環境準備
目前Openstack最新版本為KILO,先安裝KILO的Repository:
[root@keystone ~]# rpm -ivh http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm
安裝Mariadb :
[root@keystone ~]# yum install mariadb mariadb-server MySQL-python -y
修改my.cnf :
[root@keystone ~]# vim /etc/my.cnf
[mysqld]
...
# near line 10 add
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
啟動MariaDB並初始化設定:
[root@keystone ~]# systemctl enable mariadb.service
[root@keystone ~]# systemctl start mariadb.service
[root@keystone ~]# mysql_secure_installation
建立keystone資料庫,並新增一個keystone的使用者 :
[root@keystone ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'YOURPASSWORD';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'YOURPASSWORD';
安裝Keystone
安裝套件 :
[root@keystone ~]# yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached -y
新版的安裝建議使用apache的wsgi模組啟動keystone,因此安裝httpd與mod_wsgi這兩個套件。
設定keystone.conf :
[root@keystone ~]# vim /etc/keystone/keystone.conf
#line 12 uncomment
admin_token = YOURTOKEN
# line 419 uncomment
connection = mysql://keystone:YOURPASSWORD@localhost/keystone
#line 12 uncomment
admin_token = YOURTOKEN
# line 419 uncomment
connection = mysql://keystone:YOURPASSWORD@localhost/keystone
# line 1126 uncomment
servers = localhost:11211
# line 1496 uncomment
driver = keystone.contrib.revoke.backends.sql.Revoke
# line 1685 uncomment
provider = keystone.token.providers.uuid.Provider
# line 1688 uncomment
driver = keystone.token.persistence.backends.memcache.Token
啟動memcached :
[root@keystone ~]# systemctl enable memcached.service
[root@keystone ~]# systemctl start memcached.service
[root@keystone ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
設定apache mod_wsgi
新增一個wsgi的apache設定檔 :
[root@keystone ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
# add following
# add following
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
建立執行的資料夾,並下載執行檔 :
[root@keystone ~]# mkdir -p /var/www/cgi-bin/keystone
[root@keystone ~]# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
[root@keystone ~]# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
修改權限並啟動apache :
[root@keystone ~]# chown -R keystone:keystone /var/www/cgi-bin/keystone
[root@keystone ~]# chmod 755 /var/www/cgi-bin/keystone/*
[root@keystone ~]# chmod 755 /var/www/cgi-bin/keystone/*
[root@keystone ~]# systemctl enable httpd.service
[root@keystone ~]# systemctl start httpd.service
到目前為止我們已經將Keystone的服務設定完畢,接下來我們將新增一個admin的使用者。
新增admin使用者
[root@keystone ~]# vim ~/.keystone-admin-token
# add following
export OS_TOKEN=YOURTOKEN
export =http://localhost:35357/v2.0
[root@keystone ~]# source ~/.keystone-admin-token
# add following
export OS_TOKEN=YOURTOKEN
export =http://localhost:35357/v2.0
建立一個keystone的service :
[root@keystone ~]# openstack service create --name keystone --description "OpenStack Identity" identity
建立Endpoint ,若前端有Load balance的伺服器,則改成Load balance伺服器的IP或DNS名稱:
[root@keystone ~]# openstack endpoint create \
--publicurl http://192.168.10.221:5000/v2.0 \
--internalurl http://192.168.10.221:5000/v2.0 \
--adminurl http://192.168.10.221:35357/v2.0 \
--region RegionOne \
identity
--publicurl http://192.168.10.221:5000/v2.0 \
--internalurl http://192.168.10.221:5000/v2.0 \
--adminurl http://192.168.10.221:35357/v2.0 \
--region RegionOne \
identity
建立一個admin的project與user,並設定密碼:
[root@keystone ~]# openstack project create --description "Admin Project" admin
[root@keystone ~]# openstack user create --password-prompt admin
User Password: YOURADMINPASSWORD
Repeat User Password: YOURADMINPASSWORD
[root@keystone ~]# openstack user create --password-prompt admin
User Password: YOURADMINPASSWORD
Repeat User Password: YOURADMINPASSWORD
建立一個admin的role,並將admin user加到此role :
[root@keystone ~]# openstack role create admin
[root@keystone ~]# openstack role add --project admin --user admin admin
[root@keystone ~]# openstack role add --project admin --user admin admin
新增admin的user後,要先將之前載入的keystone環境變數清掉,才能進行後面的測試 :
[root@keystone ~]# unset OS_TOKEN
[root@keystone ~]# unset OS_URL
[root@keystone ~]# unset OS_URL
測試
新增並載入admin user登入的環境變數檔 :
[root@keystone ~]# vim ~/.keystone-admin
# add following
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=YOURADMINPASSWORD
export OS_AUTH_URL=http://localhost:35357/v3
[root@keystone ~]# source ~/.keystone-admin
# add following
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=YOURADMINPASSWORD
export OS_AUTH_URL=http://localhost:35357/v3
查看user屬於哪一個Project與Role :
[root@keystone ~]# openstack user role list
+------------------------------------------------+--------+----------+---------+
| ID | Name | Project | User |
+------------------------------------------------+--------+----------+---------+
| c3704f46fa2846e99a8060f4a451d177 | admin | admin | admin |
+------------------------------------------------+--------+----------+---------+
+------------------------------------------------+--------+----------+---------+
| ID | Name | Project | User |
+------------------------------------------------+--------+----------+---------+
| c3704f46fa2846e99a8060f4a451d177 | admin | admin | admin |
+------------------------------------------------+--------+----------+---------+
沒有留言:
張貼留言