安装配置

Before you configure the OpenStack Identity service, you must create a database and an administration token.

一、创建keystone数据库并授权

1.登陆数据库

mysql -u root -p

2.创建数据库并授权

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Replace KEYSTONE_DBPASS with a suitable password.

二、创建管理员token

openssl rand -hex

记住token值

三、安装配置keystone

1.安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

2.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service

systemctl start memcached.service

3.Edit the /etc/keystone/keystone.conf file and complete the following actions

a.In the [DEFAULT] section, define the value of the initial administration token:

[DEFAULT]

...

admin_token = ADMIN_TOKEN

Replace ADMIN_TOKEN with the random value that you generated in a previous step.

b.In the [database] section, configure database access:

[database]

...

connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

Replace KEYSTONE_DBPASS with the password you chose for the database.

c.In the [memcache] section, configure the Memcache service:

[memcache]

...

servers = localhost:

d.In the [token] section, configure the UUID token provider and Memcached driver:

[token]

...

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.memcache.Token

e.In the [revoke] section, configure the SQL revocation driver:

[revoke]

...

driver = keystone.contrib.revoke.backends.sql.Revoke

f.(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

[DEFAULT]

...

verbose = True

4.Populate the Identity service database:

su -s /bin/sh -c "keystone-manage db_sync" keystone

四、To configure the Apache HTTP server

1.Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

ServerName controller

2.Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:

Listen

Listen 

<VirtualHost *:>

    WSGIDaemonProcess keystone-public processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /var/www/cgi-bin/keystone/main

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

<VirtualHost *:>

    WSGIDaemonProcess keystone-admin processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

3.Create the directory structure for the WSGI components:

mkdir -p /var/www/cgi-bin/keystone

4.Copy the WSGI components from the upstream repository into this directory:

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

5.Adjust ownership and permissions on this directory and the files in it:

chown -R keystone:keystone /var/www/cgi-bin/keystone

chmod  /var/www/cgi-bin/keystone/*

6.启动Apache服务,设置开机自起

systemctl enable httpd.service

systemctl start httpd.service

Openstack(Kilo)安装系列之Keystone(三)的更多相关文章

  1. Openstack(Kilo)安装系列之Keystone(四)

    创建租间.用户.角色 一.To configure prerequisites 1.Configure the authentication token: export OS_TOKEN=ADMIN_ ...

  2. Openstack(Kilo)安装系列之Keystone(五)

    Create OpenStack client environment scripts To create the scripts Create client environment scripts ...

  3. Openstack(Kilo)安装系列之glance(六)

    安装配置 Before you install and configure the Image service, you must create a database, service credent ...

  4. Openstack(Kilo)安装系列之环境准备(二)

    控制节点.网络节点.计算节点: 一.配置源 1.配置EPEL源 yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-rel ...

  5. Openstack(Kilo)安装系列之环境准备(一)

    本文采用VMware虚拟环境,使用CentOS 7.1作为openstack的基础环境. 一.基础平台 1.一台装有VMware的windows系统(可联网) 2.CentOS 7.1 64bit镜像 ...

  6. Openstack(Kilo)安装系列之neutron(九)

    控制节点 Before you configure the OpenStack Networking (neutron) service, you must create a database, se ...

  7. Openstack(Kilo)安装系列之nova(八)

    计算节点 To install and configure the Compute hypervisor components 1.Install the packages: yum install ...

  8. Openstack(Kilo)安装系列之nova(七)

    控制节点 Before you install and configure the Compute service, you must create a database, service crede ...

  9. OpenStack实践系列②认证服务Keystone

    OpenStack实践系列②认证服务Keystone 三.实战OpenStack之控制节点3.1 CentOS7的时间同步服务器chrony 下载chrony # yum install -y chr ...

随机推荐

  1. 加加减减(你真的懂++--吗) C#

    目录  TOC \o "1-3" \h \z \u 自增量. PAGEREF _Toc456268662 \h 1 08D0C9EA79F9BACE118C8200AA004BA9 ...

  2. has been modified since the precompiled header地图错误

    添加高德地图的一个错误 has been modified since the precompiled header 解决方案: xcode---product----clean  清理重新编译一下就 ...

  3. 基于Prometheus搭建SpringCloud全方位立体监控体系

    前提 最近公司在联合运维做一套全方位监控的系统,应用集群的技术栈是SpringCloud体系.虽然本人没有参与具体基础架构的研发,但是从应用引入的包和一些资料的查阅大致推算出具体的实现方案,这里做一次 ...

  4. canvas贝济埃曲线

    <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title> ...

  5. JDBC操作,执行数据库更新操作

    目标: 使用Connection对象取得Statement实例 使用Statement进行数据增删改. Statement接口 要对数据库操作,要使用Statement完成.此接口可以使用Connec ...

  6. struts result动态结果集 带参数的结果集

    <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC     &qu ...

  7. LoadRunner访问Mysql数据库(转)

    这是很久以前编写的一个测试案例,那时是为了检查大量往Mysql数据库里插入数据,看一下数据库的性能如何?服务器是否会很快就被写满了. 前期的准备工作:Mysql 数据库搭建,LoadRunner,li ...

  8. Ubuntu 18.04修改IP地址

    注:配置/etc/network/interfaces已无用 root@ubuntu:~# vim /etc/netplan/50-cloud-init.yaml network: ethernets ...

  9. Linux修改时间的方法

    http://www.blogjava.net/itvincent/archive/2007/08/03/134242.html修改linux的时间可以使用date指令 在命令行输入: date 显示 ...

  10. Hive SQL 常见问题(转载)

    http://www.aboutyun.com/thread-14942-1-1.html 问题导读 1.Hive查询语句和SQL查询语句区别与联系. 2.distribute by.group by ...