zoukankan      html  css  js  c++  java
  • 正式进入搭建OpenStack

    部署mariadb数据库

    控制节点:

    yum install mariadb mariadb-server python2-PyMySQL -y

     编辑:

    /etc/my.cnf.d/openstack.cnf

     [mysqld]

    bind-address = 控制节点管理网络ip

    default-storage-engine = innodb

    innodb_file_per_table

    max_connections = 4096

    collation-server = utf8_general_ci

    character-set-server = utf8

     启服务:

    systemctl enable mariadb.service

    systemctl start mariadb.service

    #初始化mysql

    mysql_secure_installation

     部署消息队列rabbitmq(验证方式:http://IP:15672/ 用户:guest 密码:guest)

    控制节点:

    yum install rabbitmq-server -y

    启动服务:

    systemctl enable rabbitmq-server.service

    systemctl start rabbitmq-server.service

    新建rabbitmq用户密码:

    rabbitmqctl add_user openstack 123456

    为新建的用户openstack设定权限:

    rabbitmqctl set_permissions openstack ".*" ".*" ".*"

    部署memcached缓存(为keystone服务缓存tokens)

    控制节点:

    yum install memcached python-memcached -y

    启动服务:

    systemctl enable memcached.service

    systemctl start memcached.service

    认证服务keystone部署

     一:安装和配置服务

    1.建库建用户

    mysql -u root -p

    CREATE DATABASE keystone;

    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'

      IDENTIFIED BY '123456';

    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'

      IDENTIFIED BY '123456';

    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'控制节点IP或主机名'

      IDENTIFIED BY '123456';

    flush privileges;

    2、安装keystone和mod_wsgi

    yum install openstack-keystone httpd mod_wsgi -y

    3、编辑/etc/keystone/keystone.conf

    [DEFAULT]

    admin_token = 123456 #建议用命令制作token:openssl rand -hex 10

    [database]

    connection = mysql+pymysql://keystone:123456@controller/keystone

    [token]

    provider = fernet

    #Token Provider:UUID, PKI, PKIZ, or Fernet #http://blog.csdn.net/miss_yang_cloud/article/details/49633719

    4.同步修改到数据库

    su -s /bin/sh -c "keystone-manage db_sync" keystone

    5.初始化fernet keys

    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

    6.配置apache服务

    编辑:/etc/httpd/conf/httpd.conf

    ServerName controller

    编辑:/etc/httpd/conf.d/wsgi-keystone.conf

    新增配置

    Listen 5000
    Listen 35357
    
    <VirtualHost *:5000>
        WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-public
        WSGIScriptAlias / /usr/bin/keystone-wsgi-public
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
        ErrorLogFormat "%{cu}t %M"
        ErrorLog /var/log/httpd/keystone-error.log
        CustomLog /var/log/httpd/keystone-access.log combined
    
        <Directory /usr/bin>
            Require all granted
        </Directory>
    </VirtualHost>
    
    <VirtualHost *:35357>
        WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-admin
        WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
        ErrorLogFormat "%{cu}t %M"
        ErrorLog /var/log/httpd/keystone-error.log
        CustomLog /var/log/httpd/keystone-access.log combined
    
        <Directory /usr/bin>
            Require all granted
        </Directory>
    </VirtualHost>
    

    7.启动服务:

    systemctl enable httpd.service

    systemctl restart httpd.service #因为之前自定义基于http协议的yum源时已经启动过了httpd,所以此处需要restart

    二:创建服务实体和访问端点

    1.实现配置管理员环境变量,用于获取后面创建的权限

    export OS_TOKEN=123456

    export OS_URL=http://controller:35357/v3

    export OS_IDENTITY_API_VERSION=3

    2.基于上一步给的权限,创建认证服务实体(目录服务)

    openstack service create

      --name keystone --description "OpenStack Identity" identity

    3.基于上一步建立的服务实体,创建访问该实体的三个api端点

    openstack endpoint create --region RegionOne

      identity public http://controller:5000/v3

      

    openstack endpoint create --region RegionOne

      identity internal http://controller:5000/v3

      

    openstack endpoint create --region RegionOne

      identity admin http://controller:35357/v3

      

    三:创建域,租户,用户,角色,把四个元素关联到一起

    建立一个公共的域名:

    openstack domain create --description "Default Domain" default

    管理员:admin

    openstack project create --domain default

      --description "Admin Project" admin

      

    openstack user create --domain default

      --password-prompt admin

    openstack role create admin

    openstack role add --project admin --user admin admin

    普通用户:demo

    openstack project create --domain default

      --description "Demo Project" demo

      

    openstack user create --domain default

      --password-prompt demo

    openstack role create user

    openstack role add --project demo --user demo user

    为后续的服务创建统一租户service

    解释:后面每搭建一个新的服务都需要在keystone中执行四种操作:1.建租户 2.建用户 3.建角色 4.做关联

    后面所有的服务公用一个租户service,都是管理员角色admin,所以实际上后续的服务安装关于keysotne

    的操作只剩2,4

    openstack project create --domain default

      --description "Service Project" service

    四:验证操作:

    编辑:/etc/keystone/keystone-paste.ini

    在[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三个地方

    移走:admin_token_auth 

    unset OS_TOKEN OS_URL

    openstack --os-auth-url http://controller:35357/v3

      --os-project-domain-name default --os-user-domain-name default

      --os-project-name admin --os-username admin token issue

    Password:

    五:新建客户端脚本文件

    管理员:admin-openrc

    export OS_PROJECT_DOMAIN_NAME=default

    export OS_USER_DOMAIN_NAME=default

    export OS_PROJECT_NAME=admin

    export OS_USERNAME=admin

    export OS_PASSWORD=123456

    export OS_AUTH_URL=http://controller:35357/v3

    export OS_IDENTITY_API_VERSION=3

    export OS_IMAGE_API_VERSION=2

    普通用户demo:demo-openrc

    export OS_PROJECT_DOMAIN_NAME=default

    export OS_USER_DOMAIN_NAME=default

    export OS_PROJECT_NAME=demo

    export OS_USERNAME=demo

    export OS_PASSWORD=123456

    export OS_AUTH_URL=http://controller:5000/v3

    export OS_IDENTITY_API_VERSION=3

    export OS_IMAGE_API_VERSION=2

     效果:

    source admin-openrc 

    [root@controller01 ~]# openstack token issue

  • 相关阅读:
    后台数值往前台传值,能获取到值,页面显示不出来的问题
    总结jquery中对select和option的基本操作
    使用<input type="image" src="...">标签会引发页面刷新的问题
    用java来实现验证码功能。
    用java来实现验证码功能(本帖为转载贴),作为个人学习收藏用
    使用java实现发送邮件的功能
    java中的中文参数存到数据库乱码问题
    模糊查询时,页面没有数据,数据库编辑器里可以正常显示数据
    c# 无法加载 DLL xxxxxxxx找不到指定的模块。 (异常来自HRESULT:0x8007007E)。的一个解决方法
    关于C#调用C++ 的DLL传送字符串显示乱码的解决
  • 原文地址:https://www.cnblogs.com/uglyliu/p/6736551.html
Copyright © 2011-2022 走看看