第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
上一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
下一篇:手动部署Openstack Rocky 双节点(3)- Glance
文章目录
参考文档
Keystone (controller-only)
安装软件包
[tony@controller ~]$ sudo yum install -y openstack-keystone httpd mod_wsgi
# 检查httpd包的版本
[tony@controller ~]$ yum info httpd
...
Installed Packages
Name : httpd
Arch : x86_64
Version : 2.4.6
Release : 88.el7.centos
Size : 9.4 M
Repo : installed
From repo : base
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
修改配置文件
在/etc/keystone/keystone.conf文件中添加如下行。
[database]
connection = mysql+pymysql://keystone:$password@controller/keystone
[token]
provider = fernet
[tony@controller ~]$ sudo cat /etc/keystone/keystone.conf | grep -v -E '^#|^$'
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:$password@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
[wsgi]
创建keystone数据库
[tony@controller ~]$ mysql -u root -p
Enter password: Enter Password
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server
Copyright © 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to ‘keystone’@‘localhost’ identified by ‘$password’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to ‘keystone’@’%’ identified by ‘$password’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
初始化keystone数据库
[tony@controller ~]$ sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
启用Fernet key
[tony@controller ~]$ sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[tony@controller ~]$ sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Bootstrap Keystone Services
[tony@controller ~]$ sudo keystone-manage bootstrap \
--bootstrap-password $password \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache HTTP Server for Keystone
keystone配置文件
[tony@controller ~]$ sudo ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# 检查软连接创建成功
[tony@controller ~]$ ls -l /etc/httpd/conf.d/wsgi-keystone.conf
lrwxrwxrwx. 1 root root 38 Apr 3 21:39 /etc/httpd/conf.d/wsgi-keystone.conf -> /usr/share/keystone/wsgi-keystone.conf
注:无需修改默认的/usr/share/keystone/wsgi-keystone.conf配置文件。
Apache配置文件
修改/etc/httpd/conf/httpd.conf文件,找到ServerName配置项(默认是注释掉的),将其设置为“ServerName controller”。
[tony@controller ~]$ sudo vim /etc/httpd/conf/httpd.conf
88 #
89 # ServerName gives the name and port that the server uses to identify itself.
90 # This can often be determined automatically, but we recommend you specify
91 # it explicitly to prevent problems during startup.
92 #
93 # If your host doesn’t have a registered DNS name, enter its IP address here.
94 #
95 #ServerName www.example.com:80
96 ServerName controller
启动Apache服务
# 启用Apache服务
[tony@controller ~]$ sudo systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
# 启动Apache服务并检查其状态
[tony@controller ~]$ sudo systemctl restart httpd.service
[tony@controller ~]$ sudo systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-04-03 22:02:29 EDT; 9s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 78562 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /system.slice/httpd.service
├─78562 /usr/sbin/httpd -DFOREGROUND
├─78563 (wsgi:keystone- -DFOREGROUND
├─78564 (wsgi:keystone- -DFOREGROUND
├─78565 (wsgi:keystone- -DFOREGROUND
├─78566 (wsgi:keystone- -DFOREGROUND
├─78567 (wsgi:keystone- -DFOREGROUND
├─78568 /usr/sbin/httpd -DFOREGROUND
├─78569 /usr/sbin/httpd -DFOREGROUND
├─78570 /usr/sbin/httpd -DFOREGROUND
├─78571 /usr/sbin/httpd -DFOREGROUND
└─78572 /usr/sbin/httpd -DFOREGROUND
Apr 03 22:02:29 controller systemd[1]: Starting The Apache HTTP Server…
Apr 03 22:02:29 controller systemd[1]: Started The Apache HTTP Server.
