安装配置

Before you configure the OpenStack Identity service, you must create a database and an administration token.

一、创建keystone数据库并授权

1.登陆数据库

mysql -u root -p

2.创建数据库并授权

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Replace KEYSTONE_DBPASS with a suitable password.

二、创建管理员token

openssl rand -hex

记住token值

三、安装配置keystone

1.安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

2.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service

systemctl start memcached.service

3.Edit the /etc/keystone/keystone.conf file and complete the following actions

a.In the [DEFAULT] section, define the value of the initial administration token:

[DEFAULT]

...

admin_token = ADMIN_TOKEN

Replace ADMIN_TOKEN with the random value that you generated in a previous step.

b.In the [database] section, configure database access:

[database]

...

connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

Replace KEYSTONE_DBPASS with the password you chose for the database.

c.In the [memcache] section, configure the Memcache service:

[memcache]

...

servers = localhost:

d.In the [token] section, configure the UUID token provider and Memcached driver:

[token]

...

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.memcache.Token

e.In the [revoke] section, configure the SQL revocation driver:

[revoke]

...

driver = keystone.contrib.revoke.backends.sql.Revoke

f.(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

[DEFAULT]

...

verbose = True

4.Populate the Identity service database:

su -s /bin/sh -c "keystone-manage db_sync" keystone

四、To configure the Apache HTTP server

1.Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

ServerName controller

2.Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:

Listen

Listen 

<VirtualHost *:>

    WSGIDaemonProcess keystone-public processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /var/www/cgi-bin/keystone/main

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

<VirtualHost *:>

    WSGIDaemonProcess keystone-admin processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

3.Create the directory structure for the WSGI components:

mkdir -p /var/www/cgi-bin/keystone

4.Copy the WSGI components from the upstream repository into this directory:

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

5.Adjust ownership and permissions on this directory and the files in it:

chown -R keystone:keystone /var/www/cgi-bin/keystone

chmod  /var/www/cgi-bin/keystone/*

6.启动Apache服务,设置开机自起

systemctl enable httpd.service

systemctl start httpd.service

Openstack(Kilo)安装系列之Keystone(三)的更多相关文章

  1. Openstack(Kilo)安装系列之Keystone(四)

    创建租间.用户.角色 一.To configure prerequisites 1.Configure the authentication token: export OS_TOKEN=ADMIN_ ...

  2. Openstack(Kilo)安装系列之Keystone(五)

    Create OpenStack client environment scripts To create the scripts Create client environment scripts ...

  3. Openstack(Kilo)安装系列之glance(六)

    安装配置 Before you install and configure the Image service, you must create a database, service credent ...

  4. Openstack(Kilo)安装系列之环境准备(二)

    控制节点.网络节点.计算节点: 一.配置源 1.配置EPEL源 yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-rel ...

  5. Openstack(Kilo)安装系列之环境准备(一)

    本文采用VMware虚拟环境,使用CentOS 7.1作为openstack的基础环境. 一.基础平台 1.一台装有VMware的windows系统(可联网) 2.CentOS 7.1 64bit镜像 ...

  6. Openstack(Kilo)安装系列之neutron(九)

    控制节点 Before you configure the OpenStack Networking (neutron) service, you must create a database, se ...

  7. Openstack(Kilo)安装系列之nova(八)

    计算节点 To install and configure the Compute hypervisor components 1.Install the packages: yum install ...

  8. Openstack(Kilo)安装系列之nova(七)

    控制节点 Before you install and configure the Compute service, you must create a database, service crede ...

  9. OpenStack实践系列②认证服务Keystone

    OpenStack实践系列②认证服务Keystone 三.实战OpenStack之控制节点3.1 CentOS7的时间同步服务器chrony 下载chrony # yum install -y chr ...

随机推荐

  1. 从word中导出图片

    想把word里面的图片导出来,可以这么操作: 1.右键word里面的图片,复制 2.打开电脑的画图工具,粘贴,然后保存

  2. Oracle,用left join 替代 exists ,not exists,in , not in,提高效率

    Not IN问题 Exists,not Exists,in,not in 例如: FROM YSHB B WHERE YSHA.code=b.code ) 等同于 DELETE A FROM YSHA ...

  3. 转:maven3常用POM属性及Settings属性介绍

    原文:http://blog.csdn.net/lgm277531070/article/details/6922645 A.pom.xml属性介绍: project: pom的xml根元素. par ...

  4. 详解Android中那些酷炫返回方式的实现

    Android手机都会有返回键,不管是实体键,还是虚拟键.Android用户主要也都是通过这个返回键操控页面返回方式的,不比IOS逼格甚高的只保留一个操作键.这种方式是最普遍的返回方式,还有一种也是比 ...

  5. Python中给文件加锁

    首先要引入库import fcntl打开一个文件f = open('./test')对该文件加密:fcntl.flock(f, fcntl.LOCK_EX)这样就对文件test加锁了,如果有其他进程要 ...

  6. Android TCP/IP Socket Test

    TCP/IP协议:Transmission Control Protocol/Internet Protocol的简写,中译名为传输控制协议/因特网互联协议,又名网络通讯协议,是Internet最基本 ...

  7. VS2012安装git

    新安装了vs2012,尝试使用Git,安装过程比较简单,记录下来以备以后查阅.   1. 下载.安装Git 我的系统是Windows 7,需要安装Git for Windows. 下载地址: http ...

  8. 远程重启WIN服务器

  9. Bash中的空格

    空格,一个看不见的字符,很不起眼,很多人经常忽略它,导致代码出错,却还找不着北. 先了解下bash中什么时候该用空格,什么时候不该用. . 等号赋值两边不能有空格 . 命令与选项之间需要空格 . 管道 ...

  10. [elk]es增删改查最佳实战

    PUT app01 GET app01/_settings GET _all/_settings PUT app01/_settings { "number_of_replicas" ...