In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
The third part installs the identity authentication service keystone
Note: before starting to install specific OpenStack services, please back up the two vmware-workstation virtual machines that we have already installed.
Backup virtual machine
Shut down the two virtual machines, then locate the installed virtual machine file directory in windows Explorer (here is d:\ OpenStack-Train), and copy one to the other disk as a backup.
Backup virtual machine folder
Make a good backup
After the backup, turn on the virtual machine of the control node (do not open the virtual machine of the compute node for the time being to prevent the service from being installed into the wrong host)
Do the following on the control node to install keystone
Establish keystone database
Mysql-u root-p
MariaDB [(none)] > CREATE DATABASE keystone
Database authorization
MariaDB [(none)] > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY' KEYSTONE_DBPASS'
MariaDB [(none)] > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY' KEYSTONE_DBPASS'
Install the keystone package
Yum install openstack-keystone httpd mod_wsgi-y
Modify the configuration file
Cp / etc/keystone/keystone.conf / etc/keystone/keystone.conf.bak
Grep-Ev'^ $| #'/ etc/keystone/keystone.conf.bak > / etc/keystone/keystone.conf
Vim / etc/keystone/keystone.conf
Add the following two lines in the [database] and [token] areas:
[database]
Connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@ct/keystone
[token]
Provider = fernet
Populate the database
Su-s / bin/sh-c "keystone-manage db_sync" keystone
After the above command is executed, you can check the mysql database to see if there are tables in the keystone database. If so, the database is populated successfully.
Initialize the Fernet KeyStore
This is a new feature of the new version of OpenStack, where keystone no longer uses a simple string as a temporary token, but instead uses the user of the fernet created below to run keystone. At the same time, keystone no longer uses different ports 5000 and 35357 for service endpoints of administrator users and ordinary users, but only uses port 5000 instead of port 35357.
Keystone-manage fernet_setup-- keystone-user keystone--keystone-group keystone
Keystone-manage credential_setup-- keystone-user keystone--keystone-group keystone
Keystone-manage bootstrap--bootstrap-password ADMIN_PASS-- bootstrap-admin-url http://ct:5000/v3/-- bootstrap-internal-url http://ct:5000/v3/-- bootstrap-public-url http://ct:5000/v3/-- bootstrap-region-id RegionOne (total 5 parameters)
Modify apache configuration
Vim / etc/httpd/conf/httpd.conf
Uncomment and modify:
ServerName ct
Create a wsgi profile soft link
Ln-s / usr/share/keystone/wsgi-keystone.conf / etc/httpd/conf.d/
Boot and Boot self-boot apache
Systemctl enable httpd.service
Systemctl restart httpd.service
Initialize environment variables
Export OS_USERNAME=admin
Export OS_PASSWORD=ADMIN_PASS
Export OS_PROJECT_NAME=admin
Export OS_USER_DOMAIN_NAME=Default
Export OS_PROJECT_DOMAIN_NAME=Default
Export OS_AUTH_URL= http://ct:5000/v3
Export OS_IDENTITY_API_VERSION=3
Create service projects and roles
The default field, the admin project, and the admin user have been created when the Fernet KeyStore is initialized above. (the following three commands must initialize the environment variables above before they can be executed successfully.)
Create the project used by the service (note: this step is different from that described in the official documentation)
Openstack project create-domain default-description "Service Project" service
Create a user role
Openstack role create user
Do not create projects and users for ordinary users for the time being
Verify the keystone service
Unset OS_AUTH_URL OS_PASSWORD
Openstack-os-auth-url http://ct:5000/v3-os-project-domain-name Default-os-user-domain-name Default-os-project-name admin-os-username admin token issue
Password: ADMIN_PASS
You can get the token description that keystone was installed successfully.
Create a client environment variable script
Vim admin-openrc
Join:
Export OS_PROJECT_DOMAIN_NAME=Default
Export OS_USER_DOMAIN_NAME=Default
Export OS_PROJECT_NAME=admin
Export OS_USERNAME=admin
Export OS_PASSWORD=ADMIN_PASS
Export OS_AUTH_URL= http://ct:5000/v3
Export OS_IDENTITY_API_VERSION=3
Export OS_IMAGE_API_VERSION=2
Use script
. Admin-openrc (note the previous ".", of course, you can also use the source admin-openrc command)
Openstack token issue
Token can also be obtained.
Further check, use the command: curl http://ct:5000, directly access the API address of keystone, and return json to indicate that the installation is successful.
At this point, the keystone service has been installed successfully. Install the image service glance in the next section.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.