CentOS7部署OpenStack（2）―安装keystone服务

作者：徐小倩是你叫的 | 来源：互联网 | 2023-09-14 11:31

1、创建数据库[root@controller~]#mysql-uroot-p-eCREATEDATABASEkeystone;Enterpassword:[root

1、创建数据库

[root@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

Enter password:

2、安装keystone

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

3、配置keystone

3.1、同步数据库

[root@controller ~]# openssl rand -hex 10

2608ad88f344a5288056

[root@controller ~]# vim /etc/keystone/keystone.conf

12 admin_token = 2608ad88f344a5288056

495 cOnnection= mysql://keystone:keystone@192.168.1.11/keystone

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone

3.2、配置连接memcache

[root@controller ~]# vim /etc/keystone/keystone.conf

1305 servers = 192.168.1.11:11211

1710 driver = sql

1903 provider = uuid

1908 driver = memcache

3.3启动memcache和httpd服务

[root@controller ~]# systemctl enable memcached

[root@controller ~]# systemctl start memcached

[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP}

WSGIProcessGroupkeystone-public

WSGIScriptAlias //usr/bin/keystone-wsgi-public

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

= 2.4>

ErrorLogFormat "%{cu}t%M"

ErrorLog/var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.logcombined

= 2.4>

Require all granted

Order allow,deny

Allow from all

WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias //usr/bin/keystone-wsgi-admin

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

= 2.4>

ErrorLogFormat "%{cu}t%M"

ErrorLog/var/log/httpd/keystone-error.log

CustomLog/var/log/httpd/keystone-access.log combined

= 2.4>

Require all granted

Order allow,deny

Allow from all

[root@controller ~]# vim /etc/httpd/conf/httpd.conf

95 ServerName 192.168.1.11:80

[root@controller ~]# systemctl enable httpd

[root@controller ~]# systemctl start httpd

4、创建keystone用户

4.1、设置环境变量

此步要慎重，和前面设置的token要一样

[root@controller ~]# export OS_TOKEN=2608ad88f344a5288056

[root@controller ~]# export OS_URL=http://192.168.1.11:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

4.2、创建一个admin用户

[root@controller ~]# openstack project create --domain default --description "Admin Project"admin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Admin Project |

| domain_id | default |

| enabled | True |

| id |69d1967e59d247e6b7c4c3937d5baa89 |

| is_domain | False |

| name | admin |

| parent_id | None |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password-prompt admin //此步是设置admin密码，要记住密码

User Password: //编者设置为123456

Repeat User Password:

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id |8c0b8dc884f742bea6f882a2b487f092 |

| name | admin |

+-----------+----------------------------------+

[root@controller ~]# openstack role create admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id |4d8224cda53e4b29b6963163ed64af65 |

| name | admin |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project admin --user adminadmin

4.3、创建一个普通用户

[root@controller ~]# openstack project create --domain default--description "Demo Project" kevin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Demo Project |

| domain_id | default |

| enabled | True |

| id |1ee793c741f64d25be9010d59e4b5a3d |

| is_domain | False |

| name | kevin |

| parent_id | None |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password=kevin kevin

+-----------+----------------------------------+

| Field | Value |

+-----------+----------------------------------+

| domain_id | default |

| enabled | True |

| id | c5baee07132c40f9841a607af1789ed6 |

| name | kevin |

+-----------+----------------------------------+

[root@controller ~]# openstack role create user

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id |ac35ef5dc2624526af25859497616ecd |

| name | user |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project kevin --user kevin user

[root@controller ~]# openstack project create --domain default--description "Service Project" service

