作者:【吴业亮】云计算开发工程师
博客:http://blog.csdn.net/wylfengyujianche
1、创建keystone数据库
# mysql -uroot -pDBPASSWORD -e "CREATE DATABASE keystone;"
注意将DBPASSWORD替换为自己的数据库密码
2、创建数据库用户及赋予权限
# mysql -uroot -pDBPASSWORD -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Changeme_123';"
# mysql -uroot -pChangeme_123 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Changeme_123';"
注意将DBPASSWORD替换为自己的数据库密码,Changeme_123为用户密码
3、安装keystone相关软件包
# yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
4、启动memcached,并设置开机启动
# systemctl enable memcached.service
# systemctl start memcached.service
5、安装openstack文件配置工具
# yum install -y openstack-utils
6、生成token
# ADMIN_TOKEN=c5e3192e2fa2eda7500d
7、配置/etc/keystone/keystone.conf文件
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:Changeme_123@$HOSTNAME/keystone
# openstack-config --set /etc/keystone/keystone.conf memcache servers localhost:11211
# openstack-config --set /etc/keystone/keystone.conf token provider uuid
# openstack-config --set /etc/keystone/keystone.conf token driver memcache
# openstack-config --set /etc/keystone/keystone.conf revoke driver sql
# openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True
8、同步keystone数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone
9、配置http服务
# sed -i "s/#ServerName www.example.com:80/ServerName ${HOSTNAME}/" /etc/httpd/conf/httpd.conf
10、创建/etc/httpd/conf.d/wsgi-keystone.conf ,并写入如下内容
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
11、启动httpd,并设置开机启动
# systemctl enable httpd.service
# systemctl start httpd.service
12、导入环境变量
# export OS_TOKEN=c5e3192e2fa2eda7500d
# export OS_URL=http://${HOSTNAME}:35357/v3
# export OS_IDENTITY_API_VERSION=3
13、创建keystone服务
# openstack service create --name keystone --description "OpenStack Identity" identity
14、创建endpoint
# openstack endpoint create --region RegionOne identity public http://${HOSTNAME}:5000/v2.0 # openstack endpoint create --region RegionOne identity internal http://${HOSTNAME}:5000/v2.0 # openstack endpoint create --region RegionOne identity admin http://${HOSTNAME}:35357/v2.0
15、创建admin项目
# openstack project create --domain default --description "Admin Project" admin
16、创建admin用户
openstack user create --domain default admin --password Changeme_123
注意:Changeme_123为admin用户密码
17、创建admin角色及将admin用户赋予admin角色
# openstack role create admin
# openstack role add --project admin --user admin admin
18、创建service项目
# openstack project create --domain default --description "Service Project" service
19、创建demo项目
# openstack project create --domain default --description "Demo Project" demo
20、创建demo用户
# openstack user create --domain default demo --password Changeme_123
注意:Changeme_123为demo用户密码
21、创建user角色将demo用户赋予user角色
# openstack role create user # openstack role add --project demo --user demo user
22、验证keystone
# unset OS_TOKEN OS_URL
# openstack --os-auth-url http://${HOSTNAME}:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin token issue --os-password Changeme_123
# openstack --os-auth-url http://${HOSTNAME}:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo token issue --
注意:此处需要输入admin和demo的密码。
23、创建admin用户环境变量,创建/root/admin-openrc.sh 文件并写入如下内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=Changeme_123
export OS_AUTH_URL=http://${HOSTNAME}:35357/v3
export OS_IDENTITY_API_VERSION=3
24、创建demo用户环境变量,创建/root/demo-openrc.sh 文件并写入下列内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=Changeme_123
export OS_AUTH_URL=http://${HOSTNAME}:5000/v3
export OS_IDENTITY_API_VERSION=3
25、验证
# source ~/admin-openrc.sh
# openstack token issue