分享

openstack【Kilo】入门 【keystone篇】六:keystone安装配置【centos】

pig2 发表于 2015-9-13 17:26:47 [显示全部楼层] 回帖奖励 阅读模式 关闭右栏 0 21529
本帖最后由 pig2 于 2015-9-23 17:32 编辑

问题导读


1.思考sql授权的作用?
2.keystone安装分为几个步骤?
3.安装中如果不创建数据库,会产生什么现象?







配置准备

1.创建数据库,完成下面内容

a.登录mysql
[mw_shl_code=bash,true]mysql -u root -p[/mw_shl_code]

b.创建keystone数据库
[mw_shl_code=bash,true]CREATE DATABASE keystone;[/mw_shl_code]

c.授权,允许本地及远程服务器访问mysql
[mw_shl_code=bash,true]GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';[/mw_shl_code]

KEYSTONE_DBPASS 密码替换为自己设置的密码

d.退出mysql
[mw_shl_code=actionscript3,true]exit[/mw_shl_code]

2.生成临时token
[mw_shl_code=bash,true] openssl rand -hex 10[/mw_shl_code]

安装配置keystone服务组件

1.运行下面命令,安装包
[mw_shl_code=bash,true]yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached[/mw_shl_code]

2.开启和配置Memcached 服务

[mw_shl_code=bash,true]systemctl enable memcached.service
systemctl start memcached.service[/mw_shl_code]

3. 编辑文件/etc/keystone/keystone.conf,完成下面内容

a.在 [DEFAULT] 部分,初始化admin临时token
[mw_shl_code=bash,true][DEFAULT]
...
admin_token = ADMIN_TOKEN[/mw_shl_code]

也就是执行openssl rand -hex 10后获取的字符串,替换ADMIN_TOKEN

b.在[database]部分,配置数据库访问
[mw_shl_code=bash,true][database]
...
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone[/mw_shl_code]
KEYSTONE_DBPASS替换为自己设置的数据库密码

c.在[memcache]部分,配置Memcache 服务
[mw_shl_code=bash,true][memcache]
...
servers = localhost:11211[/mw_shl_code]


d.在 [token]部分,配置UUID token 驱动 和 Memcached 驱动:
[mw_shl_code=bash,true][token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token[/mw_shl_code]

e.在 [revoke]部分,配置SQL revocation 驱动
[mw_shl_code=bash,true][revoke]
...
driver = keystone.contrib.revoke.backends.sql.Revoke[/mw_shl_code]

f.在[DEFAULT]部分,启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]

4.同步数据库
[mw_shl_code=bash,true]su -s /bin/sh -c "keystone-manage db_sync" keystone[/mw_shl_code]

##############################################################


配置  Apache HTTP server

1.编辑文件/etc/httpd/conf/httpd.conf,配置ServerName
[mw_shl_code=bash,true]ServerName controller[/mw_shl_code]

2.创建文件 /etc/httpd/conf.d/wsgi-keystone.conf,完成下面内容
[mw_shl_code=bash,true]Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>[/mw_shl_code]


3.创建WSGI 目录结构
[mw_shl_code=bash,true] mkdir -p /var/www/cgi-bin/keystone[/mw_shl_code]


4.下载组件到WSGI 目录结构
[mw_shl_code=bash,true] curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
  | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin[/mw_shl_code]

下载不成功,后面组件安装会遇到问题

5.调整权限
[mw_shl_code=bash,true]chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod 755 /var/www/cgi-bin/keystone/*[/mw_shl_code]

完成安装

重启 Apache HTTP server:
[mw_shl_code=bash,true]systemctl enable httpd.service
systemctl start httpd.service[/mw_shl_code]
相关篇章

openstack【Kilo】入门 【准备篇】一:整体介绍【centos】
http://www.aboutyun.com/thread-15205-1-1.html


openstack【Kilo】入门 【准备篇】二:检测网络互通性【centos】
http://www.aboutyun.com/thread-15206-1-1.html


openstack【Kilo】入门 【准备篇】三:NTP安装【centos】
http://www.aboutyun.com/thread-15207-1-1.html



openstack【Kilo】入门 【准备篇】四:openstack包【centos】
http://www.aboutyun.com/thread-15210-1-1.html



openstack【Kilo】入门 【准备篇】五:mysql及rabbitmq安装【centos】
http://www.aboutyun.com/thread-15213-1-1.html



openstack【Kilo】入门 【keystone篇】六:keystone安装配置【centos】
http://www.aboutyun.com/thread-15214-1-1.html



openstack【Kilo】入门 【keystone篇】七:创建服务实例和API endpoint【centos】
http://www.aboutyun.com/thread-15215-1-1.html



openstack【Kilo】入门 【keystone篇】八:创建租户, 用户, 和角色【centos】
http://www.aboutyun.com/thread-15216-1-1.html



openstack【Kilo】入门 【keystone篇】九:验证keystone安装【centos】
http://www.aboutyun.com/thread-15233-1-1.html




openstack【Kilo】入门 【keystone篇】十:创建openstack客户端脚本【centos】
http://www.aboutyun.com/thread-15234-1-1.html



openstack【Kilo】入门 【glance篇】十一:安装配置glance【centos】
http://www.aboutyun.com/thread-15242-1-1.html



openstack【Kilo】入门 【glance篇】十二:glance安装验证【centos】
http://www.aboutyun.com/thread-15243-1-1.html




openstack【Kilo】入门 【nova篇】十三:nova安装配置1:控制节点【centos】
http://www.aboutyun.com/thread-15258-1-1.html



openstack【Kilo】入门 【nova篇】十四:nova安装配置2:计算节点【centos】
http://www.aboutyun.com/thread-15259-1-1.html



openstack【Kilo】入门 【neutron篇】十五:neutron安装配置:控制节点【centos】
http://www.aboutyun.com/thread-15260-1-1.html




openstack【Kilo】入门 【neutron篇】十六:neutron安装配置:网络节点【centos】
http://www.aboutyun.com/thread-15272-1-1.html



openstack【Kilo】入门 【neutron篇】十七:neutron安装配置:计算节点【centos】
http://www.aboutyun.com/thread-15330-1-1.html




openstack【Kilo】入门 【neutron篇】十八:实例化网络【centos】
http://www.aboutyun.com/thread-15342-1-1.html




openstack【Kilo】入门 【neutron篇】十九:dasboard安装配置【centos】
http://www.aboutyun.com/thread-15352-1-1.html




openstack【Kilo】入门 【neutron篇】二十:创建实例(neutron)【centos】
http://www.aboutyun.com/thread-15356-1-1.html




没找到任何评论,期待你打破沉寂

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

推荐上一条 /2 下一条