热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

CentOS7部署OpenStack(2)―安装keystone服务

1、创建数据库[root@controller~]#mysql-uroot-p-eCREATEDATABASEkeystone;Enterpassword:[root

1、创建数据库

[root@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

Enter password:

2、安装keystone

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

3、配置keystone

3.1、同步数据库

[root@controller ~]# openssl rand -hex 10

2608ad88f344a5288056

[root@controller ~]# vim /etc/keystone/keystone.conf

12 admin_token = 2608ad88f344a5288056

495 cOnnection= mysql://keystone:keystone@192.168.1.11/keystone

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone

3.2、配置连接memcache

[root@controller ~]# vim /etc/keystone/keystone.conf

1305 servers = 192.168.1.11:11211

1710 driver = sql

1903 provider = uuid

1908 driver = memcache

3.3启动memcachehttpd服务

[root@controller ~]# systemctl enable memcached

[root@controller ~]# systemctl start memcached

[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

 

    WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP}

    WSGIProcessGroupkeystone-public

    WSGIScriptAlias //usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    = 2.4>

      ErrorLogFormat "%{cu}t%M"

   

    ErrorLog/var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.logcombined

 

   

        = 2.4>

            Require all granted

       

       

            Order allow,deny

            Allow from all

       

   

 

    WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias //usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    = 2.4>

      ErrorLogFormat "%{cu}t%M"

   

    ErrorLog/var/log/httpd/keystone-error.log

    CustomLog/var/log/httpd/keystone-access.log combined

 

   

        = 2.4>

            Require all granted

       

       

            Order allow,deny

            Allow from all

       

   

[root@controller ~]# vim /etc/httpd/conf/httpd.conf

95 ServerName 192.168.1.11:80

[root@controller ~]# systemctl enable httpd

[root@controller ~]# systemctl start httpd

4、创建keystone用户

4.1、设置环境变量

此步要慎重,和前面设置的token要一样

[root@controller ~]# export OS_TOKEN=2608ad88f344a5288056

[root@controller ~]# export OS_URL=http://192.168.1.11:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

4.2、创建一个admin用户

[root@controller ~]# openstack project create --domain default   --description "Admin Project"admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Admin Project                    |

| domain_id   | default                          |

| enabled     | True                             |

| id          |69d1967e59d247e6b7c4c3937d5baa89 |

| is_domain   | False                            |

| name        | admin                            |

| parent_id   | None                             |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password-prompt admin     //此步是设置admin密码,要记住密码

User Password:     //编者设置为123456

Repeat User Password:

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | default                          |

| enabled   | True                             |

| id        |8c0b8dc884f742bea6f882a2b487f092 |

| name      | admin                            |

+-----------+----------------------------------+

[root@controller ~]# openstack role create admin

+-------+----------------------------------+

| Field | Value                           |

+-------+----------------------------------+

| id    |4d8224cda53e4b29b6963163ed64af65 |

| name  | admin                            |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project admin --user adminadmin

4.3、创建一个普通用户

[root@controller ~]# openstack project create --domain default--description "Demo Project" kevin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          |1ee793c741f64d25be9010d59e4b5a3d |

| is_domain   | False                            |

| name        | kevin                            |

| parent_id   | None                             |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password=kevin kevin

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | default                          |

| enabled   | True                             |

| id        | c5baee07132c40f9841a607af1789ed6 |

| name      | kevin                            |

+-----------+----------------------------------+

[root@controller ~]# openstack role create user

+-------+----------------------------------+

| Field | Value                           |

+-------+----------------------------------+

| id    |ac35ef5dc2624526af25859497616ecd |

| name  | user                             |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project kevin --user kevin user

[root@controller ~]# openstack project create --domain default--description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          |e88fa8670b704fe88c668ac4d6f9d499 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | None                             |

+-------------+----------------------------------+

4.4、查看验证

[root@controller ~]# openstack user list

+----------------------------------+-------+

| ID                              | Name  |

+----------------------------------+-------+

| 8c0b8dc884f742bea6f882a2b487f092 | admin |

| c5baee07132c40f9841a607af1789ed6 | kevin |

+----------------------------------+-------+

[root@controller ~]# openstack role list

+----------------------------------+-------+

| ID                              | Name  |

+----------------------------------+-------+

| 4d8224cda53e4b29b6963163ed64af65 | admin |

| ac35ef5dc2624526af25859497616ecd | user |

+----------------------------------+-------+

[root@controller ~]# openstack project list

+----------------------------------+---------+

| ID                              | Name    |

+----------------------------------+---------+

| 1ee793c741f64d25be9010d59e4b5a3d | kevin   |

| 69d1967e59d247e6b7c4c3937d5baa89 | admin   |

| e88fa8670b704fe88c668ac4d6f9d499 | service |

+----------------------------------+---------+

[root@controller ~]# openstack domain list

+---------+---------+---------+----------------------------------------------------------------------+

| ID      | Name    | Enabled | Description                                                         |

+---------+---------+---------+----------------------------------------------------------------------+

| default | Default | True    |Owns users and tenants (i.e. projects) available on Identity API v2. |

+---------+---------+---------+----------------------------------------------------------------------+

5、注册keystone服务

5.1、注册服务

下面的操作一个字也不要错

[root@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Identity               |

| enabled     | True                             |

| id          |121189562a324f5d9f6ef83c4755d671 |

| name        | keystone                         |

| type        | identity                         |

+-------------+----------------------------------+

[root@controller ~]#  openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |6f4d026024e14082ada914b14bb0c9ff |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          | http://192.168.1.11:5000/v2.0    |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |acc2890a596c406fb42f4926ad86937a |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          |http://192.168.1.11:5000/v2.0    |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |f7f1182dd4c44cadac94345466275296 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          |http://192.168.1.11:35357/v2.0   |

+--------------+----------------------------------+

5.2、查看验证

[root@controller ~]# openstack service list

+----------------------------------+----------+----------+

| ID                              | Name     | Type     |

+----------------------------------+----------+----------+

| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |

+----------------------------------+----------+----------+

[root@controller ~]# openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

| ID                              | Region    | Service Name |Service Type | Enabled | Interface | URL                            |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

| 6f4d026024e14082ada914b14bb0c9ff | RegionOne | keystone     | identity     | True   | public    |http://192.168.1.11:5000/v2.0  |

| acc2890a596c406fb42f4926ad86937a | RegionOne | keystone     | identity     | True   | internal  | http://192.168.1.11:5000/v2.0  |

| f7f1182dd4c44cadac94345466275296 | RegionOne | keystone     | identity     | True   | admin     |http://192.168.1.11:35357/v2.0 |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

5.3、尝试连接keystone

[root@controller ~]# unset OS_TOKEN

[root@controller ~]# unset OS_URL

[root@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\

--os-project-domain-id default --os-user-domain-id default \

--os-project-name admin --os-username admin --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    |2015-12-27T09:58:41.540674Z      |

| id         |ccca55a979da427b849ecd2957901f74 |

| project_id | 69d1967e59d247e6b7c4c3937d5baa89 |

| user_id    |8c0b8dc884f742bea6f882a2b487f092 |

+------------+----------------------------------+

5.4、配置环境变量

进行该步骤的原因是为了方便执行命令,否则必须输入一大串的参数

[root@controller ~]# vim admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://192.168.1.11:35357/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# vim kevin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=kevin

export OS_TENANT_NAME=kevin

export OS_USERNAME=kevin

export OS_PASSWORD=kevin

export OS_AUTH_URL=http://192.168.1.11:5000/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# chmod +x admin-openrc.sh kevin-openrc.sh

