3 Openstack-Ussuri-Keystone部署-ubuntu1804
Keystone 的主要功能如下:
1 管理用户及其权限;
2 维护 OpenStack 服务的 Endpoint;
3 Authentication(认证)和 Authorization(鉴权)。
3.1 配置Keystone数据库
#使用root登陆数据库:
mysql -u root -p
#创建keystone数据库:
CREATE DATABASE keystone;
#授予对keystone数据库的访问权限,刷新退出数据库:
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone.123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone.123';
flush privileges;
exit
3.2 安装配置Keystone
#安装对应组件包
apt install keystone -y
#备份Keystone配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
egrep -v "^$|^#" /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
#配置Keystone配置文件,在对应项底下增加以下字段
#vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone.123@controller160/keystone
[token]
provider = fernet
#填充Keystone数据库,并初始化Fernet,无报错即为成功
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#验证keystone数据库是否正常写入:
mysql -h controller160 -ukeystone -pkeystone.123 -e "use keystone;show tables;"
#引导Identity service,这里将admin的密码设置为admin.123
keystone-manage bootstrap --bootstrap-password admin.123 \
--bootstrap-admin-url http://controller160:5000/v3/ \
--bootstrap-internal-url http://controller160:5000/v3/ \
--bootstrap-public-url http://controller160:5000/v3/ \
--bootstrap-region-id RegionOne
3.3 配置Http Server
#修改servername为主机名,如果不存在则添加在文末:
#vim /etc/apache2/apache2.conf
ServerName controller160
#启动Apache HTTP服务,并配置开机启动:
systemctl enable apache2.service
systemctl start apache2.service
systemctl status apache2.service
3.4 配置环境变量
#配置环境变量文件,这里使用的admin为上面引导创建的密码
#vim adminrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin.123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller160:5000/v3
export OS_IDENTITY_API_VERSION=3
#取消环境变量配置
#vim unsetadminrc.sh
unset OS_USERNAME
unset OS_PASSWORD
unset OS_PROJECT_NAME
unset OS_USER_DOMAIN_NAME
unset OS_PROJECT_DOMAIN_NAME
unset OS_AUTH_URL
unset OS_IDENTITY_API_VERSION
#查看是否设置成功
env |grep OS
3.5 创建域、项目、用户和角色
身份服务为每个OpenStack服务提供身份验证服务,其中包括服务使用域、项目、用户和角色的组合。
#keystone-manage引导步骤中,“默认”域已经存在,创建新域的方法是:
openstack domain create --description "An Example Domain" example
#执行完成后的正常提示
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 5916bd1699e749148d5df127662a3b47 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
#创建服务项目:
openstack project create --domain default --description "Service Project" service
#执行结果:
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 108d49a7bd5840ddb4cb7eae4e673b10 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#创建user角色
openstack role create user
#输出
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 0cd495c936f546b69731aaead35bf899 |
| name | user |
| options | {} |
+-------------+----------------------------------+
#查看角色
openstack role list
#输出
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 0cd495c936f546b69731aaead35bf899 | user |
| 250873c84a6c44f49b731cae406fb547 | reader |
| 629b9f90f7694f25a627dcb251b8fc76 | member |
| 9404d69aaf3c4751b3a424c54722324b | admin |
+----------------------------------+--------+
至此,Keystone已部署完毕,如有问题请联系我改正,感激不尽!
3.x 部署过程遇到的问题汇总
eg.1: