# yum install -y openstack-keystone httpd mod_wsgi

# mysql -u root -p -e "CREATE DATABASE keystone "

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.03 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

IDENTIFIED BY 'zoomtech';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

->   IDENTIFIED BY 'zoomtech';

Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> exit

Bye

[root@controller1 ~]# mysql -uroot -p -e "CREATE DATABASE keystone"

[root@controller1 ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'zoomtech'"

[root@controller1 ~]# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY 'zoomtech'"

[root@controller1 ~]# openssl rand -hex 10

d68d8a32a75bdbfdb004

配置/etc/keystone/keystone.conf文件

[DEFAULT]

verbose = true

admin_token = 745faaa51f7c62f8a2a7

public_bind_host = 192.168.17.132

admin_bind_host = 192.168.17.132

bind_host = controller1

[database]

connection = mysql+pymysql://keystone:zoomtech@demo.open-stack.cn/keystone

[token]

provider = keystone.token.providers.uuid.Provider

dirver = keystone.token.persistence.backends.memcach.Token

caching = true

token = keystone.auth.plugins.token.Token

[revoke]

driver = keystone.contrib.revoke.backends.sql.Revoke

[identity]

driver = sql

#driver = keystone.identity.backends.sql.identity

[catalog]

driver = sql

#driver = keystone.catalog.backends.sql.Catalog

[memcache]

servers = controller1:11211,controller2:11211,controller3:11211

[root@controller1 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token d68d8a32a75bdbfdb004

[root@controller1 ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:zoomtech@demo.open-stack.cn/keystone

[root@controller1 ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet

[root@controller1 ~]# openstack-config --set /etc/keystone/keystone.conf memcache servers controller1:11211,controller2:11211,controller3:11211

[root@controller1 ~]# scp /etc/keystone/keystone.conf controller2:/etc/keystone/

keystone.conf                                                          100%   72KB  71.9KB/s   00:00

[root@controller1 ~]# scp /etc/keystone/keystone.conf controller3:/etc/keystone/

[root@controller2 ~]# vim /etc/keystone/keystone.conf

admin_token = 745faaa51f7c62f8a2a7

public_bind_host = 192.168.17.151

bind_host = controller2

admin_bind_host = 192.168.17.151

[root@controller3 ~]# vim /etc/keystone/keystone.conf

[default]

public_bind_host = 192.168.17.138

bind_host = controller3

admin_bind_host = 192.168.17.138

确认权限

[root@controller1 ~]# ll /etc/keystone/keystone.conf

-rw-r----- 1 root keystone 73642 Feb 21 15:42 /etc/keystone/keystone.conf

[root@controller1 ~]# chown root:keystone /etc/keystone/keystone.conf

[root@controller1 ~]# chmod 640 /etc/keystone/keystone.conf

同步Keystone数据库

[root@controller1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet keys

[root@controller1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置Apache Http服务

1、三个节点配置 /etc/httpd/conf/httpd.conf

[root@controller1 ~] # vim /etc/httpd/conf/httpd.conf

ServerName controller1

Listen 8080

[root@controller2 ~]# vim /etc/httpd/conf/httpd.conf

ServerName controller2

Listen 8080

[root@controller3 ~]# vim /etc/httpd/conf/httpd.conf

ServerName controller3

Listen 8080

2、[root@controller1 ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

<VirtualHost *:5000>

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-public

WSGIScriptAlias / /usr/bin/keystone-wsgi-public

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>

Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:35357>

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>

Require all granted

</Directory>

</VirtualHost>

将wsgi-keystone.conf复制到 controller2和controller3

3、启动apache

# systemctl enable httpd.service

# systemctl start httpd.service

[root@controller1 ~]# export OS_TOKEN=d68d8a32a75bdbfdb004

[root@controller1 ~]# export OS_URL=http://demo.open-stack.cn:35357/v3

[root@controller1 ~]# export OS_IDENTITY_API_VERSION=3

创建服务实体和身份认证服务:

