私有云落地解决方案之openstack高可用(pike版本)-keystone
扶杜吟
作者:【吴业亮】
博客:https://wuyeliang.blog.csdn.net/
1、安装软件包(三个节点)
yum install memcached python-memcached -y
2、修改memcache配置文件(三个节点)
修改vim /etc/sysconfig/memcached配置文件
cat <<END > /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0"
END
3、启动服务并设置开机启动(三个节点)
systemctl enable memcached.service
systemctl restart memcached.service
4、安装keystone软件包(三个节点)
yum install openstack-keystone httpd mod_wsgi mod_ssl -y
5、修改httpd配置文件(三个节点)
# cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak
# sed -i "s/#ServerName www.example.com:80/ServerName ${HOSTNAME}/" /etc/httpd/conf/httpd.conf
节点1
# sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
节点2
sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
节点3
sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
6、创建数据库(任一节点)
mysql -u root -pChangeme_123
Create the keystone database:
MariaDB [(none)]> CREATE DATABASE keystone;
Grant proper access to the keystone database:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'Changeme_123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'Changeme_123';
7、修改配置文件(三个节点)
# cp -a /etc/keystone/keystone.conf /etc/keystone/keystone.conf_bak
# vi /etc/keystone/keystone.conf
[DEFAULT]
[assignment]
[auth]
[cache]
memcache_servers = node1:11211,node2:11211,node3:11211
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:Changeme_123@172.16.8.50/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
driver = memcache
[tokenless_auth]
[trust]
8、同步数据库(任一节点)
su -s /bin/sh -c "keystone-manage db_sync" keystone
9、初始化密钥(node1上执行)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
10、拷贝密钥(node1上执行)
# cd /etc/keystone/
# scp -r credential-keys/ fernet-keys/ node2:$PWD
# scp -r credential-keys/ fernet-keys/ node3:$PWD
11、赋予权限(节点2和3)
# chown keystone:keystone /etc/keystone/credential-keys/ -R
# chown keystone:keystone /etc/keystone/fernet-keys/ -R
12、初始化(任一节点)
# keystone-manage bootstrap --bootstrap-password Changeme_123 \
--bootstrap-admin-url http://172.16.8.50:35357/v3/ \
--bootstrap-internal-url http://172.16.8.50:5000/v3/ \
--bootstrap-public-url http://172.16.8.50:5000/v3/ \
--bootstrap-region-id RegionOne
注意不要有windows字符串 ,也可从该出复制后修改
https://docs.openstack.org/keystone/pike/install/keystone-install-rdo.html
13、创建文件/etc/httpd/conf.d/wsgi-keystone.conf(各个节点)
Listen 172.16.8.60:5000
Listen 172.16.8.60:35357
<VirtualHost 172.16.8.60:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost 172.16.8.60:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin /usr/bin/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
注意:替换各个节点的IP
14、启动服务并设置开机启动
# systemctl enable httpd.service
# systemctl restart httpd.service
创建文件~/keystonerc并写入如下内容
export OS_USERNAME=admin
export OS_PASSWORD=Changeme_123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://172.16.8.50:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
15、创建service项目
# openstack project create --domain default --description "Service Project" service
16、创建demo项目以及demo用户,并为用户创建密码
# openstack project create --domain default --description "Demo Project" demo
# openstack user create --domain default --password-prompt demo
17、创建user角色。并将demo用户赋予user角色
# openstack role create user
# openstack role add --project demo --user demo user
18、 验证
# unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://172.16.8.50:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://172.16.8.50:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
19、写入系统变量中(各个节点)
# echo "source ~/keystonerc " >> ~/.bash_profile
# source ~/.bash_profile
类似资料: