在开源社区openstack官网的介绍中keystone作为第一个组件被介绍,足以显示其在整个OpenStack架构中的重要地位,那么今天就来给搭建讲解一个完整的openstack验证组件的配置文件方法,大家可以按照自己的实际情况进行修改。
本次的安装配置的内容是一个脚本,我把脚本的内容给大家完整的摘了出来,所以你也可以直接的复制粘贴里面的内容执行,同时你需要安装crudini这个软件包,在 Linux上执行yum -y install crudini 就可以完整该软件的安装,课程的环境如下所示:
controller eth0 10.37.129.10 eth1 10.211.55.10
compute eth0 10.37.129.11 eth1 10.211.55.11
eth0为集群内通信的地址,即为私有地址, eth1是可以访问互联网的地址段,用于给云主机分配浮动地址,具体的操作步骤如下所示(该步骤是在控制节点操作):
yum install -y openstack-keystone httpd mod_wsgi
mysql -uroot -p123456 -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456' ;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456' ;"
crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:123456@controller/keystone
ADMIN_TOKEN=$(openssl rand -hex 10)
crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
crudini --set /etc/keystone/keystone.conf token provider fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sed -i "s/#ServerName www.example.com:80/ServerName controller/g" /etc/httpd/conf/httpd.conf
cat >/etc/httpd/conf.d/wsgi-keystone.conf<<- EOF
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
EOF
systemctl enable httpd.service
systemctl start httpd.service
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
openstack domain create --description "Default Domain" Default
openstack project create --domain Default --description "Admin Project" admin
openstack user create --domain Default --password 123456 admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain Default --description "Service Project" service
openstack project create --domain Default --description "Demo Project" demo
openstack user create --domain Default --password 123456 demo
openstack role create user
openstack role add --project demo --user demo user
unset OS_TOKEN OS_URL
cat > /keystone_admin <<-EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
版权声明:本文为博主原创文章,谢绝转载。