Install keystone¶
start install¶
Download vagrant and bootstrap Vagrant and Bootstrap
cd ~
wget https://thaiopen.github.io/SipaLinuxCourse/_downloads/openstack3.tar.gz
tar xvf openstack3.tar.gz
cd openstack3
bash start.sh
vagrant ssh controller
sudo su -
cd /vagrant
ls
bootstrap.sh gen_pass.sh isconnect.sh passwordlist Vagrantfile
gen_database.sh hosts mysql.sh start.sh virsh-manage.sh
cp hosts /etc/hosts
$ bash isconnect.sh
Success test ping from controller to controller
Success test ping from controller to network
Success test ping from controller to compute1
Success test ping from controller to compute2
Success test ping from controller to block1
Success test ping from controller to object1
Success test ping from controller to object2
Success test ping from controller to share1
Success test ping from controller to share2
// Enable password
# vi /etc/ssh/sshd_config +79
PasswordAuthentication yes
# systemctl restart sshd
// Gen key id_rsa.pub
# ssh-keygen -t rsa -b 4096 -C "openstack"
# ls ~/.ssh/
id_rsa id_rsa.pub
//copy key ไปยัง ทุกโหนด
# ssh-copy-id compute1
//test
# ssh compute
# ssh-copy-id localhost
# ssh localhost
Install Process¶
root password is $DB_PASS. please chech database (optional)
echo $DB_PASS
mysql -uroot -p$DB_PASS
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit
//show database
mysql -uroot -p$DB_PASS -e "show databases;"
//show user
mysql -uroot -p$DB_PASS -e "SELECT User,host from mysql.user;"
Create Database¶
source passwordlist
bash gen_database.sh
mysql -uroot -p$DB_PASS -e "show databases;"
mysql -uroot -p$DB_PASS -e "SELECT User,host from mysql.user;"
//if need to delete all user and database
//delete database
mysql -uroot -p$DB_PASS -e "show databases;"
dbs="keystone glance nova_api nova neutron cinder manila heat aodh trove"
for d in $dbs; do mysql -uroot -p$DB_PASS -e "DROP DATABASE $d" ; done
mysql -uroot -p$DB_PASS -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
//show user
mysql -uroot -p$DB_PASS -e "SELECT User,host from mysql.user;"
//delete user
services="keystone glance nova neutron cinder manila heat aodh trove"
for s in $services; do mysql -uroot -p$DB_PASS -e "DROP USER '$s'@'%'" ; done
for s in $services; do mysql -uroot -p$DB_PASS -e "DROP USER '$s'@'localhost'" ; done
for s in $services; do mysql -uroot -p$DB_PASS -e "DROP USER '$s'@'controller.example.com'" ; done
Install package¶
yum install openstack-keystone httpd mod_wsgi
option1 edit manual¶
/etc/keystone/keystone.conf
[DEFAULT]
...
admin_token = ADMIN_TOKEN
[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
...
provider = fernet
อย่าลืมแทนท่า ADMIN_TOKEN และ KEYSTONE_DBPASS ใน passwordlist
option2 edit by openstack-config¶
keystone="openstack-config --set /etc/keystone/keystone.conf"
$keystone DEFAULT admin_token $ADMIN_TOKEN
$keystone database connection mysql+pymysql://keystone:$KEYSTONE_DBPASS@controller/keystone
$keystone token provider fernet
Create tables in keystone database
su -s /bin/sh -c "keystone-manage db_sync" keystone
Initialize key
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
Config apache
vi /etc/httpd/conf/httpd.conf
96 ServerName controller
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
set environment variable
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
Create service Entry¶
create
openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | fc434971e4e14cfc8a222cd32daf1880 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
delete
openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| fc434971e4e14cfc8a222cd32daf1880 | keystone | identity |
| fd5dc8b1b81c4bf780e0f3127ef03c61 | keystone | identity |
+----------------------------------+----------+----------+
openstack service delete fc434971e4e14cfc8a222cd32daf1880
openstack service delete fd5dc8b1b81c4bf780e0f3127ef03c61
Loging
cd /var/log/keystone
ls
tail -f keystone.log
cd /var/log/httpd/
ls
Create Endpoint
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
openstack endpoint list
Domain Project User
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user