OpenStack 02 安裝認證服務--keystone

文章目錄

- 準備環境
- 安裝認證服務--keystone

準備環境

選擇虛拟機類型
主7.6   節點7.2  安裝者請自行配置設定ip到控制端，節點和資料庫。
最小化安裝，直接啟用自帶的yum源，
更改主機名
[[email protected] ~]# cat /etc/hostname
linux-host1.exmaple.com

修改hosts檔案
[[email protected] ~]# cat /etc/hosts
192.168.10.201 linux-host1.exmaple.com linux-host1

關閉防火牆和selinux
[[email protected] ~]# systemctl disable firewalld.
[[email protected] ~]# systemctl disable NetworkManager
[[email protected] ~]# vim /etc/selinux/config
SELINUX=disabled

同步時間
[[email protected] ~]#rm -rf /etc/localtime    #删除錯誤的時間
[[email protected] ~]#ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime   #建立連接配接到上海時間
[[email protected] ~]#ntpdate time1.aliyun.com
[[email protected] ~]#hwclock -w 
[[email protected] ~]#crontab -e 
*/5 * * * * /sbin/ntpdate time1.aliyun.com && hwclock -w

安裝認證服務–keystone

1.不同主機的操作
1.檢視所有openstack版本，我們選擇的是stein版本
[[email protected] ~]# yum list centos-release-openstack*    
centos-release-openstack-ocata.noarch                     1-2.el7                           extras
centos-release-openstack-pike.x86_64                      1-1.el7                           extras
centos-release-openstack-queens.noarch                    1-2.el7.centos                    extras
centos-release-openstack-rocky.noarch                     1-1.el7.centos                    extras
centos-release-openstack-stein.noarch                     1-1.el7.centos                    extras


2.控制機器和節點機都要安裝,這是openstack源
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch -y


3.安裝元件，controller和node安裝
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y


4.安裝資料庫
因為我們是拆分的是以要分開裝，node裝mariadb
# yum install mariadb mariadb-server python2-PyMySQL

[[email protected] ~]# yum install mariadb mariadb-server -y

[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf 
[mysqld]
bind-address = 0.0.0.0

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# systemctl enable mariadb.service
[[email protected] ~]# mysql_secure_installation     #初始化資料庫，密碼是123456 其餘全是y


5.安裝消息隊列 message queue
[[email protected] ~]# yum install rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack123    #設定openstack123 為密碼
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"    #設定權限
#可以啟動[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
http://192.168.41.111:15672/#/   guest guest

6.安裝memcached
[[email protected] ~]# yum install memcached python-memcached python2-PyMySQL    #pymysql是因為控制和node分開是以單獨裝
[[email protected] ~]# yum install memcached    #資料庫端安裝
[[email protected] ~]# vim  /etc/sysconfig/memcached
PORT="11211"
USER="memcached"    #賬号
MAXCONN="1024"    #最大連接配接數
CACHESIZE="1024"    #最大大小
OPTIONS="-l 0.0.0.0,::1"
[[email protected] ~]#systemctl restart memcached
[[email protected] ~]#systemctl enable memcached


7.安裝服務
#資料庫服務
[[email protected] ~]# mysql -uroot -p123456 -h127.0.0.1
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'keystone123';

[[email protected] ~]#yum install mysql -y     #建立資料庫測試連接配接
[[email protected] ~]# mysql -ukeystone -pkeystone123 -h 192.168.41.115
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
+--------------------+



#http服務
[[email protected] ~]#  yum install openstack-keystone httpd mod_wsgi  -y
[[email protected] ~]# vim /etc/keystone/keystone.conf
[database]    #可以通過\[database] 精确找到
connection = mysql+pymysql://keystone:[email protected]/keystone    #此處把位址換成域名了。
[token]
provider = fernet

[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.41.111:80
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone    #初始化資料庫，此時可以到115去檢視生成的表的資料。
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = d2f60b7ec753e9bfc799    #這串代碼是openssl rand -hex 10 生成
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone    #重新初始化



8.建立域，使用者，項目，角色
[[email protected] ~]# export OS_TOKEN=d2f60b7ec753e9bfc799    #重新打開一個視窗2，代碼是上面生成的
[[email protected] ~]# export OS_URL=http://192.168.41.111:5000/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# systemctl start httpd         &&  systemctl enable httpd  
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | edf2085ad5c7434e84beb3c3d6dec573 |
| name        | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default --description "Admin Project" Admin    #要在剛才的啟動環境變量的視窗2進行
[[email protected] ~]# openstack project list
[[email protected] ~]# openstack project --help     #可以進行項目的操作。
[[email protected] ~]# openstack user create --domain default --password-prompt admin    #建立角色賬号密碼為admin
[[email protected] ~]# openstack role create admin    #建立角色
[[email protected] ~]# openstack role list    #檢視建立的角色
[[email protected] ~]# openstack role add --project Admin --user admin admin    #加入到項目裡面
[[email protected] ~]# openstack project create --domain default --description "Demo Project" demo    #建立demo的示範項目
[[email protected] ~]# openstack user create --domain default --password-prompt demo    #密碼設定為demo
[[email protected] ~]# openstack role create user    #建立user角色，權限較小。
[[email protected] ~]# openstack role add --project demo --user demo user    #demo使用者添加到demo項目。
[[email protected] ~]# openstack project create --domain default --description "Service Project" service    #建立service項目
[[email protected] ~]# openstack service create --name keystone --description "OpenStack Identity" identity    #建立類型為identity的檔案。
[[email protected] ~]# openstack service list    #檢視建立的service
[[email protected] ~]#openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3     #公共點
[[email protected] ~]#openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3     #管理點
[[email protected] ~]#openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3    #私有點
[[email protected] ~]# openstack endpoint list     #确認下是否制作成功，保證端口号是5000
#[[email protected] ~]#openstack endpoint delete  id号碼    #如果錯誤了進行删除，防止出錯最好全删除了。
#測試keystone是否可以做驗證
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3    #新打開一個視窗，聲明 環境變量僅對本視窗有效
#運作完下面指令後産生一個user_id 相當于openstack user  list  的id同理project也一樣
[[email protected] ~]# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

[[email protected] ~]# mkdir /root/scripts    #建立兩個腳本的檔案夾
[[email protected] ~]# vim scripts/admin-stein.sh    #建立admin的腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[[email protected] ~]# vim scripts/demo-stein.sh    #建立demo的腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#新打開一個視窗檢測生效性
[[email protected] ~]# source scripts/admin-stein.sh 
[[email protected] ~]# cat  scripts/admin-stein.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3

[[email protected] ~]#  openstack token issue


#如果報錯設定監聽，安裝haproxy
[[email protected] ~]# vim /etc/haproxy/haproxy.conf
listen  mysql
        bind 192.168.41.111:3306    #本地
        mode tcp
        log global
        server mysql  192.168.41.115:3306 check    #資料庫
        
listen  memcached
        bind 192.168.41.111:11211
        mode tcp
        log global
        server mysql  192.168.41.115:11211 check

OpenStack 02 安裝認證服務--keystone

文章目錄

準備環境

安裝認證服務–keystone

繼續閱讀

Apache (You don't have permission to access / on this server.）

debian9更新4.9.0核心到4.19.2核心過程

centOS7 配置 vsftpd 虛拟使用者及權限Vsftpd配置虛拟使用者及權限

linux-svn解除安裝與安裝

vsftp虛拟多使用者多權限一鍵部署腳本

Ubuntu14.04 LTS下安裝mongodb

httpd服務的部署、啟動、配置和簡單優化一、部署二、啟動三、配置檔案

配置網頁内容通路

手動安裝Intel network I217-LM網卡的Linux驅動

禁止ubuntu系統彈出報錯界面

Ubuntu Linux下Apache的配置檔案

samba伺服器的功能

【Linux】UDP廣播封包接收速率問題

Linux裝置模型（中）之上層容器

PowerPC平台 Linux移植三