[root@controller1 ~]# openstack service create   --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Identity               |

| enabled     | True                             |

| id          | 5fe30200d9464aa384b5ddc1864b0244 |

| name        | keystone                         |

| type        | identity                         |

+-------------+----------------------------------+

error:

Unable to establish connection to http://demo.open-stack.cn:35357/v3/services

创建认证服务的 API 端点:

[root@controller1 ~]# openstack endpoint create --region RegionOne \

identity public http://demo.open-stack.cn:5000/v3

+--------------+-----------------------------------+

| Field        | Value                             |

+--------------+-----------------------------------+

| enabled      | True                              |

| id           | 527cfe77e4d64668ae4c5a92f5841607  |

| interface    | public                            |

| region       | RegionOne                         |

| region_id    | RegionOne                         |

| service_id   | 5fe30200d9464aa384b5ddc1864b0244  |

| service_name | keystone                          |

| service_type | identity                          |

| url          | http://demo.open-stack.cn:5000/v3 |

+--------------+-----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne   identity internal http://demo.open-stack.cn:5000/v3

+--------------+-----------------------------------+

| Field        | Value                             |

+--------------+-----------------------------------+

| enabled      | True                              |

| id           | 9ecf73dab7c9481b9bb6976be271e93c  |

| interface    | internal                          |

| region       | RegionOne                         |

| region_id    | RegionOne                         |

| service_id   | 5fe30200d9464aa384b5ddc1864b0244  |

| service_name | keystone                          |

| service_type | identity                          |

| url          | http://demo.open-stack.cn:5000/v3 |

+--------------+-----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne   identity admin http://demo.open-stack.cn:35357/v3

+--------------+------------------------------------+

| Field        | Value                              |

+--------------+------------------------------------+

| enabled      | True                               |

| id           | 4606f3b199a14167a9ebe76a0bda45f3   |

| interface    | admin                              |

| region       | RegionOne                          |

| region_id    | RegionOne                          |

| service_id   | 5fe30200d9464aa384b5ddc1864b0244   |

| service_name | keystone                           |

| service_type | identity                           |

| url          | http://demo.open-stack.cn:35357/v3 |

+--------------+------------------------------------+

[root@controller1 ~]# openstack domain create --description "Default Domain" default

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Default Domain                   |

| enabled     | True                             |

| id          | 6fb0271bda4d459ab05a752b7708dee3 |

| name        | default                          |

+-------------+----------------------------------+

[root@controller1 ~]# openstack project create --domain default \

--description "Admin Project" admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Admin Project                    |

| domain_id   | 6fb0271bda4d459ab05a752b7708dee3 |

| enabled     | True                             |

| id          | b81fade4255149c29aa53b87312f60de |

| is_domain   | False                            |

| name        | admin                            |

| parent_id   | 6fb0271bda4d459ab05a752b7708dee3 |

+-------------+----------------------------------+

[root@controller1 ~]# openstack user create --domain default \

--password-prompt admin

User Password:

Repeat User Password:

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | 6fb0271bda4d459ab05a752b7708dee3 |

| enabled   | True                             |

| id        | e88caafd2c874b6ab4bc23d8b5fbf422 |

| name      | admin                            |

+-----------+----------------------------------+

[root@controller1 ~]# openstack role create admin

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | cb618462ef4a4479a7c0b611d3ead7ed |

| name      | admin                            |

+-----------+----------------------------------+

[root@controller1 ~]# openstack role add --project admin --user admin admin

创建Service

[root@controller1 ~]# openstack project create --domain default \

--description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | 6fb0271bda4d459ab05a752b7708dee3 |

| enabled     | True                             |

| id          | b581d85c3bd642d88909f36a1ebb6387 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | 6fb0271bda4d459ab05a752b7708dee3 |

+-------------+----------------------------------+

创建``demo`` 项目:

[root@controller1 ~]# openstack project create --domain default \

--description "Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | 6fb0271bda4d459ab05a752b7708dee3 |

| enabled     | True                             |

| id          | da951d38bfd24ecc9d7384d3b8760dd6 |

| is_domain   | False                            |

| name        | demo                             |

| parent_id   | 6fb0271bda4d459ab05a752b7708dee3 |

+-------------+----------------------------------+

[root@controller1 ~]# openstack user create --domain default \

--password-prompt demo

User Password:

