手动安装liberty版本openstack环境（allinone）---安装keystone

作者：【吴业亮】云计算开发工程师
博客：http://blog.csdn.net/wylfengyujianche
1、创建keystone数据库

# mysql -uroot -pDBPASSWORD -e "CREATE DATABASE keystone;" 

注意将DBPASSWORD替换为自己的数据库密码
2、创建数据库用户及赋予权限

# mysql -uroot -pDBPASSWORD -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Changeme_123';" 
# mysql -uroot -pChangeme_123 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Changeme_123';"   

注意将DBPASSWORD替换为自己的数据库密码，Changeme_123为用户密码
3、安装keystone相关软件包

# yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y

4、启动memcached，并设置开机启动

# systemctl enable memcached.service 
# systemctl start memcached.service 

5、安装openstack文件配置工具

# yum install -y openstack-utils

6、生成token

# ADMIN_TOKEN=c5e3192e2fa2eda7500d

7、配置/etc/keystone/keystone.conf文件

# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN 

# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:Changeme_123@$HOSTNAME/keystone 
# openstack-config --set /etc/keystone/keystone.conf memcache servers localhost:11211
# openstack-config --set /etc/keystone/keystone.conf token provider uuid
# openstack-config --set /etc/keystone/keystone.conf token driver memcache
# openstack-config --set /etc/keystone/keystone.conf revoke driver sql 
# openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True 

8、同步keystone数据库

# su -s /bin/sh -c "keystone-manage db_sync" keystone 

9、配置http服务

# sed -i  "s/#ServerName www.example.com:80/ServerName ${HOSTNAME}/" /etc/httpd/conf/httpd.conf

10、创建/etc/httpd/conf.d/wsgi-keystone.conf ，并写入如下内容

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

11、启动httpd，并设置开机启动

# systemctl enable httpd.service 
# systemctl start httpd.service 

12、导入环境变量

# export OS_TOKEN=c5e3192e2fa2eda7500d
# export OS_URL=http://${HOSTNAME}:35357/v3
# export OS_IDENTITY_API_VERSION=3

13、创建keystone服务

# openstack service create --name keystone --description "OpenStack Identity" identity

14、创建endpoint

# openstack endpoint create --region RegionOne identity public http://${HOSTNAME}:5000/v2.0 # openstack endpoint create --region RegionOne identity internal http://${HOSTNAME}:5000/v2.0 # openstack endpoint create --region RegionOne identity admin http://${HOSTNAME}:35357/v2.0

15、创建admin项目

# openstack project create --domain default --description "Admin Project" admin

16、创建admin用户

openstack user create --domain default admin --password Changeme_123

注意：Changeme_123为admin用户密码
17、创建admin角色及将admin用户赋予admin角色

# openstack role create admin
# openstack role add --project admin --user admin admin

18、创建service项目

# openstack project create --domain default --description "Service Project" service

19、创建demo项目

# openstack project create --domain default --description "Demo Project" demo

20、创建demo用户

# openstack user create --domain default demo --password Changeme_123

注意：Changeme_123为demo用户密码
21、创建user角色将demo用户赋予user角色

# openstack role create user # openstack role add --project demo --user demo user

22、验证keystone

# unset OS_TOKEN OS_URL
# openstack --os-auth-url http://${HOSTNAME}:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin token issue --os-password Changeme_123
# openstack --os-auth-url http://${HOSTNAME}:5000/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name demo --os-username demo token issue --

注意：此处需要输入admin和demo的密码。
23、创建admin用户环境变量，创建/root/admin-openrc.sh 文件并写入如下内容

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=Changeme_123
export OS_AUTH_URL=http://${HOSTNAME}:35357/v3
export OS_IDENTITY_API_VERSION=3

24、创建demo用户环境变量，创建/root/demo-openrc.sh 文件并写入下列内容

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=Changeme_123
export OS_AUTH_URL=http://${HOSTNAME}:5000/v3
export OS_IDENTITY_API_VERSION=3

25、验证

# source ~/admin-openrc.sh
# openstack token issue