私有云落地解决方案之openstack高可用(pike版本)-keystone
来源:互联网 发布:未来国际局势知乎 编辑:程序博客网 时间:2024/06/03 11:18
作者:【吴业亮】
博客:http://blog.csdn.net/wylfengyujiancheng
1、安装软件包(三个节点)
yum install memcached python-memcached -y
2、修改memcache配置文件(三个节点)
修改vim /etc/sysconfig/memcached配置文件
cat <<END > /etc/sysconfig/memcachedPORT="11211"USER="memcached"MAXCONN="1024"CACHESIZE="64"OPTIONS="-l 0.0.0.0"END
3、启动服务并设置开机启动(三个节点)
systemctl enable memcached.servicesystemctl restart memcached.service
4、安装keystone软件包(三个节点)
yum install openstack-keystone httpd mod_wsgi mod_ssl -y
5、修改httpd配置文件(三个节点)
# cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # sed -i "s/#ServerName www.example.com:80/ServerName ${HOSTNAME}/" /etc/httpd/conf/httpd.conf
节点1
# sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
节点2
sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
节点3
sed -i "s/Listen\ 80/Listen\ 172.16.8.60:80/g" /etc/httpd/conf/httpd.conf
6、创建数据库(任一节点)
mysql -u root -pChangeme_123Create the keystone database:MariaDB [(none)]> CREATE DATABASE keystone;Grant proper access to the keystone database:MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \IDENTIFIED BY 'Changeme_123';MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \IDENTIFIED BY 'Changeme_123';
7、修改配置文件(三个节点)
# cp -a /etc/keystone/keystone.conf /etc/keystone/keystone.conf_bak
# vi /etc/keystone/keystone.conf[DEFAULT][assignment][auth][cache]memcache_servers = node1:11211,node2:11211,node3:11211[catalog][cors][credential][database]connection = mysql+pymysql://keystone:Changeme_123@172.16.8.50/keystone[domain_config][endpoint_filter][endpoint_policy][eventlet_server][federation][fernet_tokens][healthcheck][identity][identity_mapping][ldap][matchmaker_redis][memcache][oauth1][oslo_messaging_amqp][oslo_messaging_kafka][oslo_messaging_notifications][oslo_messaging_rabbit][oslo_messaging_zmq][oslo_middleware][oslo_policy][paste_deploy][policy][profiler][resource][revoke][role][saml][security_compliance][shadow_users][signing][token]provider = fernetdriver = memcache[tokenless_auth][trust]
8、同步数据库(任一节点)
su -s /bin/sh -c "keystone-manage db_sync" keystone
9、初始化密钥(node1上执行)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone
10、拷贝密钥(node1上执行)
# cd /etc/keystone/# scp -r credential-keys/ fernet-keys/ node2:$PWD# scp -r credential-keys/ fernet-keys/ node3:$PWD
11、赋予权限(节点2和3)
# chown keystone:keystone /etc/keystone/credential-keys/ -R# chown keystone:keystone /etc/keystone/fernet-keys/ -R
12、初始化(任一节点)
# keystone-manage bootstrap --bootstrap-password Changeme_123 \ --bootstrap-admin-url http://172.16.8.50:35357/v3/ \ --bootstrap-internal-url http://172.16.8.50:5000/v3/ \ --bootstrap-public-url http://172.16.8.50:5000/v3/ \ --bootstrap-region-id RegionOne
注意不要有windows字符串 ,也可从该出复制后修改
https://docs.openstack.org/keystone/pike/install/keystone-install-rdo.html
13、创建文件/etc/httpd/conf.d/wsgi-keystone.conf(各个节点)
Listen 172.16.8.60:5000Listen 172.16.8.60:35357<VirtualHost 172.16.8.60:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LimitRequestBody 114688 <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone.log CustomLog /var/log/httpd/keystone_access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost><VirtualHost 172.16.8.60:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LimitRequestBody 114688 <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone.log CustomLog /var/log/httpd/keystone_access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost>Alias /identity /usr/bin/keystone-wsgi-public<Location /identity> SetHandler wsgi-script Options +ExecCGI WSGIProcessGroup keystone-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On</Location>Alias /identity_admin /usr/bin/keystone-wsgi-admin<Location /identity_admin> SetHandler wsgi-script Options +ExecCGI WSGIProcessGroup keystone-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On</Location>
注意:替换各个节点的IP
14、启动服务并设置开机启动
# systemctl enable httpd.service# systemctl restart httpd.service
创建文件~/keystonerc并写入如下内容
export OS_USERNAME=adminexport OS_PASSWORD=Changeme_123export OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://172.16.8.50:35357/v3export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
15、创建service项目
# openstack project create --domain default --description "Service Project" service
16、创建demo项目以及demo用户,并为用户创建密码
# openstack project create --domain default --description "Demo Project" demo# openstack user create --domain default --password-prompt demo
17、创建user角色。并将demo用户赋予user角色
# openstack role create user# openstack role add --project demo --user demo user
18、 验证
# unset OS_AUTH_URL OS_PASSWORD openstack --os-auth-url http://172.16.8.50:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://172.16.8.50:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue
19、写入系统变量中(各个节点)
# echo "source ~/keystonerc " >> ~/.bash_profile# source ~/.bash_profile
阅读全文
0 0
- 私有云落地解决方案之openstack高可用(pike版本)-keystone
- 私有云落地解决方案之openstack高可用(pike版本)-架构
- 私有云落地解决方案之openstack高可用(pike版本)-环境配置
- 私有云落地解决方案之openstack高可用(pike版本)-数据库
- 私有云落地解决方案之openstack高可用(pike版本)-消息队列
- 私有云落地解决方案之openstack高可用(pike版本)-集群配置
- 私有云落地解决方案之openstack高可用(pike版本)-haproxy
- 私有云落地解决方案之openstack高可用(pike版本)-glance
- 私有云落地解决方案之openstack高可用(pike版本)-nova
- 私有云落地解决方案之openstack高可用(pike版本)-neutron【ovs】
- 私有云落地解决方案之openstack高可用(pike版本)-horizon
- 私有云落地解决方案之openstack高可用(pike版本)-cinder
- 私有云落地解决方案之openstack高可用(pike版本)-配置ovs的vxlan网络
- 私有云落地解决方案之openstack高可用(pike版本)-添加计算节点
- 私有云落地解决方案之openstack高可用(pike版本)-添加存储节点
- 私有云落地解决方案之openstack高可用(pike版本)-集群参数
- openstack keystone的高可用分析
- OpenStack版本比较之Keystone
- 内核模块已打开,但开机未加载
- Android Scrollview上滑停靠—悬浮框停靠在标题栏下方(防微博详情页)
- React中的props和state
- 前序——中序建树
- jQuery 显示和隐藏-冒泡传播点击
- 私有云落地解决方案之openstack高可用(pike版本)-keystone
- EasyDSS流媒体解决方案之多方式虚拟直播
- Servlet中的ServletContext和ServletConfig详解
- EventBus使用详解
- Hbase启动报错没有那个文件
- 几种锁机制(反正我一直都是有点模糊)
- JavaWeb学习笔记-XML-7
- 如何在win7中配置eclipse
- 机器学习-python使用Apriori算法进行关联性分析