openstack pike安装keystone认证服务--centos 7.4 (三)

时间:2023-01-25 18:11:09

1.keystone安装

yum install  openstack-keystone httpd mod_wsgi memcached python-memcached  -y

2.memcached启动和设置

systemctl enable memcached

systemctl restart memcached

 netstat -antp|grep 11211

3.数据库配置,创建数据库、用户授权

mysql -u root -p******             #登陆mysql

create database keystone;

grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';

grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone';

flush privileges;

4.Keystone 配置

cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak

egrep -v "#|^$" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf   #去掉注释行和空行

vim /etc/keystone/keystone.conf 

[DEFAULT]admin_token = 123456789
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[memcache]
servers = controller:11211
[token]
provider = fernet
driver = memcache
su -s /bin/sh -c "keystone-manage db_sync" keystone   #初始化身份认证服务的数据库

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone   #初始化密钥存储库

#设置admin用户(管理用户)和密码keystone-manage bootstrap --bootstrap-password admin \  --bootstrap-admin-url http://controller:35357/v3/ \  --bootstrap-internal-url http://controller:5000/v3/ \  --bootstrap-public-url http://controller:5000/v3/ \  --bootstrap-region-id RegionOne
5.apache配置
echo "ServerName controller">>/etc/httpd/conf/httpd.conf  # httpd.conf配置httpd.conf服务器

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/   #wsgi-keystone.conf创建软连接httpd

systemctl enable httpd          #设置开机启动

systemctl restart httpd         #重启httpd服务

netstat -antp|egrep ':5000|:35357|:80'     #查看端口

6.创建 OpenStack 客户端admin环境脚本

echo "export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2">./admin-openstack.sh
source ./admin-openstack.sh

openstack token issue             #测试脚本是否生效

7.创建service项目,创建glance,nova,neutron,swift用户,并授权

(也可以后面装组件的时候再创建用户,授权)

openstack project create --domain default --description "Service Project" serviceopenstack user create --domain default --password=glance glanceopenstack role add --project service --user glance adminopenstack user create --domain default --password=nova novaopenstack role add --project service --user nova adminopenstack user create --domain default --password=neutron neutronopenstack role add --project service --user neutron adminopenstack user create --domain default --password=swift swiftopenstack role add --project service --user swift admin


标签:

相关文章