OpenStack 02 安装认证服务--keystone

文章目录

- 准备环境
- 安装认证服务--keystone

准备环境

选择虚拟机类型
主7.6   节点7.2  安装者请自行分配ip到控制端，节点和数据库。
最小化安装，直接启用自带的yum源，
更改主机名
[[email protected] ~]# cat /etc/hostname
linux-host1.exmaple.com

修改hosts文件
[[email protected] ~]# cat /etc/hosts
192.168.10.201 linux-host1.exmaple.com linux-host1

关闭防火墙和selinux
[[email protected] ~]# systemctl disable firewalld.
[[email protected] ~]# systemctl disable NetworkManager
[[email protected] ~]# vim /etc/selinux/config
SELINUX=disabled

同步时间
[[email protected] ~]#rm -rf /etc/localtime    #删除错误的时间
[[email protected] ~]#ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime   #创建连接到上海时间
[[email protected] ~]#ntpdate time1.aliyun.com
[[email protected] ~]#hwclock -w 
[[email protected] ~]#crontab -e 
*/5 * * * * /sbin/ntpdate time1.aliyun.com && hwclock -w

安装认证服务–keystone

1.不同主机的操作
1.查看所有openstack版本，我们选择的是stein版本
[[email protected] ~]# yum list centos-release-openstack*    
centos-release-openstack-ocata.noarch                     1-2.el7                           extras
centos-release-openstack-pike.x86_64                      1-1.el7                           extras
centos-release-openstack-queens.noarch                    1-2.el7.centos                    extras
centos-release-openstack-rocky.noarch                     1-1.el7.centos                    extras
centos-release-openstack-stein.noarch                     1-1.el7.centos                    extras


2.控制机器和节点机都要安装,这是openstack源
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch
[[email protected] ~]# yum install  centos-release-openstack-stein.noarch -y


3.安装组件，controller和node安装
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y


4.安装数据库
因为我们是拆分的所以要分开装，node装mariadb
# yum install mariadb mariadb-server python2-PyMySQL

[[email protected] ~]# yum install mariadb mariadb-server -y

[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf 
[mysqld]
bind-address = 0.0.0.0

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# systemctl enable mariadb.service
[[email protected] ~]# mysql_secure_installation     #初始化数据库，密码是123456 其余全是y


5.安装消息队列 message queue
[[email protected] ~]# yum install rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack123    #设置openstack123 为密码
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"    #设置权限
#可以启动[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
http://192.168.41.111:15672/#/   guest guest

6.安装memcached
[[email protected] ~]# yum install memcached python-memcached python2-PyMySQL    #pymysql是因为控制和node分开所以单独装
[[email protected] ~]# yum install memcached    #数据库端安装
[[email protected] ~]# vim  /etc/sysconfig/memcached
PORT="11211"
USER="memcached"    #账号
MAXCONN="1024"    #最大连接数
CACHESIZE="1024"    #最大大小
OPTIONS="-l 0.0.0.0,::1"
[[email protected] ~]#systemctl restart memcached
[[email protected] ~]#systemctl enable memcached


7.安装服务
#数据库服务
[[email protected] ~]# mysql -uroot -p123456 -h127.0.0.1
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'keystone123';

[[email protected] ~]#yum install mysql -y     #创建数据库测试连接
[[email protected] ~]# mysql -ukeystone -pkeystone123 -h 192.168.41.115
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
+--------------------+



#http服务
[[email protected] ~]#  yum install openstack-keystone httpd mod_wsgi  -y
[[email protected] ~]# vim /etc/keystone/keystone.conf
[database]    #可以通过\[database] 精确找到
connection = mysql+pymysql://keystone:[email protected]/keystone    #此处把地址换成域名了。
[token]
provider = fernet

[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.41.111:80
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone    #初始化数据库，此时可以到115去查看生成的表的数据。
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = d2f60b7ec753e9bfc799    #这串代码是openssl rand -hex 10 生成
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone    #重新初始化



