热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

CentOS7部署OpenStack(2)―安装keystone服务

1、创建数据库[root@controller~]#mysql-uroot-p-eCREATEDATABASEkeystone;Enterpassword:[root

1、创建数据库

[root@controller ~]# mysql -u root -p -e "CREATE DATABASEkeystone;"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"

Enter password:

[root@controller ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

Enter password:

2、安装keystone

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

3、配置keystone

3.1、同步数据库

[root@controller ~]# openssl rand -hex 10

2608ad88f344a5288056

[root@controller ~]# vim /etc/keystone/keystone.conf

12 admin_token = 2608ad88f344a5288056

495 cOnnection= mysql://keystone:keystone@192.168.1.11/keystone

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"keystone

3.2、配置连接memcache

[root@controller ~]# vim /etc/keystone/keystone.conf

1305 servers = 192.168.1.11:11211

1710 driver = sql

1903 provider = uuid

1908 driver = memcache

3.3启动memcachehttpd服务

[root@controller ~]# systemctl enable memcached

[root@controller ~]# systemctl start memcached

[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

 

    WSGIDaemonProcesskeystone-public processes=5 threads=1 user=keystone group=keystonedisplay-name=%{GROUP}

    WSGIProcessGroupkeystone-public

    WSGIScriptAlias //usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    = 2.4>

      ErrorLogFormat "%{cu}t%M"

   

    ErrorLog/var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.logcombined

 

   

        = 2.4>

            Require all granted

       

       

            Order allow,deny

            Allow from all

       

   

 

    WSGIDaemonProcesskeystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias //usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    = 2.4>

      ErrorLogFormat "%{cu}t%M"

   

    ErrorLog/var/log/httpd/keystone-error.log

    CustomLog/var/log/httpd/keystone-access.log combined

 

   

        = 2.4>

            Require all granted

       

       

            Order allow,deny

            Allow from all

       

   

[root@controller ~]# vim /etc/httpd/conf/httpd.conf

95 ServerName 192.168.1.11:80

[root@controller ~]# systemctl enable httpd

[root@controller ~]# systemctl start httpd

4、创建keystone用户

4.1、设置环境变量

此步要慎重,和前面设置的token要一样

[root@controller ~]# export OS_TOKEN=2608ad88f344a5288056

[root@controller ~]# export OS_URL=http://192.168.1.11:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

4.2、创建一个admin用户

[root@controller ~]# openstack project create --domain default   --description "Admin Project"admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Admin Project                    |

| domain_id   | default                          |

| enabled     | True                             |

| id          |69d1967e59d247e6b7c4c3937d5baa89 |

| is_domain   | False                            |

| name        | admin                            |

| parent_id   | None                             |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password-prompt admin     //此步是设置admin密码,要记住密码

User Password:     //编者设置为123456

Repeat User Password:

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | default                          |

| enabled   | True                             |

| id        |8c0b8dc884f742bea6f882a2b487f092 |

| name      | admin                            |

+-----------+----------------------------------+

[root@controller ~]# openstack role create admin

+-------+----------------------------------+

| Field | Value                           |

+-------+----------------------------------+

| id    |4d8224cda53e4b29b6963163ed64af65 |

| name  | admin                            |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project admin --user adminadmin

4.3、创建一个普通用户

[root@controller ~]# openstack project create --domain default--description "Demo Project" kevin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          |1ee793c741f64d25be9010d59e4b5a3d |

| is_domain   | False                            |

| name        | kevin                            |

| parent_id   | None                             |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default--password=kevin kevin

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | default                          |

| enabled   | True                             |

| id        | c5baee07132c40f9841a607af1789ed6 |

| name      | kevin                            |

+-----------+----------------------------------+

[root@controller ~]# openstack role create user

+-------+----------------------------------+

| Field | Value                           |

+-------+----------------------------------+

| id    |ac35ef5dc2624526af25859497616ecd |

| name  | user                             |

+-------+----------------------------------+

[root@controller ~]# openstack role add --project kevin --user kevin user

[root@controller ~]# openstack project create --domain default--description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          |e88fa8670b704fe88c668ac4d6f9d499 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | None                             |

