Ubuntu16.10安装Ocata之2:Keystone

  1. 云栖社区>
  2. 博客>
  3. 正文

Ubuntu16.10安装Ocata之2:Keystone

技术小阿哥 2017-11-19 15:52:00 浏览1274
展开阅读全文

1、创建Keystone数据库

root@controller:~# mysql -uroot -pzoomtech -e "CREATE DATABASE keystone"

root@controller:~# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'zoomtech'"

root@controller:~# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'zoomtech'"


2、安装配置Keystone

root@controller:~# apt install keystone -y

root@controller:~# vim /etc/keystone/keystone.conf

[database]

connection = mysql+pymysql://keystone:zoomtech@controller/keystone

[token]

provider = fernet


3、同步数据库

root@controller:~# su -s /bin/sh -c "keystone-manage db_sync" keystone


4、初始化fernet key

root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it

2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Current primary key is: 0

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Next primary key will be: 1

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0

root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it

2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/credential-keys/0']

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Current primary key is: 0

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Next primary key will be: 1

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0


5、创建keystone服务

root@controller:~# keystone-manage bootstrap --bootstrap-password zoomtech \

> --bootstrap-admin-url http://controller:35357/v3/ \

>   --bootstrap-internal-url http://controller:5000/v3/ \

>   --bootstrap-public-url http://controller:5000/v3/ \

>   --bootstrap-region-id RegionOne

2017-02-28 01:27:24.194 19639 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/pycadf/identifier.py:60: UserWarning: Invalid uuid. To ensure interoperability, identifiers should be a valid uuid.

  warnings.warn('Invalid uuid. To ensure interoperability, identifiers '

2017-02-28 01:27:24.224 19639 INFO keystone.cmd.cli [-] Created domain default

2017-02-28 01:27:24.260 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created project admin

2017-02-28 01:27:24.294 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created user admin

2017-02-28 01:27:24.301 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created role admin

2017-02-28 01:27:24.313 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Granted admin on admin to user admin.

2017-02-28 01:27:24.323 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created region RegionOne

2017-02-28 01:27:24.343 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created admin endpoint http://controller:35357/v3/

2017-02-28 01:27:24.357 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created internal endpoint http://controller:5000/v3/

2017-02-28 01:27:24.368 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created public endpoint http://controller:5000/v3/

2017-02-28 01:27:24.370 19639 INFO keystone.assignment.core [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.


6、配置Httpd

root@controller:~# vim /etc/apache2/apache2.conf

ServerName controller

root@controller:~# service apache2 restart


7、配置administrative帐号

root@controller:~# vim adminstrative.sh

export OS_USERNAME=admin

export OS_PASSWORD=zoomtech

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3


8、配置domain,project,users,roles

root@controller:~# source adminstrative.sh

root@controller:~# openstack project create --domain default   --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 53c21b5aaed24554973cec728bc93886 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

+-------------+----------------------------------+

root@controller:~# openstack project create --domain default \

>   --description "Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 8b610ce643254feba1621187fb0c4cc4 |

| is_domain   | False                            |

| name        | demo                             |

| parent_id   | default                          |

+-------------+----------------------------------+

root@controller:~# openstack user create --domain default \

>   --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | e75238fc214e4f48bc6bfa632aff1d15 |

| name                | demo                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

root@controller:~# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | 1952e288bc7f4f8b95286bfd217cd976 |

| name      | user                             |

+-----------+----------------------------------+

root@controller:~# openstack role add --project demo --user demo user

root@controller:~#


9、验证安装

root@controller:~# vim /etc/keystone/keystone-paste.ini

删除 [pipeline:public_api] 、[pipeline:admin_api] 、[pipeline:api_v3]字段中 admin_token_auth

root@controller:~# unset OS_AUTH_URL OS_PASSWORD

root@controller:~# openstack --os-auth-url http://controller:35357/v3 \

>   --os-project-domain-name default --os-user-domain-name default \

>   --os-project-name admin --os-username admin token issue

Password:

+------------+---------------------------------------------------------------------------+

| Field      | Value                                                                     |

