三、搭建OpenStack(M版)之Keystone组件(重要)
本实行环境为windows11体系,Vmware pro 15.5,假造机为Ubuntu16.04 server1、创建keystone数据库
进入数据库并创建
mysql -uroot -p1234
CREATE DATABASE keystone; 赋予数据库权限,‘1234’为keystone自界说密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '1234'; https://i-blog.csdnimg.cn/blog_migrate/3a1f7b6ecd9040f30f65d5c2d6ee7fdc.png
2、安装keystone组件
禁用Keystone服务在安装完成后自启
echo "manual" > /etc/init/keystone.override 安装软件包,不出不测的话
apt-get install keystone apache2 libapache2-mod-wsgi 3、天生随机值作为临时令牌'token'
天生的令牌肯定要保存下来,后续配置会使用
openssl rand -hex 10 https://i-blog.csdnimg.cn/blog_migrate/1b61b208e8324ebdbfef861840a315df.png
4、配置keystone服务
vim /etc/keystone/keystone.conf 在里添加临时令牌(填自己的临时令牌)
admin_token = 011068c32d724dba0971 https://i-blog.csdnimg.cn/blog_migrate/b78600a7b532dd20a42cab9a6ab576dc.png
在里添加数据库,大约在550行,查询非编辑状态输入 /[data
1234是创建keystone数据库时设置的密码
connection = mysql+pymysql://keystone:1234@controller/keystone 注意肯定要把之前的connection注释掉 只能有一个
https://i-blog.csdnimg.cn/blog_migrate/172ce2616ff19ee9d378e55e024a9972.png
在里添加provider,大约在1987行
https://i-blog.csdnimg.cn/blog_migrate/defe824daa6f5c78a0f3c56ebcfe758d.png
同步数据库和初始化Fernet令牌
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 5、配置Apache服务
在apache2.conf文件中添加主机名,在文件中靠前的位置添加该项
ServerName controller 配置假造主机,新创建文件wsgi-keystone.conf
vim /etc/apache2/sites-available/wsgi-keystone.conf https://i-blog.csdnimg.cn/blog_migrate/4350932a6013277a358c85e543c5d092.png
文件内容如下:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost> 启用假造机并重启Apache服务
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
service apache2 restart 说明:
service apache2 restart 假如重启失败
重启时出现systemd: Failed to start LSB: Apache2 web server https://stackoverflow.com/questions/35118773/systemd1-failed-to-start-lsb-apache2-web-server
解决办法:
sudo apt-get purge apache2
sudo apt-get install apache2 再重启service apache2 restart
删除默认的SQLite数据库
rm -f /var/lib/keystone/keystone.db 6、创建服务实体和API访问端点
配置身份认证令牌'token',export OS_TOKEN为先宿世成的临时令牌,controller为主机名
export OS_TOKEN=011068c32d724dba0971
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3 https://i-blog.csdnimg.cn/blog_migrate/4af34b4112f51250b0a763d9b2da0bdb.png
创建`identity`服务实体(这一步一般都会报错,详细看哪个错误)
openstack service create --name keystone --description "OpenStack Identity" identity 假如报错:
The program 'openstack' can be found in the following packages:
* python-openstackclient
* python3-openstackclient
解决方法:
apt-get install python-openstackclient 假如报500错误:
https://i-blog.csdnimg.cn/blog_migrate/a1c18f82b4159c1effd14b9406a887c4.png
(我就是第二个错误)
可以去/var/log/keystone 下面去查看错误日志
一般是数据库字符集的错误解决办法如下:
1、删除keystone的数据库并重启假造机
mysql -uroot -p1234 -e "DROP DATABASE IF EXISTS keystone;"
init 6 2、重新安装keystone数据库
进入数据库mysql -uroot -p1234创建数据库CREATE DATABASE keystone;赋予数据库权限,<KEYSTONE_DBPASS>为自界说密码GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '1234';退出数据库exit; https://i-blog.csdnimg.cn/blog_migrate/8f62fe89b08f2a9844da6824dcb065e7.png
3、同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone 4、创建`identity`服务实体
openstack service create --name keystone --description "OpenStack Identity" identity https://i-blog.csdnimg.cn/blog_migrate/7cde8b281b8c3b1802d83504d9756703.png
以上就是解决创建`identity`服务实体报500错误方法
创建`identity`服务的访问端点`endpoint`
https://i-blog.csdnimg.cn/blog_migrate/1173f1e57d55f444ad57dbdf52b5420e.png
7、创建域(domain),项目(projects),用户(users)与角色(roles)
创建域`default`
openstack domain create --description "Default Domain" default 报错没有这个命令https://i-blog.csdnimg.cn/blog_migrate/ed34149e54284f283fc84e3a462b311d.png
原因:环境变量用的是OpenStack Identity API v2.0,这就是问题的关键,domain子命令不支持OpenStack Identity API v2.0,支持OpenStack Identity API v3.0,直接不管
创建项目、用户、角色`admin`
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin https://i-blog.csdnimg.cn/blog_migrate/966af22953ad76df1fd7d2064d1b2ffc.png
为项目`admin`与用户`admin`添加角色`admin`
openstack role add --project admin --user admin admin https://i-blog.csdnimg.cn/blog_migrate/2d57908ca4ba149ff77246967931b065.png
创建项目`service`
openstack project create --domain default \
description "Service Project" service
openstack project create --domain default \
description "Demo Project" demo
openstack user create --domain default \
password-prompt demo
openstack role create user https://i-blog.csdnimg.cn/blog_migrate/0613db260536117e6a3cb6f16e38243e.png
为项目`demo`与用户`demo`添加角色`user`
openstack role add --project demo --user demo user https://i-blog.csdnimg.cn/blog_migrate/4404740a8e7a3ab2febfb6eeedad546b.png
8、测试操作
删除文件keystone-paste.ini中的admin_token_auth
vim /etc/keystone/keystone-paste.ini 分别从, 和 中移除 admin_token_auth
把原来的注释掉,直接复制以下内容
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3 https://i-blog.csdnimg.cn/blog_migrate/19699db1c55a11c1abf57443b4d1fcaa.png
移除临时令牌`token`与访问URL
unset OS_TOKEN OS_URL 使用`amdin`用户请求令牌`token`,会提示输入密码,我配置的是1234
openstack --os-auth-url http://controller:35357/v3 \
os-project-domain-name default --os-user-domain-name default \
os-project-name admin --os-username admin token issue 使用`demo`用户请求令牌(token)
openstack --os-auth-url http://controller:5000/v3 \
os-project-domain-name default --os-user-domain-name default \
os-project-name demo --os-username demo token issue 为`admin`用户创建脚本,在根目录新建openstack文件夹和admin-openrc文件
mkdir /openstack
vim /openstack/admin-openrc
文件内容:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
# 自己设置的密码(1234)
export OS_PASSWORD=1234
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2 https://i-blog.csdnimg.cn/blog_migrate/79f8df3b22cd92ccd44da99018cad28c.png
为`demo`用户创建脚本,新建demo-openrc文件
vim /openstack/demo-openrc
文件内容:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
# 自己设置的密码(1234)
export OS_PASSWORD=1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2 https://i-blog.csdnimg.cn/blog_migrate/cf5a40fc40e229553058b258ef05f3af.png
使用脚本
# 使用admin-openrc脚本
source /openstack/admin-openrc
# 使用demo-openrc脚本
source /openstack/demo-openrc 请求令牌`token`
openstack token issue https://i-blog.csdnimg.cn/blog_migrate/d98d6b8bd1ac1c14eaa32df3c1e24474.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]