CentOS 7部署OpenStack（二）—安装keystone服务

1、创建数据库

[root@controller ~]# mysql -u root -p

[root@controller ~]# CREATE DATABASE keystone;

[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'PWS';

[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'PWS';

[root@controller ~]# openssl rand -hex 10

2、安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

3、启动memcache

# systemctl enable memcached.service
# systemctl start memcached.service

4、设置环境

1. Edit the /etc/keystone/keystone.conf file and complete the following actions:

   1. In the [DEFAULT] section, define the value of the initial administration token:

      

      1 2 3

      [DEFAULT] ... admin_token = ADMIN_TOKEN

      Replace ADMIN_TOKEN with the random value that you generated in a previous step.

   2. In the [database] section, configure database access:

      

      1 2 3

      [database] ... connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

      Replace KEYSTONE_DBPASS with the password you chose for the database.

   3. In the [memcache] section, configure the Memcache service:

      

      1 2 3

      [memcache] ... servers = localhost:11211

   4. In the [token] section, configure the UUID token provider and Memcached driver:

      

      1 2 3 4

      [token] ... provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.memcache.Token

   5. In the [revoke] section, configure the SQL revocation driver:

      

      1 2 3

      [revoke] ... driver = keystone.contrib.revoke.backends.sql.Revoke

   6. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

      

      1 2 3

      [DEFAULT] ... verbose = True

2. Populate the Identity service database:

   # su -s /bin/sh -c "keystone-manage db_sync" keystone

5、设置HTTP

1. Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

   ServerName controller

2. Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:

   Listen 5000
   Listen 35357
   
   <VirtualHost *:5000>
       WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-public
       WSGIScriptAlias / /var/www/cgi-bin/keystone/main
       WSGIApplicationGroup %{GLOBAL}
       WSGIPassAuthorization On
       LogLevel info
       ErrorLogFormat "%{cu}t %M"
       ErrorLog /var/log/httpd/keystone-error.log
       CustomLog /var/log/httpd/keystone-access.log combined
   </VirtualHost>
   
   <VirtualHost *:35357>
       WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-admin
       WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
       WSGIApplicationGroup %{GLOBAL}
       WSGIPassAuthorization On
       LogLevel info
       ErrorLogFormat "%{cu}t %M"
       ErrorLog /var/log/httpd/keystone-error.log
       CustomLog /var/log/httpd/keystone-access.log combined
   </VirtualHost>

3. Create the directory structure for the WSGI components:

   # mkdir -p /var/www/cgi-bin/keystone

4. Copy the WSGI components from the upstream repository into this directory:

   # curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo 
     | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

5. Adjust ownership and permissions on this directory and the files in it:

   # chown -R keystone:keystone /var/www/cgi-bin/keystone
   # chmod 755 /var/www/cgi-bin/keystone/*

• Restart the Apache HTTP server:

  # systemctl enable httpd.service
  # systemctl start httpd.service

• 6、设置HTTP