+------------+---------------------------------------------------------------------------+

| expires    | 2017-02-28T02:38:40+0000                                                  |

| id         | gAAAAABYtNSgCEPdLgBPx_8i9FLN3KHvs4TC3SLjX3QCi35rLOAoIMVAZ5hmHRLe_vJagjtbu |

|            | 3MGMjmFLZ8utaCMqAb6guBlzAbWEwkp05NLGWKlTWR68_flZVyd3YiByfkxHSknlvdq7s5eMT |

|            | MNxhhCueQsmo2aWJnJxfwD9O12iRaDLNRERr4                                     |

| project_id | 56d3f276e94d48ffb014a6fe5776d0e5                                          |

| user_id    | 4da79077531f4f99ab0f7f00d0ffb043                                          |

+------------+---------------------------------------------------------------------------+

root@controller:~# openstack --os-auth-url http://controller:5000/v3 \

>   --os-project-domain-name default --os-user-domain-name default \

>   --os-project-name demo --os-username demo token issue

Password:

+------------+---------------------------------------------------------------------------+

| Field      | Value                                                                     |

+------------+---------------------------------------------------------------------------+

| expires    | 2017-02-28T02:39:02+0000                                                  |

| id         | gAAAAABYtNS2lYKPeLQtIf_jHWdmzivGWlvW5XZ4FvoymQAC0pS7EGWZefTPMfDTUQ3oipdCH |

|            | P4RaJperaptZdk_zk_d5GACcS5cUoEEXOW8KPFuO1d2_IH5wCD40xsGjkKZUYlRsOH9s4XvY5 |

|            | W6eig8v4FsSVs2SGcSGauUhZPo4LE-RhlIBdE                                     |

| project_id | 8b610ce643254feba1621187fb0c4cc4                                          |

| user_id    | e75238fc214e4f48bc6bfa632aff1d15                                          |

+------------+---------------------------------------------------------------------------+

root@controller:~#


10、创建环境变量脚本

root@controller:~# vim admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=zoomtech

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2


11、使用环境变量

root@controller:~# source admin-openrc

root@controller:~# openstack token issue

+------------+---------------------------------------------------------------------------+

| Field      | Value                                                                     |

+------------+---------------------------------------------------------------------------+

| expires    | 2017-02-28T02:46:13+0000                                                  |

| id         | gAAAAABYtNZlxRvnvkSwMO1VzBXrRimsTqzBdu4KZrxDA5rm2_u9Z_DxsINVpRAzqHrQXiRUL |

|            | OfvMEJ7tsPo2ygVFXwu76j72IlmnHyq30MaRm3t-1jc3wyntjhnAcJ05NrGHbCf6HLC-      |

|            | OIUaq8skMTlWu03I-suXJBbkPWW8jHcGrCX_Si1z6k                                |

| project_id | 56d3f276e94d48ffb014a6fe5776d0e5                                          |

| user_id    | 4da79077531f4f99ab0f7f00d0ffb043                                          |

+------------+-------


12、查看安装的服务

root@controller:~# openstack service list

+----------------------------------+----------+----------+

| ID                               | Name     | Type     |

+----------------------------------+----------+----------+

| 50bab5f4ef81410eb9af71bba516c270 | keystone | identity |

+----------------------------------+----------+----------+

root@controller:~# openstack user list

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| 4da79077531f4f99ab0f7f00d0ffb043 | admin |

| e75238fc214e4f48bc6bfa632aff1d15 | demo  |

+----------------------------------+-------+

root@controller:~# openstack project list

+----------------------------------+---------+

| ID                               | Name    |

+----------------------------------+---------+

| 53c21b5aaed24554973cec728bc93886 | service |

| 56d3f276e94d48ffb014a6fe5776d0e5 | admin   |

| 8b610ce643254feba1621187fb0c4cc4 | demo    |

+----------------------------------+---------+

root@controller:~#




本文转自 OpenStack2015 51CTO博客,原文链接:http://blog.51cto.com/andyliu/1902052,如需转载请自行联系原作者

网友评论

登录后评论
0/500
评论