锁问题。过去，我们主要通过调整查询来解决这些问题，但这既耗时又不可靠。我希望能找到一种确定性的查询模式，确保从设计上彻底避免SQL死锁。 ... [详细]

蜡笔小新 2024-11-16 13:09:51
io
CentOS下ProFTPD的安装与配置指南

本文详细介绍在CentOS操作系统上安装和配置ProFTPD服务的方法，包括基本配置、安全设置及高级功能的启用。 ... [详细]

蜡笔小新 2024-11-21 09:45:56
install
Ubuntu 16.04 上 PostgreSQL 的高效安装与配置指南

本文详细介绍了在 Ubuntu 16.04 系统上安装和配置 PostgreSQL 数据库的方法，包括如何设置监听地址、启用密码加密、更改默认用户密码以及调整客户端访问控制。 ... [详细]

蜡笔小新 2024-11-20 22:17:50
io
WM平台上Sybase Anywhere 11的高级应用

本文作为《WM平台上使用Sybase Anywhere 11》系列的第二篇，将继续探讨在Windows Mobile (WM) 系统中如何高效地操作Sybase Anywhere 11数据库。继上一篇关于安装与基本测试的文章之后，本篇将深入讲解数据库的具体操作方法。 ... [详细]

蜡笔小新 2024-11-20 21:16:41
int
深入解析SpringMVC中的HandlerMapping机制

本文将从基础概念入手，详细探讨SpringMVC框架中DispatcherServlet如何通过HandlerMapping进行请求分发，以及其背后的源码实现细节。 ... [详细]

蜡笔小新 2024-11-20 19:24:42
io
Oracle 数据库间通过 DBLink 进行交互的方法

本文介绍了如何在两个Oracle数据库（假设为数据库A和数据库B）之间设置DBLink，以便能够从数据库A中直接访问和操作数据库B中的数据。文章详细描述了创建DBLink前的必要准备步骤以及具体的创建方法。 ... [详细]

蜡笔小新 2024-11-20 11:20:35
header
解决PHP及Web开发中的UTF-8乱码问题

本文详细探讨了在Web开发中常见的UTF-8编码问题及其解决方案，包括HTML页面、PHP脚本、MySQL数据库以及JavaScript和Flash应用中的乱码问题。 ... [详细]

蜡笔小新 2024-11-20 10:58:03
io
解决SQL Server 2008中删除带有架构所有权的用户问题

本文探讨了在SQL Server 2008环境下，当尝试删除拥有数据库架构的用户时遇到的问题及解决方案，包括如何查询和更改架构所有权。 ... [详细]

蜡笔小新 2024-11-19 19:05:35
io
如何在U8系统中连接服务器并获取数据

本文介绍了如何在U8系统中通过不同的方法连接服务器并获取数据，包括使用MySQL客户端连接实例的方法，如非SSL连接和SSL连接，并提供了详细的步骤和注意事项。 ... [详细]

蜡笔小新 2024-11-19 12:08:19
install
Django与Python及其他Web框架的对比

本文详细介绍了Django与其他Python Web框架（如Flask和Tornado）的区别，并探讨了Django的基本使用方法及与其他语言（如PHP）的比较。 ... [详细]

蜡笔小新 2024-11-18 09:13:53
io
Oracle 10g 和 11g 32位 OCI.DLL 文件下载

32位 PL/SQL Developer 访问 64位 Oracle 11g 数据库时，需要使用 32位的 OCI.DLL 文件以确保正常连接和数据访问。本文将详细介绍如何获取并配置此文件。 ... [详细]

蜡笔小新 2024-11-17 20:10:35
const
SQL 中的 SUM 函数详解

本文将详细介绍 SQL 中的 SUM 函数及其用法，并通过具体示例展示如何在实际场景中应用。 ... [详细]

蜡笔小新 2024-11-17 19:34:14
io
驱动程序的基本结构

驱动程序的基本结构1、Windows驱动程序中重要的数据结构1.1、驱动对象（DRIVER_OBJECT）每个驱动程序会有唯一的驱动对象与之对应，并且这个驱动对象是在驱 ... [详细]

蜡笔小新 2024-11-16 22:04:31

徐小倩是你叫的

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章