# 检查一下侦听端口
[tony@controller ~]$ sudo netstat -nap | grep -w LISTEN
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 19955/beam.smp
tcp 0 0 172.18.22.231:3306 0.0.0.0:* LISTEN 19699/mysqld
tcp 0 0 172.18.22.231:2379 0.0.0.0:* LISTEN 21710/etcd
tcp 0 0 172.18.22.231:2380 0.0.0.0:* LISTEN 21710/etcd
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9283/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9681/master
tcp6 0 0 :::5000 :::* LISTEN 78562/httpd
tcp6 0 0 :::5672 :::* LISTEN 19955/beam.smp
tcp6 0 0 :::80 :::* LISTEN 78562/httpd
tcp6 0 0 :::22 :::* LISTEN 9283/sshd
tcp6 0 0 ::1:25 :::* LISTEN 9681/master
创建租户
注入临时身份鉴权环境变量
export OS_USERNAME=admin
export OS_PASSWORD=$password
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
创建service项目
[tony@controller ~]$ openstack project create \
--domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 73d22898ffae4e0e934541c205a8e927 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# 显示一下新创建的service项目
[tony@controller ~]$ openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+---------+
创建myproject项目
[tony@controller ~]$ openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 976721d634c941c181336e40ec40d565 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[tony@controller ~]$ openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| 976721d634c941c181336e40ec40d565 | myproject |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+-----------+
创建myuser账户
# 默认只有admin账户,是bootstrap过程创建的。
[tony@controller ~]$ openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0cbf612fcf114563b66d0a834a4fd014 | admin |
+----------------------------------+-------+
# 创建myuser账户
[tony@controller ~]$ openstack user create --domain default --password-prompt myuser
User Password: <Enter Password>
Repeat User Password: <Repeat Password>
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 29e50100032e4d3aa94d6eaff0289b51 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
# 现在我们有两个账户了
[tony@controller ~]$ openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 0cbf612fcf114563b66d0a834a4fd014 | admin |
| 29e50100032e4d3aa94d6eaff0289b51 | myuser |
+----------------------------------+--------+
创建myrole角色
# 创建myrole角色
[tony@controller ~]$ openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | eed9c1f724574af7b32e3905ce43ba6b |
| name | myrole |
+-----------+----------------------------------+
[tony@controller ~]$ openstack role add --project myproject --user myuser myrole
# member/reader/admin角色都是bootstrap步骤创建的
# myrole是刚刚创建的
[tony@controller ~]$ openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| ccccd49cbf004f3ea8f9419cf8de82bc | member |
| e283f90409524da78b126e6099cb0d60 | reader |
| e5989464809546a3a53442064957fb76 | admin |
| eed9c1f724574af7b32e3905ce43ba6b | myrole |
+----------------------------------+--------+
检验
[tony@controller ~]$ openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name admin \
--os-username admin token issue
Password: <Enter Password>
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-04-04T10:10:36+0000 |
| id | gAAAAABcpcoMh0866iQOmhHfXDIa5sUMpye4dVccB3jBjj5xxMsT0HEDy6ZPWbmzOFT7RtZpbCYvp-wrlFYh5ijsOwHmla5CVBPqsxJMB83xuT4fqkBsJlFGGgOZ3JCm3bt_L-RIyI5HqfWr03NRNqPiCUnFEeHLoGjq1F6Pz9ROg3mphXK1G24 |
| project_id | bcb33d5868a7442e914bd0568228d5ed |
| user_id | 0cbf612fcf114563b66d0a834a4fd014 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建adminrc文件
[tony@controller ~]$ vim adminrc
[tony@controller ~]$ cat adminrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$password
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# 没有source adminrc之前,无法简单执行openstack
[tony@controller ~]$ openstack project list
Missing value auth-url required for auth plugin password
# 加载adminrc中的环境变量后,可以列举project
[tony@controller ~]$ source adminrc
[tony@controller ~]$ openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 73d22898ffae4e0e934541c205a8e927 | service |
| 976721d634c941c181336e40ec40d565 | myproject |
| bcb33d5868a7442e914bd0568228d5ed | admin |
+----------------------------------+-----------+
# 可以列举catalog
[tony@controller ~]$ openstack catalog list
+----------+----------+----------------------------------------+
| Name | Type | Endpoints |
+----------+----------+----------------------------------------+
| keystone | identity | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | |
+----------+----------+----------------------------------------+
结语
至此,keystone以及相关服务都正常运行起来了。
在/var/log/httpd与/var/log/keystone目录下有httpd与keystone服务的日志,如果发生错误,可以通过分析这些日志解决问题。
第一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
上一篇:实录手动部署Openstack Rocky 双节点(1)- 基础服务
下一篇:手动部署Openstack Rocky 双节点(3)- Glance