openstack（二）_keystone

时间：2020-04-19 12:54:04 阅读：43 评论：0 收藏：0 [点我收藏+]

部署认证服务

分别安装mariadb/mongodb/rabbitmq/keystone/httpd/memcached

yum install -y --downloaddir=./ --downloadonly

yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-server openstack-keystone httpd mod_wsgi memcached python-memcached

配置数据库cnf文件

cat > /etc/my.cnf.d/openstack.cnf << EOF
[mysqld]
bind-address = 192.168.3.220（mysql地址，可分离）
default-storage-engine = innodb #默认存储引擎
innodb_file_per_table = on #每张表独立表空间文件
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #默认字符集
character-set-server = utf8
EOF

View Code

更改系统限制的最大连接数

sed -i ‘s#\[Manager]#\[Manager]\nDefaultLimitNOFILE=100000\nDefaultLimitNPROC=100000#g‘ /etc/systemd/system.conf

sed -i ‘s#\[Service]#\[Service]\nLimitNOFILE=50000\nLimitNPROC=50000#g‘ /usr/lib/systemd/system/mariadb.service

配置memcached地址

sed -i ‘s#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g‘ /etc/sysconfig/memcached

配置开机启动 mariadb memcached

systemctl restart mariadb memcached rabbitmq-server && systemctl enable mariadb memcached rabbitmq-server

创建reabbit用户并授权

rabbitmqctl add_user openstack openstack && rabbitmqctl set_permissions openstack ".*" ".*" ".*"

初始化数据库，并创建用户和表
mysql_secure_installation
=========================================================================================

mysql -uroot -p123qwe -e "create database if not exists keystone; create database if not exists glance;create database if not exists nova;create database if not exists nova_api;create database if not exists neutron; create database if not exists cinder;create database if not exists placement;create database if not exists nova_cell0;grant all on keystone.* to ‘keystone‘@‘localhost‘ identified by ‘keystone‘;grant all on keystone.* to ‘keystone‘@‘%‘ identified by ‘keystone‘; grant all on glance.* to ‘glance‘@‘localhost‘ identified by ‘glance‘;grant all on glance.* to ‘glance‘@‘%‘ identified by ‘glance‘; grant all on nova.* to ‘nova‘@‘localhost‘ identified by ‘nova‘; grant all on nova.* to ‘nova‘@‘%‘ identified by ‘nova‘; grant all on nova_api.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;grant all on nova_api.* to ‘nova‘@‘%‘ identified by ‘nova‘; grant all on neutron.* to ‘neutron‘@‘localhost‘ identified by ‘neutron‘; 
grant all on neutron.* to ‘neutron‘@‘%‘ identified by ‘neutron‘;grant all on cinder.* to ‘cinder‘@‘localhost‘ identified by ‘cinder‘;grant all on cinder.* to ‘cinder‘@‘%‘ identified by ‘cinder‘;grant all on nova_cell0.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;grant all on nova_cell0.* to ‘nova‘@‘%‘ identified by ‘nova‘;grant all on placement.* to ‘placement‘@‘localhost‘ identified by ‘placement‘;grant all on placement.* to ‘placement‘@‘%‘ identified by ‘placement‘;flush privileges;show databases;select user,host from mysql.user;"

View Code

如果脚本初始化加入的选项

mysql -e "grant all on *.* to ‘root‘@‘localhost‘ identified by ‘$PASSWD‘;grant all on *.* to ‘root‘@‘%‘ identified by ‘$PASSWD‘;flush privileges;"

=========================================================================================

配置keystone.conf，添加或修改部分，其中py格式：mysql+pymysql://用户名:密码@主机地址/库

cat > /etc/keystone/keystone.conf <<EOF 
[database]
connection = mysql+pymysql://keystone:keystone@192.168.3.220/keystone
[memcache]
servers = 192.168.3.220:11211
[token]
provider = fernet
driver = memcache
EOF

View Code

=========================================================================================

初始化keystone库

su -s /bin/sh -c "keystone-manage db_sync" keystone

查表

mysql -ukeystone -pkeystone -e " use keystone;show tables;"

初始化keystone的admin用户并增加接入端点

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.3.220:35357/v3/ \
--bootstrap-internal-url http://192.168.3.220:35357/v3/ --bootstrap-public-url http://192.168.3.220:5000/v3/ \
--bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"

修改http配置并启动

sed -i ‘s/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g‘ /etc/httpd/conf/httpd.conf
systemctl restart httpd && systemctl enable httpd

创建admin/demo用户脚本

cat > ~/admin-openstack << EOF
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.3.220:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IIMAGE_API_VERSION=2
EOF
cat > ~/demo-openstack << EOF
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.3.220:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IIMAGE_API_VERSION=2
EOF

View Code

source admin-openstack（激活admin/demo权限，openstack token issue查看token，openstack user list查看用户，admin初始化后只有admin）

创建服务/用户/角色/端点脚本（注意地址，如有变更需要更改）

source  /root/admin-openstack
#create project (openstack project list)
openstack project create --domain default --description "Service Project" service 
openstack project create --domain default --description "Demo Project" demo
#create role(openstack role list)
openstack role create user
#create user (admin，openstack user list)
openstack user create --domain default --password demo demo
openstack user create --domain default --password glance glance
openstack user create --domain default --password nova nova
openstack user create --domain default --password neutron neutron
openstack user create --domain default --password cinder cinder
openstack user create --domain default --password placement placement
#add admin
openstack role add --project demo --user demo user
openstack role add --project service --user glance admin
openstack role add --project service --user nova admin
openstack role add --project service --user neutron admin
openstack role add --project service --user cinder admin
openstack role add --project service --user placement admin
#create service
openstack service create --name glance --description "OpenStack Image" image
openstack service create --name nova --description "Openstack Compute " compute
openstack service create --name placement --description "Placement API" placement
openstack service create --name neutron --description "OpenStack Network" network
openstack service create --name cinder  --description "Openstack Block Storage" volumev2
openstack service create --name cinder  --description "Openstack Block Storage" volumev3
#create endpoint（public/internal/admin）
openstack endpoint create --region RegionOne image public http://192.168.3.220:9292
openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292
openstack endpoint create --region RegionOne image admin http://192.168.3.220:9292

openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement admin http://192.168.3.220:8778

openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1

openstack endpoint create --region RegionOne neutron public http://192.168.3.220:9696
openstack endpoint create --region RegionOne neutron internal http://192.168.3.220:9696
openstack endpoint create --region RegionOne neutron admin http://192.168.3.220:9696

openstack endpoint create --region RegionOne volumev2  public http://192.168.3.220:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2  internal http://192.168.3.220:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2  admin http://192.168.3.220:8776/v2/%\(tenant_id\)s

openstack endpoint create --region RegionOne volumev3  public http://192.168.3.220:8776/v3/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev3  internal http://192.168.3.220:8776/v3/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev3  admin http://192.168.3.220:8776/v3/%\(tenant_id\)s

View Code

openstack（二）_keystone

原文：https://www.cnblogs.com/Leaders543/p/12731041.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年09月23日 (328)
2021年09月24日 (313)
2021年09月17日 (191)
2021年09月15日 (369)
2021年09月16日 (411)
2021年09月13日 (439)
2021年09月11日 (398)
2021年09月12日 (393)
2021年09月10日 (160)
2021年09月08日 (222)