[9] Install Keystone
# Install from EPEL OpenStack,EPEL
[root@cloud01 ~]# yum –enablerepo=epel-openstack-grizzly,epel -y install openstack-keystone openstack-utils
[10] Configure Keyston
# set database ( set any password you like for “password” section )
[root@cloud01 ~]# openstack-db –init –service keystone –password password
Please enter the password for the ‘root’ MySQL user:
Verified connectivity to MySQL.
Creating ‘keystone’ database.
Updating ‘keystone’ database password in /etc/keystone/keystone.conf
Initializing the keystone database, please wait…
Complete!
[root@cloud01 ~]# vim /etc/keystone/keystone.conf
# line 4: uncomment and change
# line 7: uncomment
bind_host = 0.0.0.0
# line 10: uncomment
public_port = 5000
# line 13: uncomment
admin_port = 35357
# line 21: uncomment
compute_port = 8774
# line 136: uncomment
token_format = UUID #change
[root@cloud01 ~]# keystone-manage pki_setup
Generating RSA private key, 1024 bit long modulus
…………++++++
…++++++
e is 65537 (0×10001)
Generating RSA private key, 1024 bit long modulus
……….++++++
………………………….++++++
e is 65537 (0×10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’US’
stateOrProvinceName :PRINTABLE:’Unset’
localityName :PRINTABLE:’Unset’
organizationName :PRINTABLE:’Unset’
commonName :PRINTABLE:’’
Certificate is to be certified until Sep 29 01:50:37 2014 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
[root@cloud01 ~]# chown -R keystone /etc/keystone/ssl/
[root@cloud01 ~]# /etc/rc.d/init.d/openstack-keystone start
Starting keystone: [ OK ]
[root@cloud01 ~]# chkconfig openstack-keystone on
[11] Add User or Roles,Services and so on in Keystone
# load environment variables first, set value for “SERVICE_TOKE” from the value “admin_token” in keystone.conf.
[root@cloud01 ~]# export SERVICE_TOKEN=admintoken
[root@cloud01 ~]# export SERVICE_ENDPOINT=
# Add Tenants ( like group )
# add admin tenant
[root@cloud01 ~]# keystone tenant-create –name admin –description “Admin Tenant” –enabled true
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| description | Admin Tenant |
| enabled | True |
| id | 3ceabc05db1d45c89503fc1e995369db |
| name | admin |
+————-+——————————————-+
[root@cloud01 ~]# admin_id=3ceabc05db1d45c89503fc1e995369db
[root@cloud01 ~]# echo $admin_id
3ceabc05db1d45c89503fc1e995369db
[root@cloud01 ~]# keystone tenant-create –name service –description “Service Tenant” –enabled true
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| description | Service Tenant |
| enabled | True |
| id | 1d03b7fda50e411e8a8c299952a65948 |
| name | service |
+————-+——————————————+
[root@cloud01 ~]# service_id=1d03b7fda50e411e8a8c299952a65948
[root@cloud01 ~]# echo $service_id
1d03b7fda50e411e8a8c299952a65948
# confirm settings
[root@cloud01 ~]# keystone tenant-list
+——————————————-+———+———-+
| id | name | enabled |
+——————————————–+——–+———-+
| 3ceabc05db1d45c89503fc1e995369db | admin | True |
| 1d03b7fda50e411e8a8c299952a65948 | service | True |
+——————————————+———-+———-+
# add Roles
[root@cloud01 ~]# keystone role-create –name admin
+————+——————————————–+
| Property | Value |
+————+——————————————–+
| id | ea7aa83b4beb4553bdf17b88bbf458dd |
| name | admin |
+————+——————————————–+
[root@cloud01 ~]# roleid_admin=ea7aa83b4beb4553bdf17b88bbf458dd
[root@cloud01 ~]# echo $roleid_admin
ea7aa83b4beb4553bdf17b88bbf458dd
# add Member role
[root@cloud01 ~]# keystone role-create –name Member
+————–+——————————————+
| Property | Value |
+————–+——————————————+
| id | 7c79d5640109477f8245f91be58b27f2 |
| name | Member |
+————-+——————————————-+
# confirm settings
[root@cloud01 ~]# keystone role-list
+——————————————–+————-+
| id | name |
+——————————————–+————-+
