基于OpenStack构建企业私有云（2）KeyStone

Keystone类似一个服务总线， 或者说是整个OpenStack框架的注册中心，其他服务通过keystone来注册其服务的Endpoint（服务访问的URL），任何服务之间相互的调用，需要经过Keystone的身份验证，来获得目标服务的Endpoint来找到目标服务。

1.安装keystone

# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

2.设置Memcache开启启动并启动Memcached

[root@linux-node1 ~]# systemctl enable memcached.service[root@linux-node1 ~]# vim /etc/sysconfig/memcachedPORT="11211"USER="memcached"MAXCONN="1024"CACHESIZE="64"OPTIONS="-l 192.168.56.11,::1"[root@linux-node1 ~]# systemctl start memcached.service

3.Keystone配置

1）配置KeyStone数据库

[root@linux-node1 ~]# vim /etc/keystone/keystone.conf
[data ]
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone

2）设置Token和Memcached

[token]
provider = fernet

3）同步数据库：

[root@linux-node1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ukeystone -pkeystone -e " use keystone;show tables;"

4）初始化fernet keys

[root@linux-node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@linux-node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5）初始化keystone

[root@linux-node1 ~]# keystone-manage bootstrap --bootstrap-password admin
--bootstrap-admin-url http://192.168.56.11:35357/v3/
--bootstrap-internal-url http://192.168.56.11:35357/v3/
--bootstrap-public-url http://192.168.56.11:5000/v3/
--bootstrap-region-id RegionOne

6）验证Keystone配置

[root@linux-node1 ~]# grep "^[a-z]" /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:keystone@192.168.56.11/keystone
provider = fernet

7）KeyStone启动

 [root@linux-node1 ~]# vim /etc/httpd/conf/httpd.confServerName 192.168.56.11:80创建配置文件[root@linux-node1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/启动keystone，并查看端口。[root@linux-node1 ~]# systemctl enable httpd.service[root@linux-node1 ~]# systemctl start httpd.service设置环境变量[root@linux-node1 ~]# export OS_USERNAME=admin[root@linux-node1 ~]# export OS_PASSWORD=admin[root@linux-node1 ~]# export OS_PROJECT_NAME=admin[root@linux-node1 ~]# export OS_USER_DOMAIN_NAME=Default[root@linux-node1 ~]# export OS_PROJECT_DOMAIN_NAME=Default[root@linux-node1 ~]# export OS_AUTH_URL=http://192.168.56.11:35357/v3[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3创建项目和demo用户# openstack project create --domain default --de ion "Demo Project" demo# openstack user create --domain default --password demo demo# openstack role create user# openstack role add --project demo --user demo user创建Service项目# openstack project create --domain default --de ion "Service Project" service创建glance用户# openstack user create --domain default --password glance glance# openstack role add --project service --user glance admin创建nova用户# openstack user create --domain default --password nova nova# openstack role add --project service --user nova admin创建placement用户# openstack user create --domain default --password placement placement# openstack role add --project service --user placement admin创建Neutron用户# openstack user create --domain default --password neutron neutron# openstack role add --project service --user neutron admin创建cinder用户# openstack user create --domain default --password cinder cinder# openstack role add --project service --user cinder admin验证Keystone[root@linux-node1 ~]# unset OS_AUTH_URL OS_PASSWORD[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issuePassword:…[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issuePassword: [root@linux-node1 ~]# vim /root/admin-openstack.shexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://192.168.56.11:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2[root@linux-node1 ~]# vim /root/demo-openstack.shexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://192.168.56.11:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2[root@linux-node1 ~]# source admin-openstack.sh[root@linux-node1 ~]# openstack token issue[root@linux-node1 ~]# source demo-openstack.sh[root@linux-node1 ~]# openstack token issue