next up previous contents
Next: 建立 Keystone 管理者 Up: 身份識別 Keystone Previous: 認識 Keystone   Contents

Keystone 安裝

  1. 安裝套件:openstack-selinux 提供 Openstack SELinux 策略。
    [root@kvm4 ~]# yum install -y openstack-keystone openstack-selinux
    
  2. 安裝 openstack 工具,並利用其建立 MySQL 資料庫。
    [root@kvm4 ~]# yum install -y openstack-utils
    [root@kvm4 ~]# openstack-db --init --service keystone
    mysql-server is not installed.  Would you like to install it now? (y/n): y
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    Setting up Install Process
    Resolving Dependencies
    .........
    Transaction Summary
    ====================================================================
    Install       4 Package(s)
    Upgrade       0 Package(s)
    
    Total download size: 10 M
    Installed size: 29 M
    Is this ok [y/N]: y
    Downloading Packages:
    ....
    Complete!
    mysqld is not running.  Would you like to start it now? (y/n): y
    ....
    Please report any problems with the /usr/bin/mysqlbug script!
    
                                                       [  OK  ]
    Starting mysqld:                                   [  OK  ]
    Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user.
    Enter new password for 'root' mysql user: 123qwe 
    Enter new password again: 123qwe
    Verified connectivity to MySQL.
    Creating 'keystone' database.
    Initializing the keystone database, please wait...
    Complete!
    
  3. 設定 keystone 的 PKI(Public Key Infrastructure),公開金鑰基礎設施。
    [root@kvm4 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
    Generating RSA private key, 1024 bit long modulus
    ....++++++
    ....................................................++++++
    e is 65537 (0x10001)
    Generating RSA private key, 1024 bit long modulus
    .........++++++
    .++++++
    e is 65537 (0x10001)
    Using configuration from /etc/keystone/ssl/certs/openssl.conf
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName           :PRINTABLE:'US'
    stateOrProvinceName   :PRINTABLE:'Unset'
    localityName          :PRINTABLE:'Unset'
    organizationName      :PRINTABLE:'Unset'
    commonName            :PRINTABLE:'www.example.com'
    Certificate is to be certified until Jan 24 11:38:50 2015 GMT (365 days)
    
    Write out database with 1 new entries
    Data Base Updated
    
  4. 設定 /etc/keystone/ssl 的用戶及群組為 keystone。
    [root@kvm4 ~]# chown -R keystone:keystone /etc/keystone/ssl/
    
  5. 必須指定環境變數 SERVICE_TOKENSERVICE_ENDPOINT 才能管理 keystone 服務。
    [root@kvm4 ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)
    [root@kvm4 ~]# export SERVICE_ENDPOINT=http://kvm4.deyu.wang:35357/v2.0
    [root@kvm4 ~]# echo $SERVICE_TOKEN > /root/ks_admin_token
    [root@kvm4 ~]# cat /root/ks_admin_token
    cce1ab806ec81844117c
    
  6. 在 /etc/keystone/keystone.conf 中設定管理的 TOKEN 為剛剛產生的 SERVICE_TOKEN cce1ab806ec81844117c
    [root@kvm4 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
    [root@kvm4 ~]# grep admin_token /etc/keystone/keystone.conf 
    admin_token = cce1ab806ec81844117c
    
  7. 啟動並設定開機啟動 openstack-keystone 服務
    [root@kvm4 ~]# /etc/init.d/openstack-keystone start
    Starting keystone:                                 [  OK  ]
    [root@kvm4 ~]# chkconfig openstack-keystone on
    
  8. 確認 keystone-all 程序執行中並檢查有無錯誤?
    [root@kvm4 ~]# ps -ef | grep keystone-all
    keystone 19265   1  0 19:49 ?   00:00:00 /usr/bin/python /usr/bin/keystone-all \
    --config-file /usr/share/keystone/keystone-dist.conf \
    --config-file /etc/keystone/keystone.conf
    root     19277  1525  0 19:52 pts/0    00:00:00 grep keystone-all
    [root@kvm4 ~]# grep ERROR /var/log/keystone/keystone.log
    
  9. 產生 keystone 服務,並記下其 id 作為建立 endpoint 連結服務使用。
    [root@kvm4 ~]# keystone service-create --name=keystone \
    --type=identity --description="Keystone Identity Service"
    +-------------+----------------------------------+
    |   Property  |              Value               |
    +-------------+----------------------------------+
    | description |    Keystone Identity Service     |
    |      id     | 487d5875de1a47898329fb7b68c718e8 |
    |     name    |             keystone             |
    |     type    |             identity             |
    +-------------+----------------------------------+
    
  10. 建立 keystone 服務的 endpoint
    [root@kvm4 ~]# keystone endpoint-create \
    --service-id 487d5875de1a47898329fb7b68c718e8 \
    --publicurl 'http://kvm4.deyu.wang:5000/v2.0' \
    --adminurl 'http://kvm4.deyu.wang:35357/v2.0' \
    --internalurl 'http://kvm4.deyu.wang:5000/v2.0'
    +-------------+----------------------------------+
    |   Property  |              Value               |
    +-------------+----------------------------------+
    |   adminurl  | http://kvm4.deyu.wang:35357/v2.0 |
    |      id     | 4b065578e3d74a3c9c9268b01f5a244a |
    | internalurl | http://kvm4.deyu.wang:5000/v2.0  |
    |  publicurl  | http://kvm4.deyu.wang:5000/v2.0  |
    |    region   |            regionOne             |
    |  service_id | 487d5875de1a47898329fb7b68c718e8 |
    +-------------+----------------------------------+
    



2015-12-29