本帖最后由 pig2 于 2015-9-23 17:32 编辑
问题导读
1.思考sql授权的作用?
2.keystone安装分为几个步骤?
3.安装中如果不创建数据库,会产生什么现象?
配置准备
1.创建数据库,完成下面内容
a.登录mysql
[mw_shl_code=bash,true]mysql -u root -p[/mw_shl_code]
b.创建keystone数据库
[mw_shl_code=bash,true]CREATE DATABASE keystone;[/mw_shl_code]
c.授权,允许本地及远程服务器访问mysql
[mw_shl_code=bash,true]GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';[/mw_shl_code]
KEYSTONE_DBPASS 密码替换为自己设置的密码
d.退出mysql
[mw_shl_code=actionscript3,true]exit[/mw_shl_code]
2.生成临时token
[mw_shl_code=bash,true] openssl rand -hex 10[/mw_shl_code]
安装配置keystone服务组件
1.运行下面命令,安装包
[mw_shl_code=bash,true]yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached[/mw_shl_code]
2.开启和配置Memcached 服务
[mw_shl_code=bash,true]systemctl enable memcached.service
systemctl start memcached.service[/mw_shl_code]
3. 编辑文件/etc/keystone/keystone.conf,完成下面内容
a.在 [DEFAULT] 部分,初始化admin临时token
[mw_shl_code=bash,true][DEFAULT]
...
admin_token = ADMIN_TOKEN[/mw_shl_code]
也就是执行openssl rand -hex 10后获取的字符串,替换ADMIN_TOKEN
b.在[database]部分,配置数据库访问
[mw_shl_code=bash,true][database]
...
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone[/mw_shl_code]
KEYSTONE_DBPASS替换为自己设置的数据库密码
c.在[memcache]部分,配置Memcache 服务
[mw_shl_code=bash,true][memcache]
...
servers = localhost:11211[/mw_shl_code]
d.在 [token]部分,配置UUID token 驱动 和 Memcached 驱动:
[mw_shl_code=bash,true][token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token[/mw_shl_code]
e.在 [revoke]部分,配置SQL revocation 驱动
[mw_shl_code=bash,true][revoke]
...
driver = keystone.contrib.revoke.backends.sql.Revoke[/mw_shl_code]
f.在[DEFAULT]部分,启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
4.同步数据库
[mw_shl_code=bash,true]su -s /bin/sh -c "keystone-manage db_sync" keystone[/mw_shl_code]
##############################################################
配置 Apache HTTP server
1.编辑文件/etc/httpd/conf/httpd.conf,配置ServerName
[mw_shl_code=bash,true]ServerName controller[/mw_shl_code]
2.创建文件 /etc/httpd/conf.d/wsgi-keystone.conf,完成下面内容
[mw_shl_code=bash,true]Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>[/mw_shl_code]
3.创建WSGI 目录结构
[mw_shl_code=bash,true] mkdir -p /var/www/cgi-bin/keystone[/mw_shl_code]
4.下载组件到WSGI 目录结构
[mw_shl_code=bash,true] curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
| tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin[/mw_shl_code]
下载不成功,后面组件安装会遇到问题
5.调整权限
[mw_shl_code=bash,true]chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod 755 /var/www/cgi-bin/keystone/*[/mw_shl_code]
完成安装
重启 Apache HTTP server:
[mw_shl_code=bash,true]systemctl enable httpd.service
systemctl start httpd.service[/mw_shl_code]
相关篇章
openstack【Kilo】入门 【准备篇】一:整体介绍【centos】
http://www.aboutyun.com/thread-15205-1-1.html
openstack【Kilo】入门 【准备篇】二:检测网络互通性【centos】
http://www.aboutyun.com/thread-15206-1-1.html
openstack【Kilo】入门 【准备篇】三:NTP安装【centos】
http://www.aboutyun.com/thread-15207-1-1.html
openstack【Kilo】入门 【准备篇】四:openstack包【centos】
http://www.aboutyun.com/thread-15210-1-1.html
openstack【Kilo】入门 【准备篇】五:mysql及rabbitmq安装【centos】
http://www.aboutyun.com/thread-15213-1-1.html
openstack【Kilo】入门 【keystone篇】六:keystone安装配置【centos】
http://www.aboutyun.com/thread-15214-1-1.html
openstack【Kilo】入门 【keystone篇】七:创建服务实例和API endpoint【centos】
http://www.aboutyun.com/thread-15215-1-1.html
openstack【Kilo】入门 【keystone篇】八:创建租户, 用户, 和角色【centos】
http://www.aboutyun.com/thread-15216-1-1.html
openstack【Kilo】入门 【keystone篇】九:验证keystone安装【centos】
http://www.aboutyun.com/thread-15233-1-1.html
openstack【Kilo】入门 【keystone篇】十:创建openstack客户端脚本【centos】
http://www.aboutyun.com/thread-15234-1-1.html
openstack【Kilo】入门 【glance篇】十一:安装配置glance【centos】
http://www.aboutyun.com/thread-15242-1-1.html
openstack【Kilo】入门 【glance篇】十二:glance安装验证【centos】
http://www.aboutyun.com/thread-15243-1-1.html
openstack【Kilo】入门 【nova篇】十三:nova安装配置1:控制节点【centos】
http://www.aboutyun.com/thread-15258-1-1.html
openstack【Kilo】入门 【nova篇】十四:nova安装配置2:计算节点【centos】
http://www.aboutyun.com/thread-15259-1-1.html
openstack【Kilo】入门 【neutron篇】十五:neutron安装配置:控制节点【centos】
http://www.aboutyun.com/thread-15260-1-1.html
openstack【Kilo】入门 【neutron篇】十六:neutron安装配置:网络节点【centos】
http://www.aboutyun.com/thread-15272-1-1.html
openstack【Kilo】入门 【neutron篇】十七:neutron安装配置:计算节点【centos】
http://www.aboutyun.com/thread-15330-1-1.html
openstack【Kilo】入门 【neutron篇】十八:实例化网络【centos】
http://www.aboutyun.com/thread-15342-1-1.html
openstack【Kilo】入门 【neutron篇】十九:dasboard安装配置【centos】
http://www.aboutyun.com/thread-15352-1-1.html
openstack【Kilo】入门 【neutron篇】二十:创建实例(neutron)【centos】
http://www.aboutyun.com/thread-15356-1-1.html
|