1、创建Keystone数据库
root@controller:~# mysql -uroot -pzoomtech -e "CREATE DATABASE keystone"
root@controller:~# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'zoomtech'"
root@controller:~# mysql -uroot -pzoomtech -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'zoomtech'"
2、安装配置Keystone
root@controller:~# apt install keystone -y
root@controller:~# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:zoomtech@controller/keystone
[token]
provider = fernet
3、同步数据库
root@controller:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
4、初始化fernet key
root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2017-02-28 01:26:26.160 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2017-02-28 01:26:26.196 19021 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2017-02-28 01:26:26.197 19021 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0
root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2017-02-28 01:26:34.833 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/credential-keys/0']
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2017-02-28 01:26:34.873 19109 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2017-02-28 01:26:34.874 19109 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
5、创建keystone服务
root@controller:~# keystone-manage bootstrap --bootstrap-password zoomtech \
> --bootstrap-admin-url http://controller:35357/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
2017-02-28 01:27:24.194 19639 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/pycadf/identifier.py:60: UserWarning: Invalid uuid. To ensure interoperability, identifiers should be a valid uuid.
warnings.warn('Invalid uuid. To ensure interoperability, identifiers '
2017-02-28 01:27:24.224 19639 INFO keystone.cmd.cli [-] Created domain default
2017-02-28 01:27:24.260 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created project admin
2017-02-28 01:27:24.294 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created user admin
2017-02-28 01:27:24.301 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created role admin
2017-02-28 01:27:24.313 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Granted admin on admin to user admin.
2017-02-28 01:27:24.323 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created region RegionOne
2017-02-28 01:27:24.343 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created admin endpoint http://controller:35357/v3/
2017-02-28 01:27:24.357 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created internal endpoint http://controller:5000/v3/
2017-02-28 01:27:24.368 19639 INFO keystone.cmd.cli [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Created public endpoint http://controller:5000/v3/
2017-02-28 01:27:24.370 19639 INFO keystone.assignment.core [req-ddb34f42-1bcf-4353-8f5a-37281feb3165 - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.
6、配置Httpd
root@controller:~# vim /etc/apache2/apache2.conf
ServerName controller
root@controller:~# service apache2 restart
7、配置administrative帐号
root@controller:~# vim adminstrative.sh
export OS_USERNAME=admin
export OS_PASSWORD=zoomtech
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
8、配置domain,project,users,roles
root@controller:~# source adminstrative.sh
root@controller:~# openstack project create --domain default --description "Service Project" service
root@controller:~# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
root@controller:~# openstack role add --project demo --user demo user
root@controller:~#
9、验证安装
root@controller:~# vim /etc/keystone/keystone-paste.ini
删除 [pipeline:public_api] 、[pipeline:admin_api] 、[pipeline:api_v3]字段中 admin_token_auth
root@controller:~# unset OS_AUTH_URL OS_PASSWORD
root@controller:~# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
root@controller:~#
10、创建环境变量脚本
root@controller:~# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=zoomtech
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
11、使用环境变量
root@controller:~# source admin-openrc
root@controller:~# openstack token issue
12、查看安装的服务
root@controller:~# openstack service list
root@controller:~#