2. 安装 keystone(控制节点)— OpenStack Queens 三节点部署
keystone服务只需安装在控制节点上。
创建 keystone 数据库
root@controller:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 40
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# 添加数据库
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
# 创建keystone用户,并授权keystone数据库
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'root';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'root';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
安装keystone软件包
root@controller:~# apt install keystone python-openstackclient apache2 libapache2-mod-wsgi python-oauth2client -y
配置keystone
root@controller:~# vi /etc/keystone/keystone.conf
# 第606行,取消注释并添加控制节点IP
# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
# oslo_cache.memcache_pool backends only). (list value)
memcache_servers = 10.0.0.7:11211
# 第740行,取消注释并修改数据库连接信息
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
connection = mysql+pymysql://keystone:root@10.0.0.7/keystone
# 第2891行,添加以下信息
[token]
provider = fernet
# 保存退出
初始化数据库
root@controller:~# su -s /bin/bash keystone -c "keystone-manage db_sync"
初始化fernet密钥
root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动keystone服务(所有的密码都设置为root)
root@controller:~# keystone-manage bootstrap --bootstrap-password root \
--bootstrap-admin-url http://10.0.0.7:5000/v3/ \
--bootstrap-internal-url http://10.0.0.7:5000/v3/ \
--bootstrap-public-url http://10.0.0.7:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache httpd服务
root@controller:~# vi /etc/apache2/apache2.conf
# 第70行,设置主机名
#ServerRoot "/etc/apache2"
ServerName controller
# 保存退出
重启服务
root@controller:~# service apache2 restart
配置环境变量
添加环境变量文件
root@controller:~# vi ~/keystonerc
# 添加以下内容,并保存退出
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=root
export OS_AUTH_URL=http://10.0.0.7:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='\u@\h \W(keystone)\$ '
引入环境变量
root@controller:~# . keystonerc
root@controller ~(keystone)#
添加一个项目
root@controller ~(keystone)# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 2fae0cd7579441f88cab61f4291bfd17 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
验证配置
root@controller ~(keystone)# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2fae0cd7579441f88cab61f4291bfd17 | service |
| 460e4247a8984b2cbf1b35c3da7e6708 | admin |
+----------------------------------+---------+
参考
容器就很酷。
