基于OpenStack构建企业私有云（2）KeyStone安装配置

1.安装keystone

# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

2.设置Memcache开启启动并启动Memcached

[root@linux-node1 ~]# systemctl enable memcached.service

[root@linux-node1 ~]# vim /etc/sysconfig/memcached

PORT="11211"

USER="memcached"

MAXCONN="1024"

CACHESIZE="64"

OPTIONS="-l 192.168.56.11,::1"

[root@linux-node1 ~]# systemctl start memcached.service

3.Keystone配置

1）配置KeyStone数据库

[root@linux-node1 ~]# vim /etc/keystone/keystone.conf

[database]

connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone

2）设置Token和Memcached

[token]

provider = fernet

3）.同步数据库：

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"

4）初始化fernet keys

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5）初始化keystone

[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin \

 --bootstrap-admin-url http://192.168.56.11:35357/v3/ \

 --bootstrap-internal-url http://192.168.56.11:35357/v3/ \

 --bootstrap-public-url http://192.168.56.11:5000/v3/ \

 --bootstrap-region-id RegionOne

 6）.验证Keystone配置

[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf

connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone

provider = fernet

7）KeyStone启动 [root@linux-node1 ~]# vim /etc/httpd/conf/httpd.conf

ServerName 192.168.56.11:80

创建配置文件

[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动keystone，并查看端口。

[root@linux-node1 ~]# systemctl enable httpd.service

[root@linux-node1 ~]# systemctl start httpd.service

设置环境变量

[root@linux-node1 ~]# export OS_USERNAME=admin

[root@linux-node1 ~]# export OS_PASSWORD=admin

[root@linux-node1 ~]# export OS_PROJECT_NAME=admin

[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default

[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default

[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3

[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3

创建项目和demo用户

# openstack project create --domain default --description "Demo Project" demo

# openstack user create --domain default --password demo demo

# openstack role create user

# openstack role add --project demo --user demo user

创建Service项目

# openstack project create --domain default --description "Service Project" service

创建glance用户

# openstack user create --domain default --password glance glance

# openstack role add --project service --user glance admin

创建nova用户

# openstack user create --domain default --password nova nova

# openstack role add --project service --user nova admin

创建placement用户

# openstack user create --domain default --password placement placement

# openstack role add --project service --user placement admin

创建Neutron用户

# openstack user create --domain default --password neutron neutron

# openstack role add --project service --user neutron admin

创建cinder用户

# openstack user create --domain default --password cinder cinder

# openstack role add --project service --user cinder admin

验证Keystone

[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD

[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 \

--os-project-domain-name default --os-user-domain-name default \

--os-project-name admin --os-username admin token issue

Password:

…

[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 \

--os-project-domain-name default --os-user-domain-name default \

--os-project-name demo --os-username demo token issue

Password:

[root@linux-node1 ~]# vim /root/admin-openstack.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_AUTH_URL=http://192.168.56.11:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@linux-node1 ~]# vim /root/demo-openstack.sh

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://192.168.56.11:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@linux-node1 ~]# source admin-openstack.sh

[root@linux-node1 ~]# openstack token issue

[root@linux-node1 ~]# source demo-openstack.sh

[root@linux-node1 ~]# openstack token issue