[部署篇2]VMWare搭建Openstack——控制节点的KeyStone的安装
一、安装 OpenStack Identity Service
1. 约定: Keystone使用MySQL数据库存储相关数据,相关参数如下:
库名: keystone
账户: keystonedbadmin
密码: keystone4smtest
admin_token: SM_Token
2. 安装认证服务包
sudo apt-get install keystone -y
3. 编辑/etc/keystone/keystone.conf
sudo vi /etc/keystone/keystone.conf
更新db设置如下(注释掉原来的Sqlite信息):
[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://keystonedbadmin:[email protected]/keystone
4. 删除SQLite数据库
sudo rm /var/lib/keystone/keystone.db
5. 在MySQL中根据前面的约定参数值创建数据库、用户、并配置权限、设置密码
sudo mysql -uroot -p#db4smtest# -e 'CREATE DATABASE keystone;'
sudo mysql -uroot -p#db4smtest# -e 'CREATE USER keystonedbadmin;'
sudo mysql -uroot -p#db4smtest# -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'localhost' IDENTIFIED BY 'keystone4smtest';"
sudo mysql -uroot -p#db4smtest# -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%' IDENTIFIED BY 'keystone4smtest';"
sudo mysql -uroot -p#db4smtest# -e "SET PASSWORD FOR 'keystonedbadmin'@'%' = PASSWORD('keystone4smtest');"
注意:Keystone的用户名和密码也会贯穿OpenStack的其他组件,写入相关配置文件。
6. 创建Identity Service表
sudo keystone-manage db_sync
注意:通过这个步骤,会在MySQL的keystone数据库中创建一些表,正常情况下,执行该步骤会出现稍微的停顿,当然用户也可以进入mysql的keystone数据库下查看是否有相关表的生成,如果有就说明创建正确,如果没有,会影响后面的步骤执行。
sm@controller:~$ mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 43 Server version: 5.5.40-0ubuntu0.14.04 (Ubuntu) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | keystone | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.04 sec) mysql> use keystone; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------------+ | Tables_in_keystone | +-----------------------+ | assignment | | credential | | domain | | endpoint | | group | | migrate_version | | policy | | project | | region | | role | | service | | token | | trust | | trust_role | | user | | user_group_membership | +-----------------------+ 16 rows in set (0.00 sec)
7. 编辑/etc/keystone/keystone.conf
sudo vi /etc/keystone/keystone.conf
更新设置admin_token 为 SM_Token,如下:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token =SM_Token
更新设置log文件夹如下:
[DEFAULT]
log_dir = /var/log/keystone
简单的方法是,使用VI打开配置文件,在非编辑状态下,直接输入“/”然后输入log_dir,系统会自动定位到log_dir下,然后对log_dir取消注释,添加Value即可。以下所有的组件都需要这种方式,不再赘述。
8. 重启服务
sudo service keystone restart
注意;如果重启服务有问题,大部分就是相关的配置文件没有输入正确,要么是格式有问题,要么是值有问题,我们需要认真检查,后面所有的组件都可以参考!
9. 清除过期token,设置日志输出文件为 /var/log/keystone/keystone-tokenflush.log,命令如下:
(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush>/var/log/keystone/keystone-tokenflush.log 2>&1'
二、配置认证服务的用户、项目、角色
1. 输出环境变量
export OS_SERVICE_TOKEN=SM_Token
export OS_SERVICE_ENDPOINT=http://192.168.3.180:35357/v2.0
2. 定义admin的租间、用户、角色
创建一个名字为admin的租户 keystone tenant-create --name=admin --description="Admin Tenant"
sm@controller:~$ keystone tenant-create --name=admin --description="Admin Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | 05ec814379cd4935b50bad905b1fd203 | | name | admin | +-------------+----------------------------------+
创建一个admin的用户 keystone user-create --name=admin --pass=admin4smtest [email protected]
sm@controller:~$ keystone user-create --name=admin --pass=admin4smtest [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | 463c7566468f4cef88efec5312bac893 | | name | admin | | username | admin | +----------+----------------------------------+
创建一个admin的角色 keystone role-create --name=admin
sm@controller:~$ keystone role-create --name=admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 9a010a3589e94f7ca861a73b449f9bb7 | | name | admin | +----------+----------------------------------+
将相关信息关联在一起
keystone user-role-add --user=admin --tenant=admin --role=admin
3. 定义Service的租间/项目
创建一个service租户
keystone tenant-create --name=service --description="Service Tenant"
sm@controller:~$ keystone tenant-create --name=service --description="Service Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 3e7237a5a47243b8b338e5b4bf2fef09 | | name | service | +-------------+----------------------------------+
4. 创建服务
keystone service-create --name=keystone --type=identity --description="OpenStack Identity Service"
sm@controller:~$ keystone service-create --name=keystone --type=identity --description="OpenStack Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Identity Service | | enabled | True | | id | 294fdb24e0204abeb98dc0755cef543b | | name | keystone | | type | identity | +-------------+----------------------------------+
5. 创建接入端点
keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://192.168.3.180:5000/v2.0 --internalurl=http://192.168.3.180:5000/v2.0 --adminurl=http://192.168.3.180:35357/v2.0
sm@controller:~$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://192.168.3.180:5000/v2.0 --internalurl=http://192.168.3.180:5000/v2.0 --adminurl=http://192.168.3.180:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.3.180:35357/v2.0 |
| id | 56d18d9e9e3b4762bb0e861bf5fde196 |
| internalurl | http://192.168.3.180:5000/v2.0 |
| publicurl | http://192.168.3.180:5000/v2.0 |
| region | regionOne |
| service_id | 294fdb24e0204abeb98dc0755cef543b |
+-------------+----------------------------------+
三、测试【各个节点】
1. 创建一个环境变量脚本文件 admin-openrc.sh,内容如下:
export OS_USERNAME=admin
export OS_PASSWORD=admin4smtest
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.3.180:35357/v2.0
2. 使用 admin-openrc.sh
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
1) 读入环境变量
source admin-openrc.sh
2) 获取token
keystone token-get
3) 查看用户列表
keystone user-list
sm@controller:~$ keystone user-list +----------------------------------+-------+---------+------------+ | id | name | enabled | email | +----------------------------------+-------+---------+------------+ | 463c7566468f4cef88efec5312bac893 | admin | True | [email protected] | +----------------------------------+-------+---------+------------+
keystone user-role-list --user admin --tenant admin
sm@controller:~$ keystone user-role-list --user admin --tenant admin +----------------------------------+-------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------+----------------------------------+----------------------------------+ | 9a010a3589e94f7ca861a73b449f9bb7 | admin | 463c7566468f4cef88efec5312bac893 | 05ec814379cd4935b50bad905b1fd203 | +----------------------------------+-------+----------------------------------+----------------------------------+
3. 查看日志
sudo cat /var/log/keystone/keystone-all.log
四、其他
#如果安装keystone出错了,可以通过下列命令彻底删除keystone
apt-get remove -y keystone python-keystone python-keystoneclient
sudo dpkg -l |grep keystone|awk '{print $2}'|sudo xargs dpkg -P