按照官方文档手动安装的话,基本上是复制粘贴的过程,小心点的话基本上能安装成功!如果报错我基本上干掉重来,我使用的是VM,有快照的...
创建Keystne数据库
[root@openstack-3 ~]# mysql -uroot -pzoomtech -e "CREATE DATABASE keystone"
[root@openstack-3 ~]# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack'"
[root@openstack-3 ~]# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack'"
[root@openstack-3 ~]# openssl rand -hex 10 #这步也可以不做
99ae168d4e7fd9b8434c
安装Keystone和Apache
[root@openstack-3 ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@openstack-3 ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = nova
[database]
connection = mysql+pymysql://keystone:openstack@controller/keystone
[token]
provider = fernet
#同步Keystone数据库
[root@openstack-3 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@openstack-3 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置http服务器
[root@openstack-3 ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@openstack-3 openstack]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
启动httpd
[root@openstack-3 openstack]# systemctl enable httpd.service
[root@openstack-3 openstack]# systemctl start httpd.service
[root@controller openstack]# ps aux | grep apache
Create the service entity and API endpoints
[root@openstack-3 openstack]# export OS_TOKEN=nova
[root@openstack-3 openstack]# export OS_URL=http://controller:35357/v3
[root@openstack-3 openstack]# export OS_IDENTITY_API_VERSION=3
[root@openstack-3 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-e5e48c37-c638-4f3f-8bc2-a2f8d7d695c1)
[root@openstack-3 ~]#如果报上面错误,执行下面语句同步数据库可能会解决掉,我这样做是可以的。
[root@openstack-3 ~]# keystone-manage db_sync
[root@openstack-3 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
创建EndPonit
[root@openstack-3 ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3
[root@openstack-3 ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
[root@openstack-3 ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
命令输出如下:
[root@controller openstack]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 71f18b0924e840fdb059a4f8b4a5f44b |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller openstack]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b3a9aa4be69b4316823acc38bf56395f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71f18b0924e840fdb059a4f8b4a5f44b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller openstack]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 262b152352314e1b97486d6d98d207bc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71f18b0924e840fdb059a4f8b4a5f44b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller openstack]#
[root@controller openstack]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a0d00e25ffba43adbc17cd741ea68d9f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71f18b0924e840fdb059a4f8b4a5f44b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller openstack]#
创建域,项目,用户,角色
创建ADMIN
[root@openstack-3 ~]# openstack domain create --description "Default Domain" default
[root@openstack-3 ~]# openstack project create --domain default --description "Admin Project" admin
[root@openstack-3 ~]# openstack user create --domain default --password-prompt admin
User Password: openpass
Repeat User Password: openpass
[root@openstack-3 ~]# openstack role create admin
[root@openstack-3 ~]# openstack role add --project admin --user admin admin
创建ADMIN 命令输出如下:
[root@controller openstack]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | a7585a6dc02547f69e322438df0a35b7 |
| name | default |
+-------------+----------------------------------+
[root@controller openstack]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | a7585a6dc02547f69e322438df0a35b7 |
| enabled | True |
| id | c6e00eeb19dc488a98b4cda9c1d47a67 |
| is_domain | False |
| name | admin |
| parent_id | a7585a6dc02547f69e322438df0a35b7 |
+-------------+----------------------------------+
[root@controller openstack]# openstack user create --domain default --password-prompt admin
User Password:opensack
Repeat User Password:opensack
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | a7585a6dc02547f69e322438df0a35b7 |
| enabled | True |
| id | 4684290676cb4353b201ba34c82f3266 |
| name | admin |
+-----------+----------------------------------+
[root@controller openstack]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 10ebb2ab331741d4b5639d8e2f8affd7 |
| name | admin |
+-----------+----------------------------------+
[root@controller openstack]# openstack role add --project admin --user admin admin
[root@controller openstack]#
创建DEMO
[root@openstack-3 ~]# openstack project create --domain default --description "Service Project" service
[root@openstack-3 ~]# openstack project create --domain default --description "Demo Project" demo
[root@openstack-3 ~]# openstack user create --domain default --password-prompt demo
User Password: openpass
Repeat User Password:openpass
[root@openstack-3 ~]# openstack role create user
[root@openstack-3 ~]# openstack role add --project demo --user demo user
创建DEMO命令输出如下:
[root@controller openstack]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | a7585a6dc02547f69e322438df0a35b7 |
| enabled | True |
| id | f7f43b236c554912a1403b51308ce335 |
| is_domain | False |
| name | service |
| parent_id | a7585a6dc02547f69e322438df0a35b7 |
+-------------+----------------------------------+
[root@controller openstack]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | a7585a6dc02547f69e322438df0a35b7 |
| enabled | True |
| id | d1bebf9cd232413784f0d2dd11b5cccb |
| is_domain | False |
| name | demo |
| parent_id | a7585a6dc02547f69e322438df0a35b7 |
+-------------+----------------------------------+
[root@controller openstack]# openstack user create --domain default --password-prompt demo
User Password:
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | a7585a6dc02547f69e322438df0a35b7 |
| enabled | True |
| id | 47ee72bc938f4837aff59b1aea259151 |
| name | demo |
+-----------+----------------------------------+
[root@controller openstack]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 29d5319ab8a84ef783d7bac411b5d1cf |
| name | user |
+-----------+----------------------------------+
[root@controller openstack]# openstack role add --project demo --user demo user
[root@controller openstack]#
基本安装完成,下面检查Keystone服务安装是否正常
[root@openstack-3 openstack]# unset OS_TOKEN OS_URL
[root@openstack-3 openstack]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password: openpass
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2016-08-25T10:46:30.718408Z |
| id | 95428a3859844f85be75324fc019df5c |
| project_id | fa42862973b645cb92e1eef65849d7f0 |
| user_id | 4555c09cb5af498da08c8db5e2478271 |
+------------+----------------------------------+
[root@openstack-3 openstack]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:openpass
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2016-08-25T10:52:27.747840Z |
| id | a656497c53b84a3498fec04a34782192 |
| project_id | 3e63b063d87e4c96a17e0bb0dd37b283 |
| user_id | 13b1033c0d724c019a7fe6826e687d03 |
+------------+----------------------------------+
创建admin-openrc脚本
[root@openstack-3 openstack]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openpass
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
创建demo-openrc脚本
[root@openstack-3 openstack]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@openstack-3 openstack]# source admin-openrc
[root@openstack-3 openstack]# openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2016-08-26T02:16:13.904899Z |
| id | 01a61af82f6c46eb93acdd343f197fad |
| project_id | fa42862973b645cb92e1eef65849d7f0 |
| user_id | 4555c09cb5af498da08c8db5e2478271 |
+------------+----------------------------------+
到此,Keystone安装完成
本文转自 OpenStack2015 51CTO博客,原文链接:http://blog.51cto.com/andyliu/1845085,如需转载请自行联系原作者