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Service Project |

| domain_id | default |

| enabled | True |

| id |e88fa8670b704fe88c668ac4d6f9d499 |

| is_domain | False |

| name | service |

| parent_id | None |

+-------------+----------------------------------+

4.4、查看验证

[root@controller ~]# openstack user list

+----------------------------------+-------+

| ID | Name |

+----------------------------------+-------+

| 8c0b8dc884f742bea6f882a2b487f092 | admin |

| c5baee07132c40f9841a607af1789ed6 | kevin |

+----------------------------------+-------+

[root@controller ~]# openstack role list

+----------------------------------+-------+

| ID | Name |

+----------------------------------+-------+

| 4d8224cda53e4b29b6963163ed64af65 | admin |

| ac35ef5dc2624526af25859497616ecd | user |

+----------------------------------+-------+

[root@controller ~]# openstack project list

+----------------------------------+---------+

| ID | Name |

+----------------------------------+---------+

| 1ee793c741f64d25be9010d59e4b5a3d | kevin |

| 69d1967e59d247e6b7c4c3937d5baa89 | admin |

| e88fa8670b704fe88c668ac4d6f9d499 | service |

+----------------------------------+---------+

[root@controller ~]# openstack domain list

+---------+---------+---------+----------------------------------------------------------------------+

+---------+---------+---------+----------------------------------------------------------------------+

+---------+---------+---------+----------------------------------------------------------------------+

5、注册keystone服务

5.1、注册服务

下面的操作一个字也不要错

[root@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Identity |

| enabled | True |

| id |121189562a324f5d9f6ef83c4755d671 |

| name | keystone |

| type | identity |

+-------------+----------------------------------+

[root@controller ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |6f4d026024e14082ada914b14bb0c9ff |

| interface | public |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url | http://192.168.1.11:5000/v2.0 |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |acc2890a596c406fb42f4926ad86937a |

| interface | internal |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url |http://192.168.1.11:5000/v2.0 |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id |f7f1182dd4c44cadac94345466275296 |

| interface | admin |

| region | RegionOne |

| region_id | RegionOne |

| service_id |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone |

| service_type | identity |

| url |http://192.168.1.11:35357/v2.0 |

+--------------+----------------------------------+

5.2、查看验证

[root@controller ~]# openstack service list

+----------------------------------+----------+----------+

| ID | Name | Type |

+----------------------------------+----------+----------+

| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |

+----------------------------------+----------+----------+

[root@controller ~]# openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

5.3、尝试连接keystone

[root@controller ~]# unset OS_TOKEN

[root@controller ~]# unset OS_URL

[root@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\

--os-project-domain-id default --os-user-domain-id default \

--os-project-name admin --os-username admin --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field | Value |

+------------+----------------------------------+

| expires |2015-12-27T09:58:41.540674Z |

| id |ccca55a979da427b849ecd2957901f74 |

| project_id | 69d1967e59d247e6b7c4c3937d5baa89 |

| user_id |8c0b8dc884f742bea6f882a2b487f092 |

+------------+----------------------------------+

5.4、配置环境变量

进行该步骤的原因是为了方便执行命令，否则必须输入一大串的参数

[root@controller ~]# vim admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://192.168.1.11:35357/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# vim kevin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=kevin

export OS_TENANT_NAME=kevin

export OS_USERNAME=kevin

export OS_PASSWORD=kevin

export OS_AUTH_URL=http://192.168.1.11:5000/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# chmod +x admin-openrc.sh kevin-openrc.sh

Linux运维开发群：298324302

北京linux运维求职招聘群：153677549

本文出自 “长街听风人” 博客，请务必保留此出处http://kevinhao.blog.51cto.com/5204735/1728834

推荐阅读

io
如何在Nginx服务器上轻松配置CertBot以实现SSL证书自动化管理

为了确保iOS应用能够安全地访问网站数据，本文介绍了如何在Nginx服务器上轻松配置CertBot以实现SSL证书的自动化管理。通过这一过程，可以确保应用始终使用HTTPS协议，从而提升数据传输的安全性和可靠性。文章详细阐述了配置步骤和常见问题的解决方法，帮助读者快速上手并成功部署SSL证书。 ... [详细]

蜡笔小新 2024-11-10 08:42:08
io
Android Studio SQLite 数据库增删改查简单（代码参考）

一个建表一个执行crud操作建表代码importandroid.content.Context;importandroid.database.sqlite.SQLiteDat ... [详细]

蜡笔小新 2024-11-14 11:01:49
object
如何在Java中使用DButils类

这期内容当中小编将会给大家带来有关如何在Java中使用DButils类，文章内容丰富且以专业的角度为大家分析和叙述，阅读完这篇文章希望大家可以有所收获。D ... [详细]