Repeat User Password:

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | 6fb0271bda4d459ab05a752b7708dee3 |

| enabled   | True                             |

| id        | f113613d853342dba7b9636b571208bf |

| name      | demo                             |

+-----------+----------------------------------+

创建 user 角色:

[root@controller1 ~]# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | 1c0bcc0e6ffe46d7b0366ead1d55908f |

| name      | user                             |

+-----------+----------------------------------+

[root@controller1 ~]# openstack role add --project demo --user demo user

编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth

[root@controller1 ~]# vim /etc/keystone/keystone-paste.ini

[root@controller1 ~]#

[root@controller1 ~]# unset OS_TOKEN OS_URL

[root@controller1 ~]# openstack --os-auth-url http://demo.open-stack.cn:35357/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name admin --os-username admin token issue

Password:

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2017-02-22T06:28:10.845869Z      |

| id         | cff141923edc40d69ead04bcde8f01c4 |

| project_id | b81fade4255149c29aa53b87312f60de |

| user_id    | e88caafd2c874b6ab4bc23d8b5fbf422 |

+------------+----------------------------------+

[root@controller1 ~]# vim admin-openrc.sh

export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=zoomtech

export OS_AUTH_URL=http://demo.open-stack.cn:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@controller1 ~]# source admin-openrc.sh

[root@controller1 ~]# openstack token issue

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2017-02-22T06:30:45.484675Z      |

| id         | de745b965ce2466a904f18ce0a187279 |

| project_id | b81fade4255149c29aa53b87312f60de |

| user_id    | e88caafd2c874b6ab4bc23d8b5fbf422 |

+------------+----------------------------------+

[root@controller1 ~]# openstack service list

+----------------------------------+----------+----------+

| ID                               | Name     | Type     |

+----------------------------------+----------+----------+

| 5fe30200d9464aa384b5ddc1864b0244 | keystone | identity |

+----------------------------------+----------+----------+

在 Controller2上验证Keystone

[root@controller2 ~]# source admin-openrc.sh

[root@controller2 ~]# openstack token issue

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2017-02-22T06:31:51.487910Z      |

| id         | e2ffc4461c604107ac9ba7386d493a09 |

| project_id | b81fade4255149c29aa53b87312f60de |

| user_id    | e88caafd2c874b6ab4bc23d8b5fbf422 |

+------------+----------------------------------+

[root@controller2 ~]# openstack service list

+----------------------------------+----------+----------+

| ID                               | Name     | Type     |

+----------------------------------+----------+----------+

| 5fe30200d9464aa384b5ddc1864b0244 | keystone | identity |

+----------------------------------+----------+----------+

在 Controller2上验证Keystone

[root@controller3 ~]# source admin-openrc.sh

[root@controller3 ~]# openstack token issue

+------------+----------------------------------+

| Field      | Value                            |

+------------+----------------------------------+

| expires    | 2017-02-22T06:32:19.618061Z      |

| id         | 3db2b1cec73d48b496ac8845e0842bea |

| project_id | b81fade4255149c29aa53b87312f60de |

| user_id    | e88caafd2c874b6ab4bc23d8b5fbf422 |

+------------+----------------------------------+

[root@controller3 ~]# openstack service list

+----------------------------------+----------+----------+

| ID                               | Name     | Type     |

+----------------------------------+----------+----------+

| 5fe30200d9464aa384b5ddc1864b0244 | keystone | identity |

+----------------------------------+----------+----------+

本文转自 OpenStack2015 51CTO博客,原文链接:http://blog.51cto.com/andyliu/1917399,如需转载请自行联系原作者

Openstack HA集群5-Keystone HA的更多相关文章

  1. OpenStack Swift集群与Keystone的整合使用说明

    之前已经介绍了OpenStack Swift集群和Keystone的安装部署,最后来讲一讲Swift集群与Keystone的整合使用吧. 1. 简介 本文档描述了Keystone与Swift集群的整合 ...

