三：OPENSTACK Queens部署keystone服务

Posted 2021-04-24 MisterChen

备注：在控制节点上操作

• 创建keystone数据库以及用户

[root@controller ~]# mysql -uroot -p

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';

• 安装keystone软件包

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi

• 编辑配置文件，填写到相对应的区块内

[root@controller ~]# vim /etc/keystone/keystone.conf

[database]

# ...

connection = mysql+pymysql://keystone:123456@controller/keystone

[token]

# ...

provider = fernet

• 初始化认证服务和数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

• 初始化令牌

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

• 定义管理服务

[root@controller ~]#keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

• 配置http服务，并配置wsgi模块软件连接

[root@controller ~]# vim /etc/httpd/conf/httpd.conf

ServerName controller

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

• 启动httpd服务

[root@controller ~]# systemctl enable httpd.service

[root@controller ~]# systemctl start httpd.service

• 创建admin环境变量

[root@controller ~]# vim admin_src

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

• 初始化变量

[root@controller ~]# . admin_src

• 创建一个域

[root@controller ~]# openstack domain create --description "An Example Domain" example

• 创建一个服务项目

[root@controller ~]# openstack project create --domain default --description "Service Project" service

• 创建一个demo项目

[root@controller ~]#  openstack project create --domain default --description "Demo Project" demo

• 创建demo用户

[root@controller ~]# openstack user create --domain default --password-prompt demo

User Password:

Repeat User Password:

• 创建user角色

[root@controller ~]# openstack role create user

• 将user角色赋予demo项目和demo用户

[root@controller ~]# openstack role add --project demo --user demo user

• 取消之前的变量

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

• 确认一下刚才操作是否生效

[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

• 创建一个demo环境变量

[root@controller ~]# vim demo_src

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=123456

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2