1. Create keystone database and authorize
[root@controller ~]# mysql -uroot CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
2. Install keystone package
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi
3. Modify the configuration file
[root@controller ~]# cp -a /etc/keystone/keystone.conf{,.bak} [root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf [root@controller ~]# yum install -y openstack-utils [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
4. Fill in the database
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone Initialize the Fernet keystore This is a new function of OpenStack in the new version. In the Train version, keystone no longer uses a simple string as a temporary token, but uses the user of fernet created below to run keystone. At the same time, keystone no longer uses different ports 5000 and 35357 for the service endpoint of administrator user and ordinary user, but only uses 5000 port and no longer uses 35357 port. [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
5. Modify apache configuration
[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf //Create wsgi profile soft link [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ //Starting and booting apache [root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service
6. Initialize environment variables
[root@controller ~]# cat >> ~/.bashrc << EOF export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 EOF [root@controller ~]# source ~/.bashrc [root@controller ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2020-01-09T14:53:57+0000 | | id | gAAAAABeFzB1bgQlTdO7E2x2UNvHWbtsd7KRipn0v-RhHaGwZzcnvE8bPsMwnh06CXVrwMkzGEV-VFLXZBICd3cJt5NZqLB_x-tZLmr8qiKZiK9yyiCCCZG3xncQUUQ8zTKcv02Nyz6CHA99AzRxWgetZFG1bAiHdfr1LxxsfR6ZuSsNYl0fLvU | | project_id | 8dd2972e6c0b4d99b100d087e35ad439 | | user_id | 656ea39f6bac482d8a0d0e49fc74e8a5 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7. Projects used to create services
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 7bc35b309acd46de99edbbefaf012de6 | | is_domain | False | | name | service | | options | {} | | parent_id | default | | tags | [] | +-------------+----------------------------------+
8. Create user role
[root@controller ~]# openstack role create user +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | None | | domain_id | None | | id | 56b5ef9b944b4ecaa65b0313ab194f21 | | name | user | | options | {} | +-------------+----------------------------------+ [root@controller ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 19f4b5f6a4e74a72bd47acf56d918fdf | admin | | 22339e09b9864c58b33ec9f3ab8d0882 | member | | 56b5ef9b944b4ecaa65b0313ab194f21 | user | | ff4eb910bb184190a270b1813d028c4a | reader | +----------------------------------+--------+
At this point, the keystone service is installed successfully. In the next section, I will install glance image service
Official password configuration information:
152 original articles published, 65 praised, 8971 visited