1970-01-01 08:00

 版权声明:本文为博主原创文章,谢绝转载。

在开源社区openstack官网的介绍中keystone作为第一个组件被介绍,足以显示其在整个OpenStack架构中的重要地位,那么今天就来给搭建讲解一个完整的openstack验证组件的配置文件方法,大家可以按照自己的实际情况进行修改。


本次的安装配置的内容是一个脚本,我把脚本的内容给大家完整的摘了出来,所以你也可以直接的复制粘贴里面的内容执行,同时你需要安装crudini这个软件包,在 Linux上执行yum -y install crudini 就可以完整该软件的安装,课程的环境如下所示:

  controller   eth0 10.37.129.10   eth1  10.211.55.10

  compute     eth0  10.37.129.11   eth1  10.211.55.11

 eth0为集群内通信的地址,即为私有地址, eth1是可以访问互联网的地址段,用于给云主机分配浮动地址,具体的操作步骤如下所示(该步骤是在控制节点操作):


yum install -y openstack-keystone httpd mod_wsgi

mysql -uroot -p123456 -e "create database IF NOT EXISTS keystone ;"

mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456' ;"

mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456' ;"

crudini --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:123456@controller/keystone

ADMIN_TOKEN=$(openssl rand -hex 10)

crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN

crudini --set /etc/keystone/keystone.conf token provider  fernet

su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

sed -i "s/#ServerName www.example.com:80/ServerName controller/g" /etc/httpd/conf/httpd.conf 

cat >/etc/httpd/conf.d/wsgi-keystone.conf<<- EOF

Listen 5000

Listen 35357

<VirtualHost *:5000>

    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        Require all granted

    </Directory>

</VirtualHost>

<VirtualHost *:35357>

    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        Require all granted

    </Directory>

</VirtualHost>

EOF

systemctl enable httpd.service

systemctl start httpd.service

export OS_TOKEN=$ADMIN_TOKEN

export OS_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

openstack service create --name keystone --description "OpenStack Identity" identity

openstack endpoint create --region RegionOne identity public http://controller:5000/v3 

openstack endpoint create --region RegionOne identity internal http://controller:5000/v3

openstack endpoint create --region RegionOne identity admin http://controller:35357/v3

openstack domain create --description "Default Domain" Default

openstack project create --domain Default --description "Admin Project" admin

openstack user create --domain Default  --password 123456 admin

openstack role create admin

openstack role add --project admin --user admin admin

openstack project create --domain Default --description "Service Project" service

openstack project create --domain Default --description "Demo Project" demo

openstack user create --domain Default --password 123456  demo

openstack role create user

openstack role add --project demo --user demo user

unset OS_TOKEN OS_URL

cat > /keystone_admin <<-EOF

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

EOF



 版权声明:本文为博主原创文章,谢绝转载。

评论