Openstack(Kilo)安装系列之Keystone（三）

安装配置

Before you configure the OpenStack Identity service, you must create a database and an administration token.

一、创建keystone数据库并授权

1.登陆数据库

mysql -u root -p

2.创建数据库并授权

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Replace KEYSTONE_DBPASS with a suitable password.

二、创建管理员token

openssl rand -hex 

记住token值

三、安装配置keystone

1.安装keystone

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

2.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service
systemctl start memcached.service

3.Edit the /etc/keystone/keystone.conf file and complete the following actions

a.In the [DEFAULT] section, define the value of the initial administration token:

[DEFAULT]
...
admin_token = ADMIN_TOKEN

Replace ADMIN_TOKEN with the random value that you generated in a previous step.

b.In the [database] section, configure database access:

[database]
...
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

Replace KEYSTONE_DBPASS with the password you chose for the database.

c.In the [memcache] section, configure the Memcache service:

[memcache]
...
servers = localhost:

d.In the [token] section, configure the UUID token provider and Memcached driver:

[token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token

e.In the [revoke] section, configure the SQL revocation driver:

[revoke]
...
driver = keystone.contrib.revoke.backends.sql.Revoke

f.(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

[DEFAULT]
...
verbose = True

4.Populate the Identity service database:

su -s /bin/sh -c "keystone-manage db_sync" keystone

四、To configure the Apache HTTP server

1.Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

ServerName controller

2.Create the /etc/httpd/conf.d/wsgi-keystone.conf file with the following content:

Listen
Listen 

<VirtualHost *:>
    WSGIDaemonProcess keystone-public processes= threads= user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>

<VirtualHost *:>
    WSGIDaemonProcess keystone-admin processes= threads= user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>

3.Create the directory structure for the WSGI components:

mkdir -p /var/www/cgi-bin/keystone

4.Copy the WSGI components from the upstream repository into this directory:

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

5.Adjust ownership and permissions on this directory and the files in it:

chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod  /var/www/cgi-bin/keystone/*

6.启动Apache服务，设置开机自起

systemctl enable httpd.service
systemctl start httpd.service