蜡笔小新 2024-11-12 13:46:11
function
开机自启动的几种方式

0x01快速自启动目录快速启动目录自启动方式源于Windows中的一个目录，这个目录一般叫启动或者Startup。位于该目录下的PE文件会在开机后进行自启动 ... [详细]

蜡笔小新 2024-11-12 11:16:30
io
mysql安装教程5.8_linux centos5.8 安装memcached

1.安装libeventyuminstalllibevent.x86_64libevent-devel.x86_64没有libevent编译memcached为出错checking ... [详细]

蜡笔小新 2023-10-16 09:26:26
io
Linux静默安装Oracle 11g教程

准备工作在电脑中下载linux.x64_11gR2_database_1of2.zip和linux.x64_11gR2_database_2of2.ziphttp:download.oracle.comotnlinuxoracle11gR2l ... [详细]

蜡笔小新 2023-10-13 12:45:19
io
Redis安装——在CentOS7下的安装

　参考自：https:linux.cnarticle-6719-1.html一、安装　　首先通过xshell5先登陆来到字符界面（xshell通过SSH连接请参见之前随笔）　　先下载redis， ... [详细]

蜡笔小新 2023-10-12 20:31:20
object
Insufficient Memory Allocation: Unable to Reserve 1572864KB for Object Heap

该问题可能由守护进程配置不当引起，例如未识别的JVM选项或内存分配不足。建议检查并调整JVM参数，确保为对象堆预留足够的内存空间（至少1572864KB）。此外，还可以优化应用程序的内存使用，减少不必要的内存消耗。 ... [详细]

蜡笔小新 2024-11-08 20:06:16
io
黄聪：MySQL主从复制配置，实现高效读写分离

大型网站为应对高并发访问，不仅需要在前端实现分布式负载均衡，还需在数据业务和访问层采取有效措施。采用传统的数据结构已无法满足需求，通过配置MySQL主从复制，可实现高效的读写分离，显著提升系统性能和稳定性。 ... [详细]

蜡笔小新 2024-10-26 20:09:09
io
Memcached删除/Delete数据

Memcached的delete命令用于删除memcached服务器现有的键。语法memcacheddelete命令的基本语法如下所示：deletekey如果键成功删除，则返回DE ... [详细]

蜡笔小新 2024-10-19 12:45:15
io
MySQL 数据库索引技术原理初探

概述什么是索引一本书500页的书，如果没有目录，直接去找某个知识点，可能需要找一会儿，但是借助前面的目录，就可以快速找到对应知识点在书的哪一页。这里的目录就是索引。所以，为什么会有 ... [详细]

蜡笔小新 2024-10-09 13:39:04
object
OpenStack及其构成简介

本文介绍了OpenStack的逻辑概念以及其构成简介，包括了软件开源项目、基础设施资源管理平台、三大核心组件等内容。同时还介绍了Horizon(UI模块)等相关信息。 ... [详细]

蜡笔小新 2023-12-12 06:47:38
cmd
U盘centos7系统安装http://www.augsky.com/599.html

修改第二步中按TAB键出来的命令这里注意了：网上很多文章都说这一步改成“>vmlinuzinitrdinitrd.imginst.stage2hd:devsdbquiet”什么的， ... [详细]

蜡笔小新 2023-10-11 09:18:42
io
asp.net core 应用docke部署到centos7

前言前期准备win10(不要安装hyper-V)VMware-Workstation-Pro15.0Xshell6(非必需)VS2019以上环境请自行安装都是默认安装没什么可说的不 ... [详细]

蜡笔小新 2023-09-25 05:58:22
io
基于CentOS7的服务器搭建(LAMP环境)

基于CentOS7的服务器环境搭建(LAMP环境)一、安装MySQL组件　　1.由于在CentOS7中，默认yum安装库中不含有mysql，我们可以下载mysql的分支Mari ... [详细]

蜡笔小新 2023-09-24 17:33:50

徐小倩是你叫的

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章