Ubuntu16.10安装Ocata之2：Keystone

1、创建Keystone数据库

root@controller:~# MysqL -uroot -pzoomtech -e "CREATE DATABASE keystone"

root@controller:~# MysqL -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'zoomtech'"

root@controller:~# MysqL -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'zoomtech'"

2、安装配置Keystone

root@controller:~# apt install keystone -y

root@controller:~# vim /etc/keystone/keystone.conf

[database]

connection = MysqL+pyMysqL://keystone:zoomtech@controller/keystone

[token]

provider = fernet

3、同步数据库

root@controller:~# su -s /bin/sh -c "keystone-manage db_sync" keystone

4、初始化fernet key

root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it

2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp

2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Current primary key is: 0

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Next primary key will be: 1

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1

2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0

root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it

2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/credential-keys/0']

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp

2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Current primary key is: 0

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Next primary key will be: 1

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1

2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0

5、创建keystone服务

root@controller:~# keystone-manage bootstrap --bootstrap-password zoomtech \

> --bootstrap-admin-url http://controller:35357/v3/ \

> --bootstrap-internal-url http://controller:5000/v3/ \

> --bootstrap-public-url http://controller:5000/v3/ \

> --bootstrap-region-id RegionOne

2017-02-28 01:27:24.194 19639 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/pycadf/identifier.py:60: UserWarning: Invalid uuid. To ensure interoperability,identifiers should be a valid uuid.

warnings.warn('Invalid uuid. To ensure interoperability,identifiers '

2017-02-28 01:27:24.224 19639 INFO keystone.cmd.cli [-] Created domain default

2017-02-28 01:27:24.260 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created project admin

2017-02-28 01:27:24.294 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created user admin

2017-02-28 01:27:24.301 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created role admin

2017-02-28 01:27:24.313 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Granted admin on admin to user admin.

2017-02-28 01:27:24.323 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created region RegionOne

2017-02-28 01:27:24.343 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created admin endpoint http://controller:35357/v3/

2017-02-28 01:27:24.357 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created internal endpoint http://controller:5000/v3/

2017-02-28 01:27:24.368 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created public endpoint http://controller:5000/v3/

2017-02-28 01:27:24.370 19639 INFO keystone.assignment.core [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.

6、配置Httpd

root@controller:~# vim /etc/apache2/apache2.conf

ServerName controller

root@controller:~# service apache2 restart

7、配置administrative帐号

root@controller:~# vim adminstrative.sh

export OS_USERNAME=admin

export OS_PASSWORD=zoomtech

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

8、配置domain，project，users，roles

root@controller:~# source adminstrative.sh

root@controller:~# openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field | Value |

| description | Service Project |

| domain_id | default |

| enabled | True |

| id | 53c21b5aaed24554973cec728bc93886 |

| is_domain | False |

| name | service |

| parent_id | default |

root@controller:~# openstack project create --domain default \

> --description "Demo Project" demo

| description | Demo Project |

| id | 8b610ce643254feba1621187fb0c4cc4 |

| name | demo |

root@controller:~# openstack user create --domain default \

> --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field | Value |

| domain_id | default |

| enabled | True |

| id | e75238fc214e4f48bc6bfa632aff1d15 |

| name | demo |

| options | {} |

| password_expires_at | None |

root@controller:~# openstack role create user

+-----------+----------------------------------+

| Field | Value |

| domain_id | None |

| id | 1952e288bc7f4f8b95286bfd217cd976 |

| name | user |

root@controller:~# openstack role add --project demo --user demo user

root@controller:~#

9、验证安装

root@controller:~# vim /etc/keystone/keystone-paste.ini

删除 [pipeline:public_api] 、[pipeline:admin_api] 、[pipeline:api_v3]字段中 admin_token_auth

root@controller:~# unset OS_AUTH_URL OS_PASSWORD

root@controller:~# openstack --os-auth-url http://controller:35357/v3 \

> --os-project-domain-name default --os-user-domain-name default \

> --os-project-name admin --os-username admin token issue

Password:

+------------+---------------------------------------------------------------------------+

| Field | Value |

| expires | 2017-02-28T02:38:40+0000 |

| id | gAAAAABYtNSgCEPdLgBPx_8i9FLN3KHvs4TC3SLjX3QCi35rLOAoIMVAZ5hmHRLe_vJagjtbu |

| | 3MGMjmFLZ8utaCMqAb6guBlzAbWEwkp05NLGWKlTWR68_flZVyd3YiByfkxHSknlvdq7s5eMT |

| | MNxhhCueQsmo2aWJnJxfwD9O12iRaDLNRERr4 |

| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |

| user_id | 4da79077531f4f99ab0f7f00d0ffb043 |

root@controller:~# openstack --os-auth-url http://controller:5000/v3 \

> --os-project-name demo --os-username demo token issue

| expires | 2017-02-28T02:39:02+0000 |

| id | gAAAAABYtNS2lYKPeLQtIf_jHWdmzivGWlvW5XZ4FvoymQAC0pS7EGWzefTPMfDTUQ3oipdCH |

| | P4RaJperaptZdk_zk_d5GACcS5cUoEEXOW8KPFuO1d2_IH5wCD40xsGjkKZUYlrsOH9s4XvY5 |

| | W6eig8v4FsSVs2SGcSGauUhZPo4LE-RhlIBdE |

| project_id | 8b610ce643254feba1621187fb0c4cc4 |

| user_id | e75238fc214e4f48bc6bfa632aff1d15 |

10、创建环境变量脚本

root@controller:~# vim admin-openrc

export OS_IMAGE_API_VERSION=2

11、使用环境变量

root@controller:~# source admin-openrc

root@controller:~# openstack token issue

| expires | 2017-02-28T02:46:13+0000 |

| id | gAAAAABYtNZlxRvnvkSwMO1VzBXrRimsTqzBdu4KZrxDA5rm2_u9Z_DxsINVpRAzqHrQXiRUL |

| | OfvMEJ7tsPo2ygVFXwu76j72IlmnHyq30MaRm3t-1jc3wyntjhnAcJ05NrGHbCf6HLC- |

| | OIUaq8skMTlWu03I-suXJBbkPWW8jHcGrCX_Si1z6k |

+------------+-------

12、查看安装的服务

root@controller:~# openstack service list

+----------------------------------+----------+----------+

| ID | Name | Type |

| 50bab5f4ef81410eb9af71bba516c270 | keystone | identity |

root@controller:~# openstack user list

+----------------------------------+-------+

| ID | Name |

| 4da79077531f4f99ab0f7f00d0ffb043 | admin |

| e75238fc214e4f48bc6bfa632aff1d15 | demo |

root@controller:~# openstack project list

+----------------------------------+---------+

| ID | Name |

| 53c21b5aaed24554973cec728bc93886 | service |

| 56d3f276e94d48ffb014a6fe5776d0e5 | admin |

| 8b610ce643254feba1621187fb0c4cc4 | demo |

root@controller:~#

Ubuntu16.10安装Ocata之2：Keystone

相关文章