1 #系统版本 2 [root@linux-node1 ~]# cat /etc/redhat-release 3 CentOS Linux release 7.2.1511 (Core) 4 #内核版本 5 [root@linux-node1 ~]# uname -r 6 3.10.0-327.36.3.el7.x86_64 7 #主机名 8 [root@linux-node1 ~]# hostname 9 linux-node1.example.com 10 #IP地址 11 [root@linux-node1 ~]# ifconfig eth0 |awk -F ‘[ :]+‘ ‘NR ==2 {print $3}‘ 12
1 #系统版本 2 [root@linux-node2 ~]# cat /etc/redhat-release 3 CentOS Linux release 7.2.1511 (Core) 4 #内核版本 5 [root@linux-node2 ~]# uname -r 6 3.10.0-327.36.3.el7.x86_64 7 #主机名 8 [root@linux-node2 ~]# hostname 9 linux-node2.example.com 10 #IP地址 11 [root@linux-node2 ~]# ifconfig eth0 |awk -F ‘[ :]+‘ ‘NR ==2 {print $3}‘ 12
1 #openstack N版 仓库 2 [root@linux-node1 ~]# yum install centos-release-openstack-newton –y 3 #openstack客户端 4 [root@linux-node1 ~]# yum install python-openstackclient –y 5 #如果没有关闭selinux安装这个包会自动设置selinux支持openstack 6 [root@linux-node1 ~]# yum install openstack-selinux –y
1 #安装数据库 2 [root@linux-node1 ~]# yum install mariadb mariadb-server python2-PyMySQL –y 3 #安装rabbitMQ消息队列 4 [root@linux-node1 ~]# yum install rabbitmq-server 5 #安装缓存 6 [root@linux-node1 ~]# yum install memcached python-memcached
1 #编辑数据库配置文件 2 [root@linux-node1 ~]# vim /etc/my.cnf.d/openstack.cnf 3 [mysqld] 4 #监听地址 5 bind-address = 6 #默认引擎 7 default-storage-engine = innodb 8 innodb_file_per_table 9 #最大连接数 10 max_connections = 4096 11 #核对字符集 12 collation-server = utf8_general_ci 13 #字符集 14 character-set-server = utf8 15 #启动数据库 16 [root@linux-node1 ~]# systemctl start mariadb.service 17 #设置密码并配置 18 [root@linux-node1 ~]# mysql_secure_installation
1 #允许开机自启 2 [root@linux-node1 ~]# systemctl enable rabbitmq-server.service 3 #启动 4 [root@linux-node1 ~]# systemctl start rabbitmq-server.service 5 #添加用户 6 [root@linux-node1 ~]# rabbitmqctl add_user openstack openstack 7 Creating user "openstack" ... 8 #设置权限 9 [root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" 10 Setting permissions for user "openstack" in vhost "/" ... 11 #重启 12 [root@linux-node1 ~]# rabbitmq-plugins enable rabbitmq_management
1 #修改memcache配置文件 2 [root@linux-node1 ~]# vim /etc/sysconfig/memcached 3 #memcache连接地址 4 OPTIONS="-l,::1" 5 #重启memcache 6 [root@linux-node1 ~]# systemctl restart memcached
1 #同步时间 2 [root@linux-node1 ~]# ntpdate time1.aliyun.com
Keystone(OpenStack Identity Service)是 OpenStack 框架中负责管理身份验证、服务规则和服务令牌功能的模块。用户访问资源需要验证用户的身份与权限,服务执行操作也需要进行权限检测,这些都需要通过 Keystone 来处理。
User: 用户
Project: 项目(老版本中tenant:租户)
Token: 令牌
Role: 角色
1 #安装keystone、wsgi模块、http 2 [root@linux-node1 ~]# yum install openstack-keystone httpd mod_wsgi –y
1 #登陆数据库 2 [root@linux-node1 ~]# mysql -uroot –p 3 #创建keystone库 4 MariaDB [(none)]> create database keystone; 5 #创建keystone用户并授权 6 MariaDB [(none)]> grant all privileges on keystone.* to keystone@‘localhost‘ identified by ‘keystone‘; 7 Query OK, 0 rows affected (0.00 sec) 8 MariaDB [(none)]> grant all privileges on keystone.* to keystone@‘%‘ identified by ‘keystone‘; 9 Query OK, 0 rows affected (0.00 sec)
1 #编辑配置文件 2 [root@linux-node1 ~]# vim /etc/keystone/keystone.conf 3 #database标签下添加内容 4 [database] 5 #数据库连接 6 connection = mysql+pymysql://keystone:keystone@ 7 #在memcache标签下添加内容 8 [memcache] 9 #memcache服务IP 10 servers = 11 #配置令牌 12 provider = fernet 13 #选择driver为memcache默认是sql 14 driver = memcache
