1、创建Keystone数据库
root@controller:~# MysqL -uroot -pzoomtech -e "CREATE DATABASE keystone"
root@controller:~# MysqL -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'zoomtech'"
root@controller:~# MysqL -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'zoomtech'"
2、安装配置Keystone
root@controller:~# apt install keystone -y
root@controller:~# vim /etc/keystone/keystone.conf
[database]
connection = MysqL+pyMysqL://keystone:zoomtech@controller/keystone
[token]
provider = fernet
3、同步数据库
root@controller:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
4、初始化fernet key
root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0
root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/credential-keys/0']
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
5、创建keystone服务
root@controller:~# keystone-manage bootstrap --bootstrap-password zoomtech \
> --bootstrap-admin-url http://controller:35357/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
2017-02-28 01:27:24.194 19639 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/pycadf/identifier.py:60: UserWarning: Invalid uuid. To ensure interoperability,identifiers should be a valid uuid.
warnings.warn('Invalid uuid. To ensure interoperability,identifiers '
2017-02-28 01:27:24.224 19639 INFO keystone.cmd.cli [-] Created domain default
2017-02-28 01:27:24.260 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created project admin
2017-02-28 01:27:24.294 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created user admin
2017-02-28 01:27:24.301 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created role admin
2017-02-28 01:27:24.313 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Granted admin on admin to user admin.
2017-02-28 01:27:24.323 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created region RegionOne
2017-02-28 01:27:24.343 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created admin endpoint http://controller:35357/v3/
2017-02-28 01:27:24.357 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created internal endpoint http://controller:5000/v3/
2017-02-28 01:27:24.368 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created public endpoint http://controller:5000/v3/
2017-02-28 01:27:24.370 19639 INFO keystone.assignment.core [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.
6、配置Httpd
root@controller:~# vim /etc/apache2/apache2.conf
ServerName controller
root@controller:~# service apache2 restart
7、配置administrative帐号
root@controller:~# vim adminstrative.sh
export OS_USERNAME=admin
export OS_PASSWORD=zoomtech
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
8、配置domain,project,users,roles
root@controller:~# source adminstrative.sh
root@controller:~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 53c21b5aaed24554973cec728bc93886 |
| is_domain | False |
| name | service |
| parent_id | default |
root@controller:~# openstack project create --domain default \
> --description "Demo Project" demo
| description | Demo Project |
| id | 8b610ce643254feba1621187fb0c4cc4 |
| name | demo |
root@controller:~# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
| domain_id | default |
| enabled | True |
| id | e75238fc214e4f48bc6bfa632aff1d15 |
| name | demo |
| options | {} |
| password_expires_at | None |
root@controller:~# openstack role create user
+-----------+----------------------------------+
| Field | Value |
| domain_id | None |
| id | 1952e288bc7f4f8b95286bfd217cd976 |
| name | user |
root@controller:~# openstack role add --project demo --user demo user
root@controller:~#
9、验证安装
root@controller:~# vim /etc/keystone/keystone-paste.ini
删除 [pipeline:public_api] 、[pipeline:admin_api] 、[pipeline:api_v3]字段中 admin_token_auth
root@controller:~# unset OS_AUTH_URL OS_PASSWORD
root@controller:~# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------+
| Field | Value |
| expires | 2017-02-28T02:38:40+0000 |
| id | gAAAAABYtNSgCEPdLgBPx_8i9FLN3KHvs4TC3SLjX3QCi35rLOAoIMVAZ5hmHRLe_vJagjtbu |
| | 3MGMjmFLZ8utaCMqAb6guBlzAbWEwkp05NLGWKlTWR68_flZVyd3YiByfkxHSknlvdq7s5eMT |
| | MNxhhCueQsmo2aWJnJxfwD9O12iRaDLNRERr4 |
| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |
| user_id | 4da79077531f4f99ab0f7f00d0ffb043 |
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-name demo --os-username demo token issue
| expires | 2017-02-28T02:39:02+0000 |
| id | gAAAAABYtNS2lYKPeLQtIf_jHWdmzivGWlvW5XZ4FvoymQAC0pS7EGWZefTPMfDTUQ3oipdCH |
| | P4RaJperaptZdk_zk_d5GACcS5cUoEEXOW8KPFuO1d2_IH5wCD40xsGjkKZUYlRsOH9s4XvY5 |
| | W6eig8v4FsSVs2SGcSGauUhZPo4LE-RhlIBdE |
| project_id | 8b610ce643254feba1621187fb0c4cc4 |
| user_id | e75238fc214e4f48bc6bfa632aff1d15 |
10、创建环境变量脚本
root@controller:~# vim admin-openrc
export OS_IMAGE_API_VERSION=2
11、使用环境变量
root@controller:~# source admin-openrc
root@controller:~# openstack token issue
| expires | 2017-02-28T02:46:13+0000 |
| id | gAAAAABYtNZlxRvnvkSwMO1VzBXrRimsTqzBdu4KZrxDA5rm2_u9Z_DxsINVpRAzqHrQXiRUL |
| | OfvMEJ7tsPo2ygVFXwu76j72IlmnHyq30MaRm3t-1jc3wyntjhnAcJ05NrGHbCf6HLC- |
| | OIUaq8skMTlWu03I-suXJBbkPWW8jHcGrCX_Si1z6k |
+------------+-------
12、查看安装的服务
root@controller:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
| 50bab5f4ef81410eb9af71bba516c270 | keystone | identity |
root@controller:~# openstack user list
+----------------------------------+-------+
| ID | Name |
| 4da79077531f4f99ab0f7f00d0ffb043 | admin |
| e75238fc214e4f48bc6bfa632aff1d15 | demo |
root@controller:~# openstack project list
+----------------------------------+---------+
| ID | Name |
| 53c21b5aaed24554973cec728bc93886 | service |
| 56d3f276e94d48ffb014a6fe5776d0e5 | admin |
| 8b610ce643254feba1621187fb0c4cc4 | demo |
root@controller:~#