控制节点身份服务
离线下载
apt-get install --download-only keystone python3-openstackclient apache2 libapache2-mod-wsgi-py3
mkdir /controller/keystone
mv /var/cache/apt/archives/*.deb /controller/keystone/
dpkg -i /controller/keystone/*.deb
在一个控制节点操作
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
FLUSH PRIVILEGES;
在三个控制节点操作
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@<VIP>/keystone
[token]
provider = fernet
[cache]
enabled = true
backend = dogpile.cache.memcached
memcache_servers = ip1:11211,ip2:11211,ip3:11211
在一个控制节点操作
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://<VIP>:5000/v3/ \
--bootstrap-internal-url http://<VIP>:5000/v3/ \
--bootstrap-public-url http://<VIP>:5000/v3/ \
--bootstrap-region-id RegionOne
在三个控制节点操作
- keystone以wsgi方式通过apache提供服务
vim /etc/apache2/apache2.conf
ServerName <VIP>
systemctl start apache2 && systemctl enable apache2
vim ~/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://<VIP>:5000/v3
export OS_IDENTITY_API_VERSION=3
只在一个控制节点操作
scp -r /etc/keystone/fernet-keys/ controller2:/etc/keystone/
scp -r /etc/keystone/credential-keys/ controller2:/etc/keystone/
scp -r /etc/keystone/fernet-keys/ controller3:/etc/keystone/
scp -r /etc/keystone/credential-keys/ controller3:/etc/keystone/
chown -R keystone:keystone /etc/keystone/fernet-keys /etc/keystone/credential-keys
chmod 700 /etc/keystone/fernet-keys /etc/keystone/credential-keys
systemctl restart apache2
检查
source ~/admin-openrc
openstack token issue