| 7c79d5640109477f8245f91be58b27f2 | Member |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| ea7aa83b4beb4553bdf17b88bbf458dd | admin |
+——————————————–+————-+
# add usres ( add admin user (in admin tenant))
[root@cloud01 ~]# keystone user-create –tenant_id $admin_id –name admin –pass admin –enabled true
+———-+——————————————-+
| Property | Value |
+———-+——————————————-+
| email | |
| enabled | True |
| id | b1bf7e913ccb4f23baff7905c2845831 |
| name | admin |
| tenantId | 3ceabc05db1d45c89503fc1e995369db |
+———-+——————————————-+
[root@cloud01 ~]# user_admin=b1bf7e913ccb4f23baff7905c2845831
[root@cloud01 ~]# echo $user_admin
b1bf7e913ccb4f23baff7905c2845831
# add admin user in admin role
[root@cloud01 ~]# keystone user-role-add –user-id $user_admin –tenant-id $admin_id –role-id $roleid_admin
# add cinder user (in service tenant)
[root@cloud01 ~]# keystone user-create –tenant_id $service_id –name cinder –pass servicepassword –enabled true
+———-+——————————————-+
| Property | Value |
+———-+——————————————-+
| email | |
| enabled | True |
| id | b9015f542324445080af50219e9afd68 |
| name | cinder |
| tenantId | 1d03b7fda50e411e8a8c299952a65948 |
+———-+——————————————+
[root@cloud01 ~]# user_cinder=b9015f542324445080af50219e9afd68
[root@cloud01 ~]# echo $user_cinder
b9015f542324445080af50219e9afd68
# add cinder user in admin role
[root@cloud01 ~]# keystone user-role-add –user-id $user_cinder –tenant_id $service_id –role-id $roleid_admin
# add glance user ( in service tenant)
[root@cloud01 ~]# keystone user-create –tenant-id $service_id –name glance –pass servicepassword –enabled true
+———- +—————————————–+
| Property | Value |
+———-+—————————————–+
| email | |
| enabled | True |
| id | 27f9f60c13f744f393ce4ba945269711 |
| name | glance |
| tenantId | 1d03b7fda50e411e8a8c299952a65948 |
+———-+—————————————–+
[root@cloud01 ~]# user_glance=27f9f60c13f744f393ce4ba945269711
[root@cloud01 ~]# echo $user_glance
27f9f60c13f744f393ce4ba945269711
# add glance user in admin role
[root@cloud01 ~]# keystone user-role-add –user-id $user_glance –tenant_id $service_id –role-id $roleid_admin
# add nova user (in service tenant)
[root@cloud01 ~]# keystone user-create –tenant_id $service_id –name nova –pass servicepassword –enabled true
+———-+——————————————–+
| Property | Value |
+———-+——————————————–+
| email | |
| enabled | True |
| id | ae3c1a7d95be4954b2a817adcba59fa3 |
| name | nova |
| tenantId | 1d03b7fda50e411e8a8c299952a65948 |
+———-+——————————————-+
# add nova user in admin role
[root@cloud01 ~]# user_nova=ae3c1a7d95be4954b2a817adcba59fa3
[root@cloud01 ~]# echo $user_nova
ae3c1a7d95be4954b2a817adcba59fa3
[root@cloud01 ~]# keystone user-role-add –user-id $user_nova –tenant_id $service_id –role-id $roleid_admin
# confirm settings
[root@cloud01 ~]# keystone user-list
+———————————-+——–+———+———-+——-+
| id | name | enabled | email |
+———————————-+——–+———+———-+——-+
| b1bf7e913ccb4f23baff7905c2845831 | admin | True | |
| b9015f542324445080af50219e9afd68 | cinder | True | |
| 27f9f60c13f744f393ce4ba945269711 | glance | True | |
| ae3c1a7d95be4954b2a817adcba59fa3 | nova | True | |
+———————————-+——–+———+———–+——+
# Add entries for services
# add for keystone
[root@cloud01 ~]# keystone service-create –name=keystone –type=identity –description=”Keystone Identity Service”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| description | Keystone Identity Service |
| id | 9cda339bce7148d5a9d8b6b99e8d4bf4 |
| name | keystone |
| type | identity |
+————-+——————————————-+
# add for cinder
[root@cloud01 ~]# keystone service-create –name=cinder –type=volume –description=”Cinder Service”
+————-+——————————————-+
| Property | Value |
+————-+——————————————+
| description | Cinder Service |
