一.keystone安装
参考文档:http://www.aboutyun.com/thread-13080-1-1.html
http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
1.创建keystone数据库并授权
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_PASS';
exit;
2.安装keystone
openssl rand -hex 10
echo "manual" > /etc/init/keystone.override
apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache
vim /etc/keystone/keystone.conf
[DEFAULT]
verbose = True
admin_token = ADMIN_TOKEN(换成上面的token串)
[database]
connection = mysql://keystone:KEYSTONER_PASS(keystone)@controller/keystone
一定要注释掉否则会产生404(应该是,反正会报错):connection=sqlite:var/lib/keystone/keystone.db
[memcache]
servers = localhost:11211
[token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke
保存退出。
su -s /bin/sh -c "keystone-manage db_sync" keystone
以上都是在root权限下进行。
二.配置 Apache HTTP server
ServerName controller
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
mkdir -p /var/www/cgi-bin/keystone
curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod 755 /var/www/cgi-bin/keystone/*
service apache2 restart
rm -f /var/lib/keystone/keystone.db
三.创建服务实例与API endpoint
1.配置临时环境变量
export OS_TOKEN=此处为上面的token串
export OS_URL=http://controller:35357/v2.0
2.创建服务实例与API endpoint
penstack service create --name keystone --description "OpenStack Identity" identity(后面都是官网截取的图,自己的搭建的时候没截图,实际也是这样的)
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 4ddaae90388b4ebc9d252ec2252d8d10 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
openstack endpoint create --publicurl http://controller:5000/v2.0 --internalurl http://controller:5000/v2.0 --adminurl http://controller:35357/v2.0 --region RegionOne identity
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:35357/v2.0 |
| id | 57cfa543e7dc4b712c0ab137911bc4fe |
| internalurl | http://controller:5000/v2.0 |
| publicurl | http://controller:5000/v2.0 |
| region | RegionOne |
| service_id | 6f8de927262ac12f6066cfe70d99ac51 |
| service_name | keystone |
| service_type | identity |
+--------------+----------------------------------+
3.创建管理员租户(现在叫project)、用户、角色
openstack project create --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 343d245e850143a096806dfaefa9afdc |
| is_domain | False |
| name | admin |
| parent_id | None |
+-------------+----------------------------------+
openstack user create --password-prompt admin
User Password:(设置的admin)
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ac3377633149401296f6c0d92d79dc16 |
| name | admin |
+-----------+----------------------------------+
openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-----------+----------------------------------+
openstack role add --project admin --user admin admin
4.创建一个service租户
openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 894cdfa366d34e9d835d3de01e752262 |
| is_domain | False |
| name | service |
| parent_id | None |
+-------------+----------------------------------+
5.创建非管理员demo租户(project)
openstack project create --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ed0b60bf607743088218b0a533d5943f |
| is_domain | False |
| name | demo |
| parent_id | None |
+-------------+----------------------------------+
openstack user create --password-prompt demo
User Password:(设置的demo)
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 58126687cbcc4888bfa9ab73a2256f27 |
| name | demo |
+-----------+----------------------------------+
openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | user |
+-----------+----------------------------------+
openstack role add --project demo --user demo user
四.验证keystone安装部署
1.remove临时的脚本
为了安全,禁用临时token,编辑 /etc/keystone/keystone-paste.ini 文件 , 移除 admin_token_auth从 [pipeline:public_api], [pipeline:admin_api], 和 [pipeline:api_v3] 部分.(并不明白)
去掉环境变量OS_TOKEN 和 OS_URL
unset OS_TOKEN OS_URL
2.验证
不贴了,见网页:http://www.aboutyun.com/thread-13085-1-1.html
五. 创建openstack客户端环境变量脚本
创建admin脚本
vim admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS(我的是admin)
export OS_AUTH_URL=http://controller:35357/v3
export OS_REGION_NAME=RegionOne
vim demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS(我的是demo)
export OS_AUTH_URL=http://controller:5000/v3
export OS_REGION_NAME=RegionOne
source admin-openrc.sh
注意:以前搭建的,可以运行,如果上面写的有一些问题,谢谢指出来。