1、创建数据库
[root@controller ~]# mysql -u root -p
[root@controller ~]# CREATE DATABASE keystone;
[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'PWS';
[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'PWS';
[root@controller ~]# openssl rand -hex 10
2、安装keystone
yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached
3、启动memcache
# systemctl enable memcached.service
# systemctl start memcached.service
4、设置环境
-
Edit the
/etc/keystone/keystone.conffile and complete the following actions:-
In the
[DEFAULT]section, define the value of the initial administration token:
123[DEFAULT]...admin_token = ADMIN_TOKENReplace
ADMIN_TOKENwith the random value that you generated in a previous step. -
In the
[database]section, configure database access:123[database]...connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystoneReplace
KEYSTONE_DBPASSwith the password you chose for the database. -
In the
[memcache]section, configure the Memcache service:123[memcache]...servers = localhost:11211 -
In the
[token]section, configure the UUID token provider and Memcached driver:1234[token]...provider = keystone.token.providers.uuid.Providerdriver = keystone.token.persistence.backends.memcache.Token -
In the
[revoke]section, configure the SQL revocation driver:123[revoke]...driver = keystone.contrib.revoke.backends.sql.Revoke -
(Optional) To assist with troubleshooting, enable verbose logging in the
[DEFAULT]section:123[DEFAULT]...verbose = True
-
-
Populate the Identity service database:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
5、设置HTTP
- Edit the
/etc/httpd/conf/httpd.conffile and configure theServerNameoption to reference the controller node:ServerName
controller - Create the
/etc/httpd/conf.d/wsgi-keystone.conffile with the following content:Listen 5000
Listen 35357 <VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost> <VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost> - Create the directory structure for the WSGI components:
# mkdir -p /var/www/cgi-bin/keystone
- Copy the WSGI components from the upstream repository into this directory:
# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
| tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin - Adjust ownership and permissions on this directory and the files in it:
# chown -R keystone:keystone /var/www/cgi-bin/keystone
# chmod 755 /var/www/cgi-bin/keystone/*
- Restart the Apache HTTP server:
# systemctl enable httpd.service
# systemctl start httpd.service 6、设置HTTP