Shulou(Shulou.com)06/02 Report--

The third part installs the identity authentication service keystone

Note: before starting to install specific OpenStack services, please back up the two vmware-workstation virtual machines that we have already installed.

Backup virtual machine

Shut down the two virtual machines, then locate the installed virtual machine file directory in windows Explorer (here is d:\ OpenStack-Train), and copy one to the other disk as a backup.

Backup virtual machine folder

Make a good backup

After the backup, turn on the virtual machine of the control node (do not open the virtual machine of the compute node for the time being to prevent the service from being installed into the wrong host)

Do the following on the control node to install keystone

Establish keystone database

Mysql-u root-p

MariaDB [(none)] > CREATE DATABASE keystone

Database authorization

MariaDB [(none)] > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY' KEYSTONE_DBPASS'

MariaDB [(none)] > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY' KEYSTONE_DBPASS'

Install the keystone package

Yum install openstack-keystone httpd mod_wsgi-y

Modify the configuration file

Cp / etc/keystone/keystone.conf / etc/keystone/keystone.conf.bak

Grep-Ev'^ $| #'/ etc/keystone/keystone.conf.bak > / etc/keystone/keystone.conf

Vim / etc/keystone/keystone.conf

Add the following two lines in the [database] and [token] areas:

[database]

Connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@ct/keystone

[token]

Provider = fernet

Populate the database

Su-s / bin/sh-c "keystone-manage db_sync" keystone

After the above command is executed, you can check the mysql database to see if there are tables in the keystone database. If so, the database is populated successfully.

Initialize the Fernet KeyStore

This is a new feature of the new version of OpenStack, where keystone no longer uses a simple string as a temporary token, but instead uses the user of the fernet created below to run keystone. At the same time, keystone no longer uses different ports 5000 and 35357 for service endpoints of administrator users and ordinary users, but only uses port 5000 instead of port 35357.

Keystone-manage fernet_setup-- keystone-user keystone--keystone-group keystone

Keystone-manage credential_setup-- keystone-user keystone--keystone-group keystone

Keystone-manage bootstrap--bootstrap-password ADMIN_PASS-- bootstrap-admin-url http://ct:5000/v3/-- bootstrap-internal-url http://ct:5000/v3/-- bootstrap-public-url http://ct:5000/v3/-- bootstrap-region-id RegionOne (total 5 parameters)

Modify apache configuration

Vim / etc/httpd/conf/httpd.conf

Uncomment and modify:

ServerName ct

Create a wsgi profile soft link

Ln-s / usr/share/keystone/wsgi-keystone.conf / etc/httpd/conf.d/

Boot and Boot self-boot apache

Systemctl enable httpd.service

Systemctl restart httpd.service

Initialize environment variables

Export OS_USERNAME=admin

Export OS_PASSWORD=ADMIN_PASS

Export OS_PROJECT_NAME=admin

Export OS_USER_DOMAIN_NAME=Default

Export OS_PROJECT_DOMAIN_NAME=Default

Export OS_AUTH_URL= http://ct:5000/v3

Export OS_IDENTITY_API_VERSION=3

Create service projects and roles

The default field, the admin project, and the admin user have been created when the Fernet KeyStore is initialized above. (the following three commands must initialize the environment variables above before they can be executed successfully.)

Create the project used by the service (note: this step is different from that described in the official documentation)

Openstack project create-domain default-description "Service Project" service

Create a user role

Openstack role create user

Do not create projects and users for ordinary users for the time being

Verify the keystone service

Unset OS_AUTH_URL OS_PASSWORD

Openstack-os-auth-url http://ct:5000/v3-os-project-domain-name Default-os-user-domain-name Default-os-project-name admin-os-username admin token issue

Password: ADMIN_PASS

You can get the token description that keystone was installed successfully.

Create a client environment variable script

Vim admin-openrc

Join:

Export OS_PROJECT_DOMAIN_NAME=Default

Export OS_USER_DOMAIN_NAME=Default

Export OS_PROJECT_NAME=admin

Export OS_USERNAME=admin

Export OS_PASSWORD=ADMIN_PASS

Export OS_AUTH_URL= http://ct:5000/v3

Export OS_IDENTITY_API_VERSION=3

Export OS_IMAGE_API_VERSION=2

Use script

. Admin-openrc (note the previous ".", of course, you can also use the source admin-openrc command)

Openstack token issue

Token can also be obtained.

Further check, use the command: curl http://ct:5000, directly access the API address of keystone, and return json to indicate that the installation is successful.

At this point, the keystone service has been installed successfully. Install the image service glance in the next section.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.