Linux运维开发群:298324302

北京linux运维求职招聘群:153677549

本文出自 “长街听风人” 博客,请务必保留此出处http://kevinhao.blog.51cto.com/5204735/1728834


推荐阅读
  • 为了确保iOS应用能够安全地访问网站数据,本文介绍了如何在Nginx服务器上轻松配置CertBot以实现SSL证书的自动化管理。通过这一过程,可以确保应用始终使用HTTPS协议,从而提升数据传输的安全性和可靠性。文章详细阐述了配置步骤和常见问题的解决方法,帮助读者快速上手并成功部署SSL证书。 ... [详细]
  • 一个建表一个执行crud操作建表代码importandroid.content.Context;importandroid.database.sqlite.SQLiteDat ... [详细]
  • 如何在Java中使用DButils类
    这期内容当中小编将会给大家带来有关如何在Java中使用DButils类,文章内容丰富且以专业的角度为大家分析和叙述,阅读完这篇文章希望大家可以有所收获。D ... [详细]
  • 开机自启动的几种方式
    0x01快速自启动目录快速启动目录自启动方式源于Windows中的一个目录,这个目录一般叫启动或者Startup。位于该目录下的PE文件会在开机后进行自启动 ... [详细]
  • 1.安装libeventyuminstalllibevent.x86_64libevent-devel.x86_64没有libevent编译memcached为出错checking ... [详细]
  • Linux静默安装Oracle 11g教程
    准备工作在电脑中下载linux.x64_11gR2_database_1of2.zip和linux.x64_11gR2_database_2of2.ziphttp:download.oracle.comotnlinuxoracle11gR2l ... [详细]
  •  参考自:https:linux.cnarticle-6719-1.html一、安装  首先通过xshell5先登陆来到字符界面(xshell通过SSH连接请参见之前随笔)  先下载redis, ... [详细]
  • 该问题可能由守护进程配置不当引起,例如未识别的JVM选项或内存分配不足。建议检查并调整JVM参数,确保为对象堆预留足够的内存空间(至少1572864KB)。此外,还可以优化应用程序的内存使用,减少不必要的内存消耗。 ... [详细]
  • 黄聪:MySQL主从复制配置,实现高效读写分离
    大型网站为应对高并发访问,不仅需要在前端实现分布式负载均衡,还需在数据业务和访问层采取有效措施。采用传统的数据结构已无法满足需求,通过配置MySQL主从复制,可实现高效的读写分离,显著提升系统性能和稳定性。 ... [详细]
  • Memcached的delete命令用于删除memcached服务器现有的键。语法memcacheddelete命令的基本语法如下所示:deletekey如果键成功删除,则返回DE ... [详细]
  • MySQL 数据库索引技术原理初探
    概述什么是索引一本书500页的书,如果没有目录,直接去找某个知识点,可能需要找一会儿,但是借助前面的目录,就可以快速找到对应知识点在书的哪一页。这里的目录就是索引。所以,为什么会有 ... [详细]
  • 本文介绍了OpenStack的逻辑概念以及其构成简介,包括了软件开源项目、基础设施资源管理平台、三大核心组件等内容。同时还介绍了Horizon(UI模块)等相关信息。 ... [详细]
  • 修改第二步中按TAB键出来的命令这里注意了:网上很多文章都说这一步改成“>vmlinuzinitrdinitrd.imginst.stage2hd:devsdbquiet”什么的, ... [详细]
  • asp.net core 应用docke部署到centos7
    前言前期准备win10(不要安装hyper-V)VMware-Workstation-Pro15.0Xshell6(非必需)VS2019以上环境请自行安装都是默认安装没什么可说的不 ... [详细]
  • 基于CentOS7的服务器环境搭建(LAMP环境)一、安装MySQL组件  1.由于在CentOS7中,默认yum安装库中不含有mysql,我们可以下载mysql的分支Mari ... [详细]
author-avatar
徐小倩是你叫的
这个家伙很懒,什么也没留下!
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有