Shulou(Shulou.com)06/02 Report--

Start by explaining some basic tricks for installing the Opnstack service installation:

1. Database creation

2. Install the software package for the corresponding service and modify the configuration file

3. Create the appropriate service and register api

I. Database

Official document https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html

1. Create database and keystone users

Mysql-uroot-p123456MariaDB [(none)] > CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY' keystone123'

2. Test whether the connection can be made on the control side

Mysql-ukeystone-pkeystone123-hopenstack-mysql.heng.net

Install the software package for the corresponding service and modify the configuration file

1. Install the keystone software package on the control side

Yum install openstack-keystone httpd mod_wsgi # mod_wsgi is used for httpd to invoke python services

2. Modify keystone configuration file

Vi / etc/keystone/keystone.conf

[database] search the database section connection = mysql+pymysql://keystone:keystone123@openstack-mysql.heng.net/keystone [token] #... provider = fernet to remove comments

3. Generate tables in keystone database

Su-s / bin/sh-c "keystone-manage db_sync" keystone

4. Generate fernet verification file

Keystone-manage fernet_setup-keystone-user keystone--keystone-group keystonekeystone-manage credential_setup-keystone-user keystone--keystone-group keystone

5. Edit the apache configuration file

Vi / etc/httpd/conf/httpd.conf

ServerName 192.168.12.17:80

6. Create a soft connection to / usr/share/keystone/wsgi-keystone.conf, which is the configuration file for apache to call python and listens to port 5000

Ln-s / usr/share/keystone/wsgi-keystone.conf / etc/httpd/conf.d/ systemctl start httpd.servicesystemctl enable httpd.service

Create the appropriate service and register for api

1. Because Openstack does not have an account and password, keystone cannot provide authentication service. The purpose of passing authentication service is to obtain a token, so you can directly define a token to bypass authentication.

Openssl rand-hex 103fdcd4af381781fda580

Vi / etc/keystone/keystone.conf

Admin_token = 3fdcd4af381781fda580

After modification, synchronize the database again and write to the database

Su-s / bin/sh-c "keystone-manage db_sync" keystone

2. Check the log to see if there is any error.

Keystone log file:

Ll / var/log/keystone/keystone.log

3. Define environment variables

Export OS_TOKEN=3fdcd4af381781fda580export OS_URL= http://192.168.12.17:5000/v3export OS_IDENTITY_API_VERSION=3

Echo $OS_TOKEN confirm whether the setting is successful

4. Create a default domain

Openstack domain create-description "Default Domain" default

5. Create an admin project

Openstack project create-domain default-description "Admin Project" admin

6. Create an admin user and set the password to admin:

[root@controller1 ~] # openstack user create-- domain default-- password-prompt adminUser Password:Repeat User Password:

7. Create admin roles and authorize amdin users

Openstack role create adminopenstack role add-project admin-user admin admin

8. Create demo projects and users

Openstack project create-domain default-description "Demo Project" demoopenstack user create-domain default-password-prompt demoUser Password:Repeat User Password:openstack role create useropenstack role add-project demo-user demo user

9. Create a service project

Openstack project create-domain default-description "Service Project" service

10. Create a certification service

Openstack service create-- name keystone-- description "OpenStack Identity" identity [root@controller1 ~] # openstack service list # View current services

11. Register api to the authentication service

Openstack endpoint create-region RegionOne identity admin http://openstack-vip.heng.net:5000/v3openstack endpoint create-region RegionOne identity public http://openstack-vip.heng.net:5000/v3openstack endpoint create-region RegionOne identity internal http://openstack-vip.heng.net:5000/v3

12. Test whether keystone can do user authentication and open a new terminal

[root@controller1] # export OS_IDENTITY_API_VERSION= 3 [root @ controller1] # openstack-- os-auth-url http://openstack-vip.heng.net:5000/v3-- os-project-domain-name Default-- os-user-domain-name Default-- os-project-name admin-- os-username admin token issue

# if you enter this command to display the result without entering a password, it is successful

13. After you can authenticate a user, you do not need to specify token manually to manage it. The token in the file is no longer needed. Delete it.

Vi / etc/keystone/keystone.conf

14. A script that defines two environment variables, through which the variables are defined and the corresponding api is called

Vi scripts/admin-stein.sh

Export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL= http://openstack-vip.heng.net:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

Vi scripts/demo-stein.sh

Export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL= http://openstack-vip.heng.net:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

15. Script is used. This result indicates that the keystone service is installed successfully.

Source demo-stein.shopenstack token issue

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.