Openstack(Kilo)安装系列之Keystone(三)
安装配置
Before you configure the OpenStack Identity service, you must create a database and an administration token.
一、创建keystone数据库并授权
1.登陆数据库
mysql -u root -p
2.创建数据库并授权
CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
Replace KEYSTONE_DBPASS
with a suitable password.
二、创建管理员token
openssl rand -hex 10
记住token值
三、安装配置keystone
1.安装keystone
yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached
2.Start the Memcached service and configure it to start when the system boots
systemctl enable memcached.service
systemctl start memcached.service
3.Edit the /etc/keystone/keystone.conf
file and complete the following actions
a.In the [DEFAULT]
section, define the value of the initial administration token:
[DEFAULT]
...
admin_token = ADMIN_TOKEN
Replace ADMIN_TOKEN
with the random value that you generated in a previous step.
b.In the [database]
section, configure database access:
[database] ... connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
Replace KEYSTONE_DBPASS
with the password you chose for the database.
c.In the [memcache]
section, configure the Memcache service:
[memcache] ... servers = localhost:11211
d.In the [token]
section, configure the UUID token provider and Memcached driver:
[token] ... provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.memcache.Token
e.In the [revoke]
section, configure the SQL revocation driver:
[revoke]
...
driver = keystone.contrib.revoke.backends.sql.Revoke
f.(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT]
section:
[DEFAULT]
...
verbose = True
4.Populate the Identity service database:
su -s /bin/sh -c "keystone-manage db_sync" keystone
四、To configure the Apache HTTP server
1.Edit the /etc/httpd/conf/httpd.conf
file and configure the ServerName
option to reference the controller node:
ServerName controller
2.Create the /etc/httpd/conf.d/wsgi-keystone.conf
file with the following content:
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LogLevel info ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LogLevel info ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined </VirtualHost>
3.Create the directory structure for the WSGI components:
mkdir -p /var/www/cgi-bin/keystone
4.Copy the WSGI components from the upstream repository into this directory:
curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
5.Adjust ownership and permissions on this directory and the files in it:
chown -R keystone:keystone /var/www/cgi-bin/keystone chmod 755 /var/www/cgi-bin/keystone/*
6.启动Apache服务,设置开机自起
systemctl enable httpd.service
systemctl start httpd.service