Water's Home

Just another Life Style

0%

Highly available Identity API

Installing KeyStone On Controllers

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi python-openstackclient openstack-utils -y

Configure MemCached

[root@controller ~]# sed -i ‘s/127.0.0.1/0.0.0.0/‘ /etc/sysconfig/memcached
[root@controller ~]# cat /etc/sysconfig/memcached
PORT=”11211”
USER=”memcached”
MAXCONN=”1024”
CACHESIZE=”64”
OPTIONS=”-l 0.0.0.0,::1”

Start MemCached Service

[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# systemctl status memcached.service
● memcached.service - memcached daemon
Loaded: loaded (/usr/lib/systemd/system/memcached.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2017-12-17 22:07:25 EST; 1s ago
Main PID: 7500 (memcached)
CGroup: /system.slice/memcached.service
└─7500 /usr/bin/memcached -p 11211 -u memcached -m 64 -c 1024 -l 0.0.0.0,::1

Dec 17 22:07:25 controller1 systemd[1]: Started memcached daemon.
Dec 17 22:07:25 controller1 systemd[1]: Starting memcached daemon…

Configure Httpd Service

[root@controller ~]# cp /etc/httpd/conf/httpd.conf{,.bak}
[root@controller1 ~]# echo “ServerName controller1”>>/etc/httpd/conf/httpd.conf
[root@controller2 ~]# echo “ServerName controller2”>>/etc/httpd/conf/httpd.conf
[root@controller3 ~]# echo “ServerName controller3”>>/etc/httpd/conf/httpd.conf
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Configure KeyStone

[root@controller ~]# cp /usr/share/keystone/wsgi-keystone.conf{,.bak}
[root@controller ~]# sed -i ‘s/5000/4999/‘ /usr/share/keystone/wsgi-keystone.conf
[root@controller ~]# sed -i ‘s/35357/35356/‘ /usr/share/keystone/wsgi-keystone.conf

Start Httpd Service

[root@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller ~]# systemctl restart httpd.service
[root@controller ~]# netstat -antpegrep ‘httpd’
tcp6 0 0 :::80 :::* LISTEN 1946/httpd
tcp6 0 0 :::35356 :::* LISTEN 1946/httpd
tcp6 0 0 :::4999 :::* LISTEN 1946/httpd

Configure HAPorxy For KeyStone

[root@controller ~]# echo ‘

#keystone
listen keystone_admin_cluster
bind controller:35357
#balance source
option tcpka
option httpchk
option tcplog
server controller1 controller1:35356 check inter 2000 rise 2 fall 5
server controller2 controller2:35356 check inter 2000 rise 2 fall 5
server controller3 controller3:35356 check inter 2000 rise 2 fall 5

listen keystone_public_cluster
bind controller:5000
#balance source
option tcpka
option httpchk
option tcplog
server controller1 controller1:4999 check inter 2000 rise 2 fall 5
server controller2 controller2:4999 check inter 2000 rise 2 fall 5
server controller3 controller3:4999 check inter 2000 rise 2 fall 5
‘>>/etc/haproxy/haproxy.cfg
[root@controller ~]# ‘
[root@controller ~]# systemctl restart haproxy.service
[root@controller ~]# netstat -antpegrep ‘haproxyhttpd’
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 2111/haproxy
tcp 0 0 192.168.220.20:35357 0.0.0.0:* LISTEN 2111/haproxy
tcp 0 0 192.168.220.20:5000 0.0.0.0:* LISTEN 2111/haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 2111/haproxy
tcp6 0 0 :::80 :::* LISTEN 1946/httpd
tcp6 0 0 :::35356 :::* LISTEN 1946/httpd
tcp6 0 0 :::4999 :::* LISTEN 1946/httpd

Configure KeyStone

[root@controller1 ~]# KEYSTONE_SECRET=$(openssl rand -hex 10)
[root@controller1 ~]#
[root@controller1 ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf DEFAULT admin_token $KEYSTONE_SECRET
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf DEFAULT verbose true
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@controller/keystone
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf cache enabled true
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf cache memcache_servers controller1:11211,controller2:11211,controller3:11211
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf memcache servers controller1:11211,controller2:11211,controller3:11211
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf token driver memcache
[root@controller1 ~]# openstack-config –set /etc/keystone/keystone.conf token provider fernet

Synchronize Database

[root@controller1 ~]# su -s /bin/sh -c “keystone-manage db_sync” keystone
[root@controller1 ~]# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
[root@controller1 ~]# keystone-manage credential_setup –keystone-user keystone –keystone-group keystone

Configure Other Controller Nodes

[root@controller1 ~]# rsync -avzP -e ‘ssh -p 22’ /etc/keystone/* controller2:/etc/keystone/
sending incremental file list
keystone.conf
115180 100% 108.49MB/s 0:00:00 (xfer#1, to-check=10/13)
keystone.conf.bak
114875 100% 54.78MB/s 0:00:00 (xfer#2, to-check=9/13)
credential-keys/
credential-keys/0
44 100% 21.48kB/s 0:00:00 (xfer#3, to-check=3/13)
credential-keys/1
44 100% 21.48kB/s 0:00:00 (xfer#4, to-check=2/13)
fernet-keys/
fernet-keys/0
44 100% 21.48kB/s 0:00:00 (xfer#5, to-check=1/13)
fernet-keys/1
44 100% 21.48kB/s 0:00:00 (xfer#6, to-check=0/13)

sent 2209 bytes received 2114 bytes 2882.00 bytes/sec
total size is 236741 speedup is 54.76
[root@controller1 ~]# rsync -avzP -e ‘ssh -p 22’ /etc/keystone/* controller3:/etc/keystone/
sending incremental file list
keystone.conf
115180 100% 108.49MB/s 0:00:00 (xfer#1, to-check=10/13)
keystone.conf.bak
114875 100% 54.78MB/s 0:00:00 (xfer#2, to-check=9/13)
credential-keys/
credential-keys/0
44 100% 21.48kB/s 0:00:00 (xfer#3, to-check=3/13)
credential-keys/1
44 100% 21.48kB/s 0:00:00 (xfer#4, to-check=2/13)
fernet-keys/
fernet-keys/0
44 100% 21.48kB/s 0:00:00 (xfer#5, to-check=1/13)
fernet-keys/1
44 100% 21.48kB/s 0:00:00 (xfer#6, to-check=0/13)

sent 2209 bytes received 2114 bytes 8646.00 bytes/sec
total size is 236741 speedup is 54.76