+-------------+----------------------------------+

4.4、查看验证

[root@controller ~]# openstack user list

+----------------------------------+-------+

| ID                              | Name  |

+----------------------------------+-------+

| 8c0b8dc884f742bea6f882a2b487f092 | admin |

| c5baee07132c40f9841a607af1789ed6 | kevin |

+----------------------------------+-------+

[root@controller ~]# openstack role list

+----------------------------------+-------+

| ID                              | Name  |

+----------------------------------+-------+

| 4d8224cda53e4b29b6963163ed64af65 | admin |

| ac35ef5dc2624526af25859497616ecd | user |

+----------------------------------+-------+

[root@controller ~]# openstack project list

+----------------------------------+---------+

| ID                              | Name    |

+----------------------------------+---------+

| 1ee793c741f64d25be9010d59e4b5a3d | kevin   |

| 69d1967e59d247e6b7c4c3937d5baa89 | admin   |

| e88fa8670b704fe88c668ac4d6f9d499 | service |

+----------------------------------+---------+

[root@controller ~]# openstack domain list

+---------+---------+---------+----------------------------------------------------------------------+

| ID      | Name    | Enabled | Description                                                         |

+---------+---------+---------+----------------------------------------------------------------------+

| default | Default | True    |Owns users and tenants (i.e. projects) available on Identity API v2. |

+---------+---------+---------+----------------------------------------------------------------------+

5、注册keystone服务

5.1、注册服务

下面的操作一个字也不要错

[root@controller ~]# openstack service create --name keystone--description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Identity               |

| enabled     | True                             |

| id          |121189562a324f5d9f6ef83c4755d671 |

| name        | keystone                         |

| type        | identity                         |

+-------------+----------------------------------+

[root@controller ~]#  openstackendpoint create --region RegionOne identity publichttp://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |6f4d026024e14082ada914b14bb0c9ff |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          | http://192.168.1.11:5000/v2.0    |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.11:5000/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |acc2890a596c406fb42f4926ad86937a |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          |http://192.168.1.11:5000/v2.0    |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOneidentity admin http://192.168.1.11:35357/v2.0

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           |f7f1182dd4c44cadac94345466275296 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   |121189562a324f5d9f6ef83c4755d671 |

| service_name | keystone                         |

| service_type | identity                         |

| url          |http://192.168.1.11:35357/v2.0   |

+--------------+----------------------------------+

5.2、查看验证

[root@controller ~]# openstack service list

+----------------------------------+----------+----------+

| ID                              | Name     | Type     |

+----------------------------------+----------+----------+

| 121189562a324f5d9f6ef83c4755d671 | keystone | identity |

+----------------------------------+----------+----------+

[root@controller ~]# openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

| ID                              | Region    | Service Name |Service Type | Enabled | Interface | URL                            |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

| 6f4d026024e14082ada914b14bb0c9ff | RegionOne | keystone     | identity     | True   | public    |http://192.168.1.11:5000/v2.0  |

| acc2890a596c406fb42f4926ad86937a | RegionOne | keystone     | identity     | True   | internal  | http://192.168.1.11:5000/v2.0  |

| f7f1182dd4c44cadac94345466275296 | RegionOne | keystone     | identity     | True   | admin     |http://192.168.1.11:35357/v2.0 |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

5.3、尝试连接keystone

[root@controller ~]# unset OS_TOKEN

[root@controller ~]# unset OS_URL

[root@controller ~]# openstack --os-auth-url http://192.168.1.11:35357/v3\

--os-project-domain-id default --os-user-domain-id default \

--os-project-name admin --os-username admin --os-auth-type password \

token issue

Password:

