本实验环境为windows11系统,Vmware pro 15.5,虚拟机为Ubuntu16.04 server
1、创建keystone数据库
进入数据库并创建
mysql -uroot -p1234
CREATE DATABASE keystone;赋予数据库权限,‘1234’为keystone自定义密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '1234';
2、安装keystone组件
禁用Keystone服务在安装完成后自启
echo "manual" > /etc/init/keystone.override安装软件包,不出意外的话
apt-get install keystone apache2 libapache2-mod-wsgi3、生成随机值作为临时令牌'token'
生成的令牌一定要保存下来,后续配置会使用
openssl rand -hex 10
4、配置keystone服务
vim /etc/keystone/keystone.conf在[DEFAULT]里添加临时令牌(填自己的临时令牌)
admin_token = 011068c32d724dba0971
在[database]里添加数据库,大约在550行,查询非编辑状态输入 /[data
1234是创建keystone数据库时设置的密码
connection = mysql+pymysql://keystone:1234@controller/keystone注意一定要把之前的connection注释掉 只能有一个
在[database]里添加provider,大约在1987行
同步数据库和初始化Fernet令牌
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone5、配置Apache服务
在apache2.conf文件中添加主机名,在文件中靠前的位置添加该项
ServerName controller配置虚拟主机,新创建文件wsgi-keystone.conf
vim /etc/apache2/sites-available/wsgi-keystone.conf
文件内容如下:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>启用虚拟机并重启Apache服务
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
service apache2 restart说明:
service apache2 restart 如果重启失败
重启时出现systemd[1]: Failed to start LSB: Apache2 web server https://stackoverflow.com/questions/35118773/systemd1-failed-to-start-lsb-apache2-web-server
解决办法:
sudo apt-get purge apache2
sudo apt-get install apache2再重启service apache2 restart
删除默认的SQLite数据库
rm -f /var/lib/keystone/keystone.db6、创建服务实体和API访问端点
配置身份认证令牌'token',export OS_TOKEN为先前生成的临时令牌,controller为主机名
export OS_TOKEN=011068c32d724dba0971
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建`identity`服务实体(这一步一般都会报错,具体看哪个错误)
openstack service create --name keystone --description "OpenStack Identity" identity如果报错:
The program 'openstack' can be found in the following packages:
* python-openstackclient
* python3-openstackclient
解决方法:
apt-get install python-openstackclient如果报500错误:
(我就是第二个错误)
可以去/var/log/keystone 下面去查看错误日志
一般是数据库字符集的错误解决办法如下:
1、删除keystone的数据库并重启虚拟机
mysql -uroot -p1234 -e "DROP DATABASE IF EXISTS keystone;"
init 62、重新安装keystone数据库
进入数据库
mysql -uroot -p1234
创建数据库
CREATE DATABASE keystone;
赋予数据库权限,<KEYSTONE_DBPASS>为自定义密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '1234';
退出数据库
exit;
3、同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone4、创建`identity`服务实体
openstack service create --name keystone --description "OpenStack Identity" identity
以上就是解决创建`identity`服务实体报500错误方法
创建`identity`服务的访问端点`endpoint`
7、创建域(domain),项目(projects),用户(users)与角色(roles)
创建域`default`
openstack domain create --description "Default Domain" default报错没有这个命令
原因:环境变量用的是OpenStack Identity API v2.0,这就是问题的关键,domain子命令不支持OpenStack Identity API v2.0,支持OpenStack Identity API v3.0,直接不管
创建项目、用户、角色`admin`
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
为项目`admin`与用户`admin`添加角色`admin`
openstack role add --project admin --user admin admin
创建项目`service`
openstack project create --domain default \
description "Service Project" service
openstack project create --domain default \
description "Demo Project" demo
openstack user create --domain default \
password-prompt demo
openstack role create user
为项目`demo`与用户`demo`添加角色`user`
openstack role add --project demo --user demo user
8、测试操作
删除文件keystone-paste.ini中的admin_token_auth
vim /etc/keystone/keystone-paste.ini分别从[pipeline:public_api],[pipeline:admin_api] 和 [pipeline:api_v3] 中移除 admin_token_auth
把原本的注释掉,直接复制以下内容
[pipeline:public_api]
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
[pipeline:admin_api]
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
[pipeline:api_v3]
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
移除临时令牌`token`与访问URL
unset OS_TOKEN OS_URL使用`amdin`用户请求令牌`token`,会提示输入密码,我配置的是1234
openstack --os-auth-url http://controller:35357/v3 \
os-project-domain-name default --os-user-domain-name default \
os-project-name admin --os-username admin token issue使用`demo`用户请求令牌(token)
openstack --os-auth-url http://controller:5000/v3 \
os-project-domain-name default --os-user-domain-name default \
os-project-name demo --os-username demo token issue为`admin`用户创建脚本,在根目录新建openstack文件夹和admin-openrc文件
mkdir /openstack
vim /openstack/admin-openrc
文件内容:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
# 自己设置的密码(1234)
export OS_PASSWORD=1234
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
为`demo`用户创建脚本,新建demo-openrc文件
vim /openstack/demo-openrc
文件内容:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
# 自己设置的密码(1234)
export OS_PASSWORD=1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用脚本
# 使用admin-openrc脚本
source /openstack/admin-openrc
# 使用demo-openrc脚本
source /openstack/demo-openrc请求令牌`token`
openstack token issue
文章来源:https://www.toymoban.com/news/detail-763325.html
文章来源地址https://www.toymoban.com/news/detail-763325.html
到了这里,关于三、搭建OpenStack(M版)之Keystone组件(重要)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
