a.安装相关源
yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
yum install centos-release-openstack-liberty -y
yum install python-openstackclient -y
b、安装MySQL相关(MySQL不一定非要安装在控制节点,只要能访问就可以)
yum install -y mariadb mariadb-server MySQL-python 修改MySQL配置 cp /usr/share/mysql/my-medium.cnf /etc/my.cnf vim /etc/my.cnf 在[mysqld]下添加如下内容 [mysqld] default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = ‘SET NAMES utf8’ character-set-server = utf8 设置开机启动 systemctl enable mariadb 启动数据库 systemctl start mariadb 设置密码 mysql_secure_installation
为相关组件创建用户、数据库,并授权
Keystone数据库 mysql -u root -p123456 -e “CREATE DATABASE keystone;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ IDENTIFIED BY ‘keystone’;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘keystone’;” Glance数据库 mysql -u root -p123456 -e “CREATE DATABASE glance;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’localhost’ IDENTIFIED BY ‘glance’;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘glance’;” Nova数据库 mysql -u root -p123456 -e “CREATE DATABASE nova;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’localhost’ IDENTIFIED BY ‘nova’;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘nova’;” Neutron 数据库 mysql -u root -p123456 -e “CREATE DATABASE neutron;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’localhost’ IDENTIFIED BY ‘neutron’;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘neutron’;” Cinder数据库 mysql -u root -p123456 -e “CREATE DATABASE cinder;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’localhost’ IDENTIFIED BY ‘cinder’;” mysql -u root -p123456 -e “GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’ IDENTIFIED BY ‘cinder’;”
d.安装rabbitmq
yum install -y rabbitmq-server
设置开机启动
systemctl enable rabbitmq-server
启动rabbitmq
systemctl start rabbitmq-server
启动插件管理
rabbitmq-plugins enable rabbitmq_management
创建rabbitmq用户(用户名为openstack,密码为openstack)
rabbitmqctl add_user openstack openstack
设置权限
set_permissions openstack “.*” “.*” “.*”
启用web管理插件
rabbitmq-plugins enable rabbitmq_management
重新启动rabbitmq
systemctl restart rabbitmq-server
进行验证
访问 192.168.56.11:15672 (默认用户名密码为guest guest 我们建立的openstack用户此时没有启用)
1、keystone篇
keystone两大功能
1)、用户与认证:用户权限与用户行为追踪
2)、服务目录:提供一个服务目录,包括所有服务项与相关Api的端点
a、安装相关服务
keystone两大功能
1)、用户与认证:用户权限与用户行为追踪
2)、服务目录:提供一个服务目录,包括所有服务项与相关Api的端点
a、安装相关服务
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
修改keyston配置文件
修改后结果如下
呵呵
此外还可以根据需求是否打开debug模式
verbose = true
同步表结构及数据
su -s /bin/sh -c “keystone-manage db_sync” keystone
同步验证(安全起见)
mysql -ukeystone -pkeystone -h 192.168.56.11
use keystone;
show tables;
如何能看到有表,且表数为33证明同步成功
启动memcache
systemctl enable memcached
systemctl start memcached
新建Apache的keystone文件
vim /etc/httpd/conf.d/wsgi-keystone.conf
添加如下内容
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat “%{cu}t %M”
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat “%{cu}t %M”
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
配置Apache配置文件(配置servername)
vim /etc/httpd/conf/httpd.conf
ServerName 192.168.56.11:80
此时可以通过Apache控制keystone认证服务的启动
启动Apache
systemctl enable httpd
systemctl starthttpd
b、创建相关用户角色
设置环境变量
export OS_TOKEN=863d35676a5632e846d9
export OS_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
创建admin项目
openstack project create –domain default –description “Admin Project” admin
创建admin用户
openstack user create –domain default –password-prompt admin
#本次操作会提示输入密码,此次密码我们设置为admin(生产一定要复杂)
创建admin角色
openstack role create admin
给admin项目添加admin用户并且角色设置为admin
openstack role add –project admin –user admin admin #此次操作没有输出
创建普通项目、用户、角色,并授权
openstack project create –domain default –description “Demo Project” demo
openstack user create –domain default –password=demo demo
openstack role create user
openstack role add –project demo –user demo user
创建service项目,用于相关组件交互
openstack project create –domain default –description “Service Project” service
c、创建keystone服务及端点
创建服务
openstack service create –name keystone –description “OpenStack Identity” identity
创建端点
openstack endpoint create –region RegionOne identity public http://192.168.56.11:5000/v2.0 #公共端点,可以对外提供服务
openstack endpoint create –region RegionOne identity internal http://192.168.56.11:5000/v2.0 #内部端点
openstack endpoint create –region RegionOne identity admin http://192.168.56.11:35357/v2.0 #管理端点
d、使用用户名密码进行验证
卸载环境变量(其实关闭当前窗口,新开一个即可)
unset OS_TOKEN
unset OS_URL
unset OS_IDENTITY_API_VERSION
验证能否获取ID(需要输入admin的密码)
openstack –os-auth-url http://192.168.56.11:35357/v3 \
–os-project-domain-id default –os-user-domain-id default \
–os-project-name admin –os-username admin –os-auth-type password \
token issue
e、配置keystone环境变量方便执行,直接source即可引用
admin环境变量
vim admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
demo环境变量
vim demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
验证结果
source admin-openrc.sh
openstack token issue
打赏作者

Leave a Reply

Your email address will not be published.