本节开始安装Keystone服务,Keystone用于管理OS内的全部权限,仅在CT01进行操作
1、安装mysql及pymysql
#安装mysql apt-get install mysql-server #修改配置文件 vi /etc/mysql/my.cnf #添加下面内容 [client] default-character-set=utf8 [mysqld] character-set-server=utf8 #重启mysql /etc/init.d/mysql restart #安装pymysql pip install pymysql
2、安装rabbitmq
#安装 apt install rabbitmq-server #并设置权限 rabbitmqctl add_user openstack openstack rabbitmqctl set_permissions openstack ".*" ".*" ".*"
3、安装memcached
#安装 apt install memcached python-memcache #修改配置文件 vi /etc/memcached.conf -l CT01 #重启服务 service memcached restart
4、创建Keystone库
CREATE DATABASE keystone CHARACTER SET utf8; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
5、安装Keysotne
apt install keystone
6、修改Keysotne配置文件
/etc/keystone/keystone.conf
[database] connection = mysql+pymysql://keystone:keystone@CT01/keystone [token] provider = fernet
7、初始化
#填充数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone keystone-manage bootstrap --bootstrap-password bootstrap --bootstrap-admin-url http://CT01:35357/v3/ --bootstrap-internal-url http://CT01:5000/v3/ --bootstrap-public-url http://CT01:5000/v3/ --bootstrap-region-id Region01 #删除不需要的库 rm -f /var/lib/keystone/keystone.db #进行配置 keystone-install-configure
8、运行下面的命令
export OS_USERNAME=admin export OS_PASSWORD=bootstrap export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://CT01:35357/v3 export OS_IDENTITY_API_VERSION=3
9、创建project、用户及角色
openstack project create --domain default --description "service os project" serviceproject openstack project create --domain default --description "user os project" userproject openstack user create --domain default --password-prompt user01 openstack role create user openstack role add --project userproject --user user01 user
10、禁用部分授权
/etc/keystone/keystone-paste.ini
#删掉下面节点中admin_token_auth的内容 [pipeline:public_api],[pipeline:admin_api],[pipeline:api_v3]
11、验证安装
unset OS_AUTH_URL OS_PASSWORD openstack --os-auth-url http://CT01:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue openstack --os-auth-url http://CT01:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name userproject --os-username user01 token issue
12、编写两个授权脚本
12.1、admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=bootstrap export OS_AUTH_URL=http://CT01:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
12.2、user01-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=userproject export OS_USERNAME=user01 export OS_PASSWORD=user01 export OS_AUTH_URL=http://CT01:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
12.3、验证
. admin-openrc openstack token issue . user01-openrc openstack token issue