Water's Home

Just another Life Style

0%

Controller --- KeyStone

Posted on Edited on In , ,

Install KeyStone

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached openstack-utils -y

Start Memcached Service

[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl restart memcached.service
[root@controller ~]# systemctl status memcached.service

Configure KeyStone

[root@controller ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:password@controller
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf cache enabled true
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf cache memcache_servers controller:11211
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf memcache servers controller:11211
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf token expiration 3600
[root@controller ~]# openstack-config –set /etc/keystone/keystone.conf token provider fernet

Configure Httpd

[root@controller ~]# sed -i “s/#ServerName www.example.com:80/ServerName controller/“ /etc/httpd/conf/httpd.conf
[root@controller ~]# sed -i ‘s/OPTIONS*.*/OPTIONS=”-l 127.0.0.1,::1,10.1.1.61”/‘ /etc/sysconfig/memcached
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Synchronize Database

[root@controller ~]# su -s /bin/sh -c “keystone-manage db_sync” keystone

Setup KeyStone

[root@controller ~]# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
[root@controller ~]# keystone-manage credential_setup –keystone-user keystone –keystone-group keystone

Start Httpd Service

[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl restart httpd.service
[root@controller ~]# systemctl status httpd.service

List Httpd Service

[root@controller ~]# systemctl list-unit-files grep httpd.service
httpd.service enabled

Create Admin Role

[root@controller ~]# keystone-manage bootstrap \
–bootstrap-password password \
–bootstrap-username admin \
–bootstrap-project-name admin \
–bootstrap-role-name admin \
–bootstrap-service-name keystone \
–bootstrap-region-id RegionOne \
–bootstrap-admin-url http://controller:35357/v3 \
–bootstrap-internal-url http://controller:35357/v3 \
–bootstrap-public-url http://controller:5000/v3

List OpenStack Project

[root@controller ~]# openstack project list –os-username admin –os-project-name admin –os-user-domain-id default –os-project-domain-id default –os-identity-api-version 3 –os-auth-url http://controller:5000 –os-password password

Configure Admin Resource

[root@controller ~]# cat /root/admin-openrc
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_DOMAIN_ID=default
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_PASSWORD=password
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_AUTH_URL=http://controller:35357/v3

Create OpenStack Project

[root@controller ~]# source /root/admin-openrc

[root@controller ~]# openstack project create –domain default –description “Service Project” service
[root@controller ~]# openstack project create –domain default –description “Demo Project” demo
[root@controller ~]# openstack user create –domain default demo –password password

[root@controller ~]# openstack role create user
[root@controller ~]# openstack role add –project demo –user demo user

[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack –os-auth-url http://controller:35357/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name admin –os-username admin token issue –os-password password
[root@controller ~]# openstack –os-auth-url http://controller:5000/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name demo –os-username demo token issue –os-password password