(2) openstack--keystone

yun1

OpenStack packages

yum install python-openstackclient -y  

yum install openstack-selinux

SQL database

yum install mariadb mariadb-server python2-PyMySQL
vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.254.131
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl enable mariadb.service
systemctl start mariadb.service

mysql_secure_installation 初始化数据库（必做）设密码等

Message queue

yum install rabbitmq-server

 systemctl enable rabbitmq-server.service

 systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack admin

rabbitmqctl set_permissions openstack ".*" ".*" ".*" 给权限

Setting permissions for user "openstack" in vhost "/" 添加openstack为管理员

Memcached

yum install memcached python-memcached
vim /etc/sysconfig/memcached

OPTIONS="-l 127.0.0.1,::1,yun1" 改一行

systemctl enable memcached.service
systemctl start memcached.service

Identity service

Install and configure

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE keystone;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';

yum install openstack-keystone httpd mod_wsgi

cp keystone.conf keystone.bak 备份一个

/etc/keystone/keystone.conf

[DEFAULT]

 

[assignment]

 

[auth]

 

[cache]

 

[catalog]

 

[cors]

 

[cors.subdomain]

 

[credential]

 

[database]

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@yun1/keystone

 

[domain_config]

 

[endpoint_filter]

 

[endpoint_policy]

 

[eventlet_server]

 

[federation]

 

[fernet_tokens]

 

[healthcheck]

 

[identity]

 

[identity_mapping]

 

[kvs]

 

[ldap]

 

[matchmaker_redis]

 

[memcache]

 

[oauth1]

 

[oslo_messaging_amqp]

 

[oslo_messaging_kafka]

 

[oslo_messaging_notifications]

 

[oslo_messaging_rabbit]

 

[oslo_messaging_zmq]

 

[oslo_middleware]

 

[oslo_policy]

 

[paste_deploy]

 

[policy]

 

[profiler]

 

[resource]

 

[revoke]

 

[role]

 

[saml]

 

[security_compliance]

 

[shadow_users]

 

[signing]

 

[token]

provider = fernet

 

[tokenless_auth]

 

[trust]

su -s /bin/sh -c "keystone-manage db_sync" keystone  导入数据 导入后进入 keystone库 看是否有tables

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 设置用户 keytone管理组keytone
#keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 认证

keystone-manage bootstrap --bootstrap-password admin \
  --bootstrap-admin-url http://yun1:35357/v3/ \
  --bootstrap-internal-url http://yun1:5000/v3/ \
  --bootstrap-public-url http://yun1:5000/v3/ \
  --bootstrap-region-id RegionOne

Configure the Apache HTTP server

vim /etc/httpd/conf/httpd.conf

ServerName yun1

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 建立链接

systemctl enable httpd.service
# systemctl start httpd.service
vim openrc

export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://yun1:35357/v3
export OS_IDENTITY_API_VERSION=3

source openrc 宣告环境变量
就可以用openstack命令