| id | 140d9ad5c0a34e7988b44c93b5ffb81a |
| name | cinder |
| type | volume |
+————-+——————————————-+
# add for glance
[root@cloud01 ~]# keystone service-create –name=glance –type=image –description=”Glance Image Service”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| description | Glance Image Service |
| id | 77845645332c4dd5a1348b28695be80b |
| name | glance |
| type | image |
+————-+——————————————-+
[root@cloud01 ~]# keystone service-create –name=nova –type=compute –description=”Nova Compute Service”
+————-+———————————————+
| Property | Value |
+————-+———————————————+
| description | Nova Compute Service |
| id | c7b0d67a745042e9983bb7cad9b30641 |
| name | nova |
| type | compute |
+————-+———————————————+
[root@cloud01 ~]# keystone service-list
+———————————-+———-+———-+—————————————–+
| id | name | type | description |
+———————————-+———-+———-+—————————————–+
| 140d9ad5c0a34e7988b44c93b5ffb81a | cinder | volume | Cinder Service |
| 77845645332c4dd5a1348b28695be80b | glance | image | Glance Image Service |
| 9cda339bce7148d5a9d8b6b99e8d4bf4 | keystone | identity | Keystone Identity Service |
| c7b0d67a745042e9983bb7cad9b30641 | nova | compute | Nova Compute Service |
+———————————-+———-+———-+——————————————+
# Add Endpoints
[root@cloud01 ~]# export my_host=127.0.0.1
[root@cloud01 ~]# keystone_id=9cda339bce7148d5a9d8b6b99e8d4bf4
[root@cloud01 ~]# cinder_id=140d9ad5c0a34e7988b44c93b5ffb81a
[root@cloud01 ~]# glance_id=77845645332c4dd5a1348b28695be80b
[root@cloud01 ~]# nova_id=c7b0d67a745042e9983bb7cad9b30641
# add endpoints for keystone
[root@cloud01 ~]# keystone endpoint-create –region RegionOne \
> –service_id=$keystone_id \
> –publicurl=”\$(public_port)s/v2.0″ \
> –internalurl=”\$(public_port)s/v2.0″ \
> –adminurl=”\$(admin_port)s/v2.0″
+————-+———————————————-+
| Property | Value |
+————-+———————————————-+
| adminurl | (admin_port)s/v2.0 |
| id | aeceeba3a6c446beb87e447c61d7ef90 |
| internalurl | (public_port)s/v2.0 |
| publicurl | (public_port)s/v2.0 |
| region | RegionOne |
| service_id | 9cda339bce7148d5a9d8b6b99e8d4bf4 |
+————-+———————————————-+
# add endpoints for cinder
[root@cloud01 ~]# keystone endpoint-create –region RegionOne \
> –service_id=$cinder_id \
> –publicurl=”8776/v1/\$(tenant_id)s” \
> –internalurl=”8776/v1/\$(tenant_id)s” \
> –adminurl=”8776/v1/\$(tenant_id)s”
+————-+——————————————–+
| Property | Value |
+————-+——————————————–+
| adminurl | (tenant_id)s |
| id | 13ddf20764f44f6586146fccfc1b57a6 |
| internalurl | (tenant_id)s |
| publicurl | (tenant_id)s |
| region | RegionOne |
| service_id | 140d9ad5c0a34e7988b44c93b5ffb81a |
+————-+——————————————–+
# add endpoint for glance
[root@cloud01 ~]# keystone endpoint-create –region RegionOne \
> –service_id=$glance_id \
> –publicurl=”9292/v1″ \
> –internalurl=”9292/v1″ \
> –adminurl=”9292/v1″
+————-+——————————————-+
| Property | Value |
+————-+——————————————-+
| adminurl | |
| id | 344f7c1998414742a5a7fd14a70a81c1 |
| internalurl | |
| publicurl | |
| region | RegionOne |
| service_id | 77845645332c4dd5a1348b28695be80b |
+————-+——————————————-+
[root@cloud01 ~]# keystone endpoint-create –region RegionOne \
> –service_id=$nova_id \
> –publicurl=”\$(compute_port)s/v1.1/\$(tenant_id)s” \
> –internalurl=”\$(compute_port)sv1.1/\$(tenant_id)s” \
> –adminurl=”\$(compute_port)s/v1.1/\$(tenant_id)s”
+————-+——————————————————–+
| Property | Value |
+————-+———————————————————+
| adminurl | (compute_port)s/v1.1/$(tenant_id)s |
| id | 90e7036a82694457bd913dc94269f4e3 |
| internalurl | (compute_port)sv1.1/$(tenant_id)s |
| publicurl | (compute_port)s/v1.1/$(tenant_id)s |
| region | RegionOne |
| service_id | c7b0d67a745042e9983bb7cad9b30641 |
+————-+——————————————————–+
阅读(732) | 评论(0) | 转发(0) |