1、创建数据库

[root@controller ~]# mysql -u root -p
[root@controller ~]# CREATE DATABASE keystone;
[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'PWS';
[root@controller ~]# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'PWS';
[root@controller ~]# openssl rand -hex 10

2、安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

3、启动memcache

# systemctl enable memcached.service
# systemctl start memcached.service

4、设置环境

  1. Edit the /etc/keystone/keystone.conf file and complete the following actions:
    1. In the [DEFAULT] section, define the value of the initial administration token:
      1
      2
      3
      [DEFAULT]
      ...
      admin_token = ADMIN_TOKEN
      Replace ADMIN_TOKEN with the random value that you generated in a previous step.
    2. In the [database] section, configure database access:
      1
      2
      3
      [database]
      ...
      connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
      Replace KEYSTONE_DBPASS with the password you chose for the database.
    3. In the [memcache] section, configure the Memcache service:
      1
      2
      3
      [memcache]
      ...
      servers = localhost:11211
    4. In the [token] section, configure the UUID token provider and Memcached driver:
      1
      2
      3
      4
      [token]
      ...
      provider = keystone.token.providers.uuid.Provider
      driver = keystone.token.persistence.backends.memcache.Token
    5. In the [revoke] section, configure the SQL revocation driver:
      1
      2
      3
      [revoke]
      ...
      driver = keystone.contrib.revoke.backends.sql.Revoke
    6. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:
      1
      2
      3
      [DEFAULT]
      ...
      verbose = True
  2. Populate the Identity service database:
    # su -s /bin/sh -c "keystone-manage db_sync" keystone

5、设置HTTP

  1. Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

    ServerName controller
  2. Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:
    Listen 5000
    Listen 35357
    
    <VirtualHost *:5000>
        WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-public
        WSGIScriptAlias / /var/www/cgi-bin/keystone/main
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
        LogLevel info
        ErrorLogFormat "%{cu}t %M"
        ErrorLog /var/log/httpd/keystone-error.log
        CustomLog /var/log/httpd/keystone-access.log combined
    </VirtualHost>
    
    <VirtualHost *:35357>
        WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-admin
        WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
        LogLevel info
        ErrorLogFormat "%{cu}t %M"
        ErrorLog /var/log/httpd/keystone-error.log
        CustomLog /var/log/httpd/keystone-access.log combined
    </VirtualHost>
  3. Create the directory structure for the WSGI components:
    # mkdir -p /var/www/cgi-bin/keystone
  4. Copy the WSGI components from the upstream repository into this directory:
    # curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
      | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
  5. Adjust ownership and permissions on this directory and the files in it:
    # chown -R keystone:keystone /var/www/cgi-bin/keystone
    # chmod 755 /var/www/cgi-bin/keystone/*
  • Restart the Apache HTTP server:

    # systemctl enable httpd.service
    # systemctl start httpd.service
  • 6、设置HTTP

CentOS 7部署OpenStack(二)—安装keystone服务的更多相关文章

  1. CentOS6.6部署OpenStack Havana(Nova-Network版)

    CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...

  2. openstack组件之keystone

    一 什么是keystone keystone是 OpenStack Identity Service 的项目名称.它在整个体系中充当一个授权者的角色. Keystone项目的主要目的是给整个opens ...

  3. keystone系列二:keystone源码分析

    六 keystone架构 6.1 Keystone API Keystone API与Openstack其他服务的API类似,也是基于ReSTFul HTTP实现的. Keystone API划分为A ...

  4. openstack安装记录(二)keystone安装

    先决条件 在你配置 OpenStack 身份认证服务前,你必须创建一个数据库和管理员令牌. 完成下面的步骤以创建数据库: 用数据库连接客户端以 root 用户连接到数据库服务器: $ mysql -u ...

  5. Linux(CentOS、Ububtu)一键安装Openstack及其它参考文档汇总

    原文链接  http://www.aboutyun.com/thread-10920-1-1.html openstack相关资料 CentOS下一键安装Openstack  http://blog. ...

  6. 在Ubuntu 12.10 上安装部署Openstack

    OpenStack系统有几个关键的项目,它们能够独立地安装但是能够在你的云计算中共同工作.这些项目包括:OpenStack Compute,OpenStack Object Storage,OpenS ...

  7. OpenStack:安装Keystone

    >安装Keystone1. 安装# apt-get install keystone2. 创建dbcreate database keystone;grant all privileges on ...

  8. 决战大数据之二:CentOS 7 最新JDK 8安装

    决战大数据之二:CentOS 7 最新JDK 8安装 [TOC] 修改hostname # hostnamectl set-hostname node1 --static # reboot now 重 ...

  9. Anyconnect的VPN环境部署(1)-OpenConnect server(ocserv)服务安装

    打算在公司IDC机房部署一套VPN环境,经过考虑,最终决定采用Cisco下的开源技术AnyConnect.AnyConnect的优势有:1)长连接,待机不会断开:2)速度快,稳定性好:3)安全性好,全 ...

随机推荐

  1. initrd image比lvm.conf文件舊導致RHCS切換服務unmount failed,reboot

    在RHCS服務切換的時候,unmount盤的時候,發現會failed,並且直接導致reboot. 在message里看到這樣一段 [lvm] * initrd image needs to be ne ...

  2. Hdu OJ 5965 扫雷(递推)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5965 题目大意:中文题,自己读 解图思路:对于每一列都有三种情况--0, 1, 2. 如果第一列确定地 ...

  3. Notepad++的列编辑功能

    转自:http://www.crifan.com/files/doc/docbook/rec_soft_npp/release/htmls/index.html http://www.crifan.c ...

  4. 如何在ASP.Net中实现RSA加密

    在我们实际运用中,加密是保证数据安全的重要手段.以前使用ASP时,对数据加密可以使用MD5和SHA1算法,这两种算法虽然快捷有效,但是无法对通过它们加密的密文进行反运算,即是解密.因此需要解密数据的场 ...

  5. iOS新建项目文件管理规范

    当我们进入到新的公司的第一天,看到以前老员工编写的代码,找个东西累死人咧,那个抓耳挠腮的啊,一般情况下都有想揍人的赶脚. 哈哈,不忙,先想一下自己的代码!想一下自己写的代码怎么才能新来的人一眼就能看懂 ...

  6. ctrl+z暂停任务

    (1) CTRL+Z挂起进程并放入后台 (2) jobs 显示当前暂停的进程 (3) bg %N 使第N个任务在后台运行(%前有空格) (4) fg %N 使第N个任务在前台运行 默认bg,fg不带% ...

  7. php中检查文件或目录是否存在的代码小结

    检查文件或目录是否存在 ,我们使用了php中常用的函数file_exists,这个函数就可以实现我想要的功能,下面大家慢慢参考一下下面是一个简单的检查文件是否存在的实例代码: <?php $fi ...

  8. mysql多实例安装脚本

    #! /bin/bash # v.mysql-5.6.30-linux-glibc2.5-x86_64.tar.gz # only install master mysql # time:2016-0 ...

  9. 比支付宝更好用的读IC卡信息工具

    编程语言:VC++ 更新时间:2014.10.23 操作系统:windowAll 工具:PCSC读卡器 在上一个博文<<解惑:NFC手机如何轻松读取银行卡信息?>>中,介绍了支 ...

  10. android操作文件

    Android中读取/写入文件的方法,与Java中的I/O是一样的,提供了openFileInput()和openFileOutput()方法来读取设备上的文件.但是在默认状态下,文件是不能在不同的程 ...