Controller — KeyStone

Install KeyStone

  1. [root@controller ~]# yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached openstack-utils -y

Start Memcached Service

  1. [root@controller ~]# systemctl enable memcached.service
  2. [root@controller ~]# systemctl restart memcached.service
  3. [root@controller ~]# systemctl status memcached.service

Configure KeyStone

  1. [root@controller ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
  2. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:[email protected]
  3. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:[email protected]/keystone
  4. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
  5. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf cache enabled true
  6. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf cache memcache_servers controller:11211
  7. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf memcache servers controller:11211
  8. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token expiration 3600
  9. [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet

Configure Httpd

  1. [root@controller ~]# sed -i "s/#ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
  2. [root@controller ~]# sed -i 's/OPTIONS*.*/OPTIONS="-l 127.0.0.1,::1,10.1.1.61"/' /etc/sysconfig/memcached
  3. [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Synchronize Database

  1. [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

Setup KeyStone

  1. [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
  2. [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

Start Httpd Service

  1. [root@controller ~]# systemctl enable httpd.service
  2. [root@controller ~]# systemctl restart httpd.service
  3. [root@controller ~]# systemctl status httpd.service

List Httpd Service

  1. [root@controller ~]# systemctl list-unit-files |grep httpd.service
  2. <strong>httpd.service enabled </strong>

Create Admin Role

  1. [root@controller ~]# keystone-manage bootstrap \
  2. --bootstrap-password password \
  3. --bootstrap-username admin \
  4. --bootstrap-project-name admin \
  5. --bootstrap-role-name admin \
  6. --bootstrap-service-name keystone \
  7. --bootstrap-region-id RegionOne \
  8. --bootstrap-admin-url http://controller:35357/v3 \
  9. --bootstrap-internal-url http://controller:35357/v3 \
  10. --bootstrap-public-url http://controller:5000/v3

List OpenStack Project

  1. [root@controller ~]# openstack project list --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://controller:5000 --os-password password

Configure Admin Resource

  1. [root@controller ~]# cat /root/admin-openrc
  2. export OS_USER_DOMAIN_ID=default
  3. export OS_PROJECT_DOMAIN_ID=default
  4. export OS_USERNAME=admin
  5. export OS_PROJECT_NAME=admin
  6. export OS_PASSWORD=password
  7. export OS_IDENTITY_API_VERSION=3
  8. export OS_IMAGE_API_VERSION=2
  9. export OS_AUTH_URL=http://controller:35357/v3

Create OpenStack Project

  1. [root@controller ~]# source /root/admin-openrc
  2.  
  3. [root@controller ~]# openstack project create --domain default --description "Service Project" service
  4. [root@controller ~]# openstack project create --domain default --description "Demo Project" demo
  5. [root@controller ~]# openstack user create --domain default demo --password password
  6.  
  7. [root@controller ~]# openstack role create user
  8. [root@controller ~]# openstack role add --project demo --user demo user
  9.  
  10. [root@controller ~]# unset OS_TOKEN OS_URL
  11. [root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue --os-password password
  12. [root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue --os-password password

Leave a Reply

Your email address will not be published. Required fields are marked *