  2. HUE配置文件hue.ini 的hdfs_clusters模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  3. HUE配置文件hue.ini 的hive和beeswax模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  4. HUE配置文件hue.ini 的yarn_clusters模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  5. HUE配置文件hue.ini 的database模块详解(包含qlite、mysql、 psql、和oracle)(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! Hue配置文件里,提及到,提供有postgresql_psycopg2, mysql, sqlite3 or oracle. 注意:Hue本身用到的是sqlite3. 在哪里呢, ...

  6. HUE配置文件hue.ini 的hbase模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  7. HUE配置文件hue.ini 的pig模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 一.默认的pig配置文件 ########################################################################### ...

  8. HUE配置文件hue.ini 的sqoop模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  9. HUE配置文件hue.ini 的filebrowser模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

  10. HUE配置文件hue.ini 的mapred_clusters模块详解(图文详解)(分HA集群和非HA集群)

    不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...

随机推荐

  1. 【Web】阿里icon图标webpack插件(webpack-qc-iconfont-plugin)详解

    webpack-qc-iconfont-plugin webpack-qc-iconfont-plugin是一个webpack插件,可以轻松地帮你将阿里icon的图标项目下载至本地 开发初衷 之前已经 ...

  2. django 前后台传递数据

    前几天,我们完成了用django orm对数据进行操作.接下来,我们要把数据从后台放到前台. 1.用get方式传值 get:就是在URL拼接字符串,在后台,用request.get方式取 2.用pos ...

  3. 了解一下mock

    1.mock简介: mock测试就是在测试过程中,对于某些不容易构成或者不容易获取的对象,用一个虚拟的对象来创建以便测试的测试方法,mock是在测试过程中,对于一些不容易构造/获取的对象,创建一个mo ...

  4. 墨者学院靶场:uWSGI(CVE-2018-7490)路径遍历漏洞复现

    0x01漏洞简介 uWSGI是一款Web应用程序服务器,它实现了WSGI.uwsgi和http等协议.uWSGI 2.0.17之前版本中存在路径遍历漏洞,该漏洞源于程序没有正确的处理DOCUMENT_ ...

  5. AJ学IOS(35)UI之Quartz2D仿真支付宝手势解锁_代理获得密码。

    AJ分享,必须精品 效果: 实现步骤 其实这个实现起来不难 第一步先放好主要的UI,一张背景图和一个View 第二部就是把9个button放到view中,设置好按钮的默认和选中图片. 注意:创建时候的 ...

  6. 【Java】WrapperClass 包装类

    什么是包装类? 写写我的想法 就是对于对象和基本类型的无法匹配和强转,基本类型在面向对象的实例类型中,反而成了个特殊的数据类型的存在 在一些特定的情况,我们希望通过对象的方式去处理数据,但是基本类型的 ...

  7. 选择IT行业的自我心得,希望能帮助到各位!(四)

    俗话说,只有尝过人生的苦,吃过人生的亏,你才能吃一见长一智,人生教会了我们该如何去吃亏,该如何做人,该如何和人打交道,生活会让我们低下无数的头,就看你怎么去面对这些曲折该如何告诉自己不能就被这样打到, ...

  8. Python的深浅copy详解

    Python的深浅copy详解 目录 Python的深浅copy详解 一.浅copy的原理 1.1 浅copy的定义 1.2 浅copy的方法 二.深copy的原理 2.1 深copy的定义 2.2 ...

  9. el-tab-pane label的文字内容怎样设间距

    el-tab-pane label的文字内容怎样设间距 问题描述: 在使用element-ui的el-tab-pane做标签页时,label属性的位置与样式不能通过style样式直接解决 百度后几乎没 ...

  10. 深入分析Redis的主从复制机制

    一.前言   最近由于疫情影响,时间比较多,所以开始学习之前一直想学,但是却没时间学的Redis.这两天研究了一下Redis的持久化以及主从复制机制,现在已经很晚了,就不多废话了.这篇博客就来谈一谈R ...