1 #将表导入数据库中 2 [root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone 3 #检查导入结果 4 [root@linux-node1 ~]# mysql -h -ukeystone -pkeystone -e "use keystone;show tables;"
1 #初始化令牌 2 [root@linux-node1 keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 3 [root@linux-node1 keystone]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 4 #引导身份服务,创建endpoint 5 [root@linux-node1 keystone]# keystone-manage bootstrap --bootstrap-password admin 6 --bootstrap-admin-url \ 7 --bootstrap-internal-url \ 8 --bootstrap-public-url \ 9 --bootstrap-region-id RegionOne
1 #编辑配置文件 2 [root@linux-node1 keystone]# vim /etc/httpd/conf/httpd.conf 3 #服务监听地址 4 ServerName 5 #软连接配置文件 6 [root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 7 #设置开机自启 8 [root@linux-node1 ~]# systemctl enable httpd.service 9 #启动apache 10 [root@linux-node1 ~]# systemctl start httpd.service
1 #编辑环境变量 2 [root@linux-node1 ~]# vim /root/.openstackrc 3 export OS_USERNAME=admin 4 export OS_PASSWORD=admin 5 export OS_PROJECT_NAME=admin 6 export OS_USER_DOMAIN_NAME=Default 7 export OS_PROJECT_DOMAIN_NAME=Default 8 export OS_AUTH_URL= 9 export OS_IDENTITY_API_VERSION=3
1 #刷新环境变量 2 [root@linux-node1 ~]# source /root/.openstackrc 3 #查看用户列表 4 [root@linux-node1 ~]# openstack user list
| ID | Name |
| 45b086bdc6b746c5b0bfd62f779fe6a5 | admin |
+----------------------------------+---------+ 5 #查看角色列表 6 [root@linux-node1 ~]# openstack role list
| ID | Name |
| 44246e18d57b4f0ea6470aa56951bc08 | admin |
+----------------------------------+----------+ 7 #查看项目列表 8 [root@linux-node1 ~]# openstack project list
| ID | Name |
| d24a61dd3ecb43cb9e8a5f6539c6a2bb | admin |
+----------------------------------+---------+ 9 #查看端点列表 10 [root@linux-node1 ~]# openstack endpoint list
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
| 46bb270ff4f04b0da6a69a554322bc27 | RegionOne | keystone | identity | True | public | |
| 77bca853dafb413da29dcbac4bed9305 | RegionOne | keystone | identity | True | admin | |
| 7cc4f83fc4f34cf9b1ec5033739aefc1 | RegionOne | keystone | identity | True | internal | |
1 #创建service项目 2 [root@linux-node1 ~]# openstack project create --domain default --description "Service Project" service
| Field | Value |
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 1c86a7e5bd014ef98b13a88c94a5fbda |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+ 3 #查看项目列表 4 [root@linux-node1 ~]# openstack project list
| ID | Name |
| 1c86a7e5bd014ef98b13a88c94a5fbda | service |
| d24a61dd3ecb43cb9e8a5f6539c6a2bb | admin |
1 #创建user角色 2 [root@linux-node1 ~]# openstack role create user
| Field | Value |
| domain_id | None |
| id | e01254bb6613443895d33af96faa3fe9 |
| name | user |
+-----------+----------------------------------+ 3 #查看角色列表 4 [root@linux-node1 ~]# openstack role list
| ID | Name |
| 44246e18d57b4f0ea6470aa56951bc08 | admin |
| e01254bb6613443895d33af96faa3fe9 | user |
401 :验证失败,keystone相关用户账户密码设置错误,时间不同步,或者输入的项目名称不对
403 :可能未初始化OS_token变量,需要使用source命令使其生效,也可能是配置的配置文件未生效,需要重启相关服务
409 :keystone创建用户,用户已存在
500 :服务器内部错误,服务配置有问题,看日志,检查配置
503 :keystone相关账户密码设置有问题,请将相关的glance账户删除,重新创建即可
— By GoodCook
— 笔者QQ:253097001
— 欢迎大家随时来交流