Restart Httpd Service

[root@controller1 ~]# systemctl restart httpd.service
[root@controller1 ~]# ssh controller2 “systemctl restart httpd.service”
[root@controller1 ~]# ssh controller3 “systemctl restart httpd.service”

Create Admin Role

[root@controller1 ~]# keystone-manage bootstrap –bootstrap-password admin \

–bootstrap-admin-url http://controller:35357/v3/ \
–bootstrap-internal-url http://controller:5000/v3/ \
–bootstrap-public-url http://controller:5000/v3/ \
–bootstrap-region-id RegionOne

Configure Admin Resource

[root@controller1 ~]# echo “

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
“>/root/admin-openrc
[root@controller1 ~]# “
[root@controller1 ~]# source /root/admin-openrc
[root@controller1 ~]# openstack token issue
+————+—————————————————————————————————————————————————————————————–+
Field Value
+————+—————————————————————————————————————————————————————————————–+
expires 2017-12-15T11:24:26+0000
id gAAAAABaM6LaRTUjdiPkk1_5ydJV38A7d8ksrrD270fHt5Rc6SZZiIqhQXD70YdFVZqzfK0wWnxqF2jpAy1yBB6Tt-_v9VGbwyGORDJ-MesmmcmychP65oL_2dY8O4N09Mb8RZZm29wkJzOjgQffiFkmmjm3H7mAjfEHqbUxS-RdNcrnFEY0sTQ
project_id 2291724ac1a54d65844cc5dba56f4803
user_id c69e3e92d2e9485dabc42d845574d965
+————+—————————————————————————————————————————————————————————————–+

Create OpenStack Project

[root@controller1 ~]# openstack project create –domain default –description “Service Project” service
+————-+———————————-+
Field Value
+————-+———————————-+
description Service Project
domain_id default
enabled True
id 78757402f85a467995bcbd69b2183ba5
is_domain False
name service
parent_id default
+————-+———————————-+
[root@controller1 ~]# openstack user create –domain default –password=glance glance
+———————+———————————-+
Field Value
+———————+———————————-+
domain_id default
enabled True
id 1072761f1a714aa8ad31a8e3f32fdc94
name glance
options {}
password_expires_at None
+———————+———————————-+
[root@controller1 ~]# openstack role add –project service –user glance admin
[root@controller1 ~]# openstack user create –domain default –password=nova nova
+———————+———————————-+
Field Value
+———————+———————————-+
domain_id default
enabled True
id 83ce33fed0fe4c1894b6448cc17c32f7
name nova
options {}
password_expires_at None
+———————+———————————-+
[root@controller1 ~]# openstack role add –project service –user nova admin
[root@controller1 ~]# openstack user create –domain default –password=neutron neutron
+———————+———————————-+
Field Value
+———————+———————————-+
domain_id default
enabled True
id d0ed457a96824cffb030d3c57b4a8218
name neutron
options {}
password_expires_at None
+———————+———————————-+
[root@controller1 ~]# openstack role add –project service –user neutron admin

[root@controller1 ~]# openstack project create –domain default –description “Demo Project” demo
+————-+———————————-+
Field Value
+————-+———————————-+
description Demo Project
domain_id default
enabled True
id 3ddffab721d24934a0cbd49def5aa615
is_domain False
name demo
parent_id default
+————-+———————————-+
[root@controller1 ~]# openstack user create –domain default –password=demo demo
+———————+———————————-+
Field Value
+———————+———————————-+
domain_id default
enabled True
id 7884786780534d82afa0085028d2eb9b
name demo
options {}
password_expires_at None
+———————+———————————-+
[root@controller1 ~]# openstack role create user
+———–+———————————-+
Field Value
+———–+———————————-+
domain_id None
id 0e067a05c0334234be3e19cad51cc1b5
name user
+———–+———————————-+
[root@controller1 ~]# openstack role add –project demo –user demo user

Add OpenStack Identity resource to Pacemaker

[root@controller1 ~]# pcs resource create openstack-keystone systemd:openstack-keystone –clone interleave=true

Configure OpenStack Identity service

# cat keystone.conf

bind_host = 10.0.0.12
public_bind_host = 10.0.0.12
admin_bind_host = 10.0.0.12

[catalog]
driver = keystone.catalog.backends.sql.Catalog

[identity]
driver = keystone.identity.backends.sql.Identity

Configure OpenStack services to use the highly available OpenStack Identity

# cat api-paste.ini

auth_host = 10.0.0.11

$ openstack endpoint create –region $KEYSTONE_REGION $service-type public http://PUBLIC\_VIP:5000/v2.0
$ openstack endpoint create –region $KEYSTONE_REGION $service-type admin http://10.0.0.11:35357/v2.0
$ openstack endpoint create –region $KEYSTONE_REGION $service-type internal http://10.0.0.11:5000/v2.0

cat local_settings.py

OPENSTACK_HOST = 10.0.0.11