安装配置

Before you configure the OpenStack Identity service, you must create a database and an administration token.

一、创建keystone数据库并授权

1.登陆数据库

mysql -u root -p

2.创建数据库并授权

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Replace KEYSTONE_DBPASS with a suitable password.

二、创建管理员token

openssl rand -hex

记住token值

三、安装配置keystone

1.安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

2.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service

systemctl start memcached.service

3.Edit the /etc/keystone/keystone.conf file and complete the following actions

a.In the [DEFAULT] section, define the value of the initial administration token:

[DEFAULT]

...

admin_token = ADMIN_TOKEN

Replace ADMIN_TOKEN with the random value that you generated in a previous step.

b.In the [database] section, configure database access:

[database]

...

connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

Replace KEYSTONE_DBPASS with the password you chose for the database.

c.In the [memcache] section, configure the Memcache service:

[memcache]

...

servers = localhost:

d.In the [token] section, configure the UUID token provider and Memcached driver:

[token]

...

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.memcache.Token

e.In the [revoke] section, configure the SQL revocation driver:

[revoke]

...

driver = keystone.contrib.revoke.backends.sql.Revoke

f.(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

[DEFAULT]

...

verbose = True

4.Populate the Identity service database:

su -s /bin/sh -c "keystone-manage db_sync" keystone

四、To configure the Apache HTTP server

1.Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

ServerName controller

2.Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:

Listen

Listen 

<VirtualHost *:>

    WSGIDaemonProcess keystone-public processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /var/www/cgi-bin/keystone/main

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

<VirtualHost *:>

    WSGIDaemonProcess keystone-admin processes= threads= user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    LogLevel info

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

</VirtualHost>

3.Create the directory structure for the WSGI components:

mkdir -p /var/www/cgi-bin/keystone

4.Copy the WSGI components from the upstream repository into this directory:

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

5.Adjust ownership and permissions on this directory and the files in it:

chown -R keystone:keystone /var/www/cgi-bin/keystone

chmod  /var/www/cgi-bin/keystone/*

6.启动Apache服务,设置开机自起

systemctl enable httpd.service

systemctl start httpd.service

Openstack(Kilo)安装系列之Keystone(三)的更多相关文章

  1. Openstack(Kilo)安装系列之Keystone(四)

    创建租间.用户.角色 一.To configure prerequisites 1.Configure the authentication token: export OS_TOKEN=ADMIN_ ...

  2. Openstack(Kilo)安装系列之Keystone(五)

    Create OpenStack client environment scripts To create the scripts Create client environment scripts ...

  3. Openstack(Kilo)安装系列之glance(六)

    安装配置 Before you install and configure the Image service, you must create a database, service credent ...

  4. Openstack(Kilo)安装系列之环境准备(二)

    控制节点.网络节点.计算节点: 一.配置源 1.配置EPEL源 yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-rel ...

  5. Openstack(Kilo)安装系列之环境准备(一)

    本文采用VMware虚拟环境,使用CentOS 7.1作为openstack的基础环境. 一.基础平台 1.一台装有VMware的windows系统(可联网) 2.CentOS 7.1 64bit镜像 ...

  6. Openstack(Kilo)安装系列之neutron(九)

    控制节点 Before you configure the OpenStack Networking (neutron) service, you must create a database, se ...

  7. Openstack(Kilo)安装系列之nova(八)

    计算节点 To install and configure the Compute hypervisor components 1.Install the packages: yum install ...

  8. Openstack(Kilo)安装系列之nova(七)

    控制节点 Before you install and configure the Compute service, you must create a database, service crede ...

  9. OpenStack实践系列②认证服务Keystone

    OpenStack实践系列②认证服务Keystone 三.实战OpenStack之控制节点3.1 CentOS7的时间同步服务器chrony 下载chrony # yum install -y chr ...

随机推荐

  1. onWindowFocusChanged重要作用(得到/失去焦点call) 、

    onWindowFocusChanged重要作用 Activity生命周期中,onStart, onResume, onCreate都不是真正visible的时间点,真正的visible时间点是onW ...

  2. iOS中 最新微信支付/最全的微信支付教程具体解释 韩俊强的博客

    亲们, 首先让我们来看一下微信支付的流程吧. 1. 注冊微信开放平台,创建应用获取appid,appSecret,申请支付功能,申请成功之后会返回一些參数. 2. 下载微信支付sdk 3. clien ...

  3. 【VBA编程】06.控制语句

    [IF...THEN...语句] If condition Then [statements1] else [statements2] end if condition 为一个逻辑表达式,表示做选择时 ...

  4. 一个漂亮而强大的RecyclerView

    代码地址如下:http://www.demodashi.com/demo/13470.html 简介 主要提供了简单易用强大的RecyclerView库,包括自定义刷新加载效果.极简通用的万能适配器A ...

  5. GDI+学习笔记(九)带插件的排序算法演示器(MFC中的GDI+实例)

    带插件的排序算法演示器 请尊重本人的工作成果,转载请留言.并说明转载地址,谢谢. 地址例如以下: http://blog.csdn.net/fukainankai/article/details/27 ...

  6. 使用cros实现跨域请求

    直接上代码 后端 this.Response.Headers.Add("Access-Control-Allow-Origin","*"); 响应流里添加一个h ...

  7. 几种适配器&观察者&ListView之间的那点事

    android中的几种适配器&观察者&ListView 1.我们知道Android中的Adapter类是处于ListView和数据源之间的数据总线,它负责为ListView提供数据. ...

  8. 多线程-ConcurrentHashMap(JDK1.8)

    前言 HashMap非线程安全的,HashTable是线程安全的,所有涉及到多线程操作的都加上了synchronized关键字来锁住整个table,这就意味着所有的线程都在竞争一把锁,在多线程的环境下 ...

  9. poj3253 优先队列

    Farmer John wants to repair a small length of the fence around the pasture. He measures the fence an ...

  10. ext树菜单实体类

    package cn.edu.hbcf.common.vo; import java.util.ArrayList; import java.util.List; /** * ext树菜单 * * @ ...