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    |2015-12-27T09:58:41.540674Z      |

| id         |ccca55a979da427b849ecd2957901f74 |

| project_id | 69d1967e59d247e6b7c4c3937d5baa89 |

| user_id    |8c0b8dc884f742bea6f882a2b487f092 |

+------------+----------------------------------+

5.4、配置环境变量

进行该步骤的原因是为了方便执行命令,否则必须输入一大串的参数

[root@controller ~]# vim admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://192.168.1.11:35357/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# vim kevin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=kevin

export OS_TENANT_NAME=kevin

export OS_USERNAME=kevin

export OS_PASSWORD=kevin

export OS_AUTH_URL=http://192.168.1.11:5000/v3

export OS_IDENTITY_API_VERSION=3

[root@controller ~]# chmod +x admin-openrc.sh kevin-openrc.sh

Linux运维开发群:298324302

北京linux运维求职招聘群:153677549

本文出自 “长街听风人” 博客,请务必保留此出处http://kevinhao.blog.51cto.com/5204735/1728834


推荐阅读
  • 解决JavaScript中法语字符排序问题
    在开发一个使用JavaScript、HTML和CSS的Web应用时,遇到从SQLite数据库中提取的法语词汇排序不正确的问题,特别是带重音符号的字母未按预期排序。 ... [详细]
  • mysql 授权!!
    为什么80%的码农都做不了架构师?MySQL的权限系统围绕着两个概念:认证-确定用户是否允许连接数据库服务器授权-确定用户是否拥有足够的权限执 ... [详细]
  • 在运行于MS SQL Server 2005的.NET 2.0 Web应用中,我偶尔会遇到令人头疼的SQL死锁问题。过去,我们主要通过调整查询来解决这些问题,但这既耗时又不可靠。我希望能找到一种确定性的查询模式,确保从设计上彻底避免SQL死锁。 ... [详细]
  • CentOS下ProFTPD的安装与配置指南
    本文详细介绍在CentOS操作系统上安装和配置ProFTPD服务的方法,包括基本配置、安全设置及高级功能的启用。 ... [详细]
  • 本文详细介绍了在 Ubuntu 16.04 系统上安装和配置 PostgreSQL 数据库的方法,包括如何设置监听地址、启用密码加密、更改默认用户密码以及调整客户端访问控制。 ... [详细]
  • 本文作为《WM平台上使用Sybase Anywhere 11》系列的第二篇,将继续探讨在Windows Mobile (WM) 系统中如何高效地操作Sybase Anywhere 11数据库。继上一篇关于安装与基本测试的文章之后,本篇将深入讲解数据库的具体操作方法。 ... [详细]
  • 本文将从基础概念入手,详细探讨SpringMVC框架中DispatcherServlet如何通过HandlerMapping进行请求分发,以及其背后的源码实现细节。 ... [详细]
  • 本文介绍了如何在两个Oracle数据库(假设为数据库A和数据库B)之间设置DBLink,以便能够从数据库A中直接访问和操作数据库B中的数据。文章详细描述了创建DBLink前的必要准备步骤以及具体的创建方法。 ... [详细]
  • 本文详细探讨了在Web开发中常见的UTF-8编码问题及其解决方案,包括HTML页面、PHP脚本、MySQL数据库以及JavaScript和Flash应用中的乱码问题。 ... [详细]
  • 本文探讨了在SQL Server 2008环境下,当尝试删除拥有数据库架构的用户时遇到的问题及解决方案,包括如何查询和更改架构所有权。 ... [详细]
  • 如何在U8系统中连接服务器并获取数据
    本文介绍了如何在U8系统中通过不同的方法连接服务器并获取数据,包括使用MySQL客户端连接实例的方法,如非SSL连接和SSL连接,并提供了详细的步骤和注意事项。 ... [详细]
  • Django与Python及其他Web框架的对比
    本文详细介绍了Django与其他Python Web框架(如Flask和Tornado)的区别,并探讨了Django的基本使用方法及与其他语言(如PHP)的比较。 ... [详细]
  • Oracle 10g 和 11g 32位 OCI.DLL 文件下载
    32位 PL/SQL Developer 访问 64位 Oracle 11g 数据库时,需要使用 32位的 OCI.DLL 文件以确保正常连接和数据访问。本文将详细介绍如何获取并配置此文件。 ... [详细]
  • 本文将详细介绍 SQL 中的 SUM 函数及其用法,并通过具体示例展示如何在实际场景中应用。 ... [详细]
  • 驱动程序的基本结构1、Windows驱动程序中重要的数据结构1.1、驱动对象(DRIVER_OBJECT)每个驱动程序会有唯一的驱动对象与之对应,并且这个驱动对象是在驱 ... [详细]
author-avatar
徐小倩是你叫的
这个家伙很懒,什么也没留下!
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有