150.OpenStack Train version - 2. Install keystone authentication service

Keywords: OpenStack Database MySQL yum

1. Create keystone database and authorize

[root@controller ~]# mysql -uroot 
	CREATE DATABASE keystone;
	GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
	GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

2. Install keystone package

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi

3. Modify the configuration file

[root@controller ~]# cp -a /etc/keystone/keystone.conf{,.bak}
[root@controller ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
	
[root@controller ~]# yum install -y openstack-utils

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider  fernet

4. Fill in the database

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

Initialize the Fernet keystore
 This is a new function of OpenStack in the new version. In the Train version, keystone no longer uses a simple string as a temporary token, but uses the user of fernet created below to run keystone. At the same time, keystone no longer uses different ports 5000 and 35357 for the service endpoint of administrator user and ordinary user, but only uses 5000 port and no longer uses 35357 port.
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  	--bootstrap-admin-url http://controller:5000/v3/ \
  	--bootstrap-internal-url http://controller:5000/v3/ \
  	--bootstrap-public-url http://controller:5000/v3/ \
  	--bootstrap-region-id RegionOne

5. Modify apache configuration

[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf

//Create wsgi profile soft link
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

//Starting and booting apache
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service

6. Initialize environment variables

[root@controller ~]# cat >> ~/.bashrc << EOF
	export OS_USERNAME=admin
	export OS_PASSWORD=ADMIN_PASS
	export OS_PROJECT_NAME=admin
	export OS_USER_DOMAIN_NAME=Default
	export OS_PROJECT_DOMAIN_NAME=Default
	export OS_AUTH_URL=http://controller:5000/v3
	export OS_IDENTITY_API_VERSION=3
	EOF
	
[root@controller ~]# source ~/.bashrc 
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2020-01-09T14:53:57+0000                                                                                                                                                                |
| id         | gAAAAABeFzB1bgQlTdO7E2x2UNvHWbtsd7KRipn0v-RhHaGwZzcnvE8bPsMwnh06CXVrwMkzGEV-VFLXZBICd3cJt5NZqLB_x-tZLmr8qiKZiK9yyiCCCZG3xncQUUQ8zTKcv02Nyz6CHA99AzRxWgetZFG1bAiHdfr1LxxsfR6ZuSsNYl0fLvU |
| project_id | 8dd2972e6c0b4d99b100d087e35ad439                                                                                                                                                        |
| user_id    | 656ea39f6bac482d8a0d0e49fc74e8a5                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

7. Projects used to create services

[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 7bc35b309acd46de99edbbefaf012de6 |
| is_domain   | False                            |
| name        | service                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

8. Create user role

[root@controller ~]# openstack role create user
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | 56b5ef9b944b4ecaa65b0313ab194f21 |
| name        | user                             |
| options     | {}                               |
+-------------+----------------------------------+
[root@controller ~]# openstack role list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 19f4b5f6a4e74a72bd47acf56d918fdf | admin  |
| 22339e09b9864c58b33ec9f3ab8d0882 | member |
| 56b5ef9b944b4ecaa65b0313ab194f21 | user   |
| ff4eb910bb184190a270b1813d028c4a | reader |
+----------------------------------+--------+

At this point, the keystone service is installed successfully. In the next section, I will install glance image service
Official password configuration information:

152 original articles published, 65 praised, 8971 visited
Private letter follow

Posted by will_1990 on Sat, 11 Jan 2020 07:16:16 -0800