8.创建域，用户，项目，角色
[[email protected] ~]# export OS_TOKEN=d2f60b7ec753e9bfc799    #重新打开一个窗口2，代码是上面生成的
[[email protected] ~]# export OS_URL=http://192.168.41.111:5000/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# systemctl start httpd         &&  systemctl enable httpd  
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | edf2085ad5c7434e84beb3c3d6dec573 |
| name        | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default --description "Admin Project" Admin    #要在刚才的启动环境变量的窗口2进行
[[email protected] ~]# openstack project list
[[email protected] ~]# openstack project --help     #可以进行项目的操作。
[[email protected] ~]# openstack user create --domain default --password-prompt admin    #创建角色账号密码为admin
[[email protected] ~]# openstack role create admin    #创建角色
[[email protected] ~]# openstack role list    #查看创建的角色
[[email protected] ~]# openstack role add --project Admin --user admin admin    #加入到项目里面
[[email protected] ~]# openstack project create --domain default --description "Demo Project" demo    #创建demo的演示项目
[[email protected] ~]# openstack user create --domain default --password-prompt demo    #密码设置为demo
[[email protected] ~]# openstack role create user    #创建user角色，权限较小。
[[email protected] ~]# openstack role add --project demo --user demo user    #demo用户添加到demo项目。
[[email protected] ~]# openstack project create --domain default --description "Service Project" service    #创建service项目
[[email protected] ~]# openstack service create --name keystone --description "OpenStack Identity" identity    #创建类型为identity的文件。
[[email protected] ~]# openstack service list    #查看创建的service
[[email protected] ~]#openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3     #公共点
[[email protected] ~]#openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3     #管理点
[[email protected] ~]#openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3    #私有点
[[email protected] ~]# openstack endpoint list     #确认下是否制作成功，保证端口号是5000
#[[email protected] ~]#openstack endpoint delete  id号码    #如果错误了进行删除，防止出错最好全删除了。
#测试keystone是否可以做验证
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3    #新打开一个窗口，声明 环境变量仅对本窗口有效
#运行完下面指令后产生一个user_id 相当于openstack user  list  的id同理project也一样
[[email protected] ~]# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

[[email protected] ~]# mkdir /root/scripts    #创建两个脚本的文件夹
[[email protected] ~]# vim scripts/admin-stein.sh    #创建admin的脚本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[[email protected] ~]# vim scripts/demo-stein.sh    #创建demo的脚本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#新打开一个窗口检测生效性
[[email protected] ~]# source scripts/admin-stein.sh 
[[email protected] ~]# cat  scripts/admin-stein.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3

[[email protected] ~]#  openstack token issue


#如果报错设置监听，安装haproxy
[[email protected] ~]# vim /etc/haproxy/haproxy.conf
listen  mysql
        bind 192.168.41.111:3306    #本地
        mode tcp
        log global
        server mysql  192.168.41.115:3306 check    #数据库
        
listen  memcached
        bind 192.168.41.111:11211
        mode tcp
        log global
        server mysql  192.168.41.115:11211 check

OpenStack 02 安装认证服务--keystone

文章目录

准备环境

安装认证服务–keystone

继续阅读

Apache (You don't have permission to access / on this server.）

debian9升级4.9.0内核到4.19.2内核过程

centOS7 配置 vsftpd 虚拟用户及权限Vsftpd配置虚拟用户及权限

linux-svn卸载与安装

vsftp虚拟多用户多权限一键部署脚本

Ubuntu14.04 LTS下安装mongodb

Nginx服务优化（1）——隐藏版本号、修改用户与组、网页缓存时间、日志切割、连接超时一、隐藏版本号二、修改用户与组三、配置Nginx网页缓存时间四、实现Nginx日志分割五、配置Nginx实现连接超时六、补充关于时间日期的命令

httpd服务的部署、启动、配置和简单优化一、部署二、启动三、配置文件

配置网页内容访问

手动安装Intel network I217-LM网卡的Linux驱动

禁止ubuntu系统弹出报错界面

Ubuntu Linux下Apache的配置文件

samba服务器的功能

【Linux】UDP广播报文接收速率问题

Linux设备模型（中）之上层容器

PowerPC平台 Linux移植三