分享

openstack【juno】入门 【keystone篇】五::Keystone部署及介绍

问题导读

1.如何让keystone数据库,任何客户端都能访问,包括本地?
2.如何配置keystone?






我们安装部署keystone,那么我们就需要了解keystone的作用,简单来讲,keystone是openstack中验证组件。更多内容:
Keystone, Openstack之魂

零基础学习openstack【完整中级篇】及openstack资源汇总

下面我们开始安装和部署:

创建数据库,并授权
  1. mysql -u root -p
复制代码


创建keystone数据库

  1. CREATE DATABASE keystone;
复制代码


对keystone授权

  1. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  2.   IDENTIFIED BY 'KEYSTONE_DBPASS';
复制代码

  1. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  2.   IDENTIFIED BY 'KEYSTONE_DBPASS';
复制代码


KEYSTONE_DBPASS可以自定义。
上面的含义:
实现了,对keystone用户实现了,本地和远程都可以访问

更多了解:openstack外篇之认识mysql授权及一些操作

退出mysql
  1. exit
复制代码



生成token

  1. openssl rand -hex 10
复制代码

我这里
  1. 570f150cb897e793e58f
复制代码


安装keystone包:
  1. apt-get install keystone python-keystoneclient
复制代码

1.png


编辑 /etc/keystone/keystone.conf

  1. [DEFAULT]
  2. ...
  3. admin_token = ADMIN_TOKEN
复制代码

这里修改如下
  1. admin_token =570f150cb897e793e58f
复制代码

修改 [database]部分

  1. [database]
  2. ...
  3. connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
复制代码

补充:
记得一定注释掉:
  1. connection=sqlite:////var/lib/keystone/keystone.db
复制代码
1.png


修改 [token]部分
  1. [token]
  2. ...
  3. provider = keystone.token.providers.uuid.Provider
  4. driver = keystone.token.persistence.backends.sql.Token
复制代码

修改 [revoke] 部分, 配置  SQL revocation driver:【新增内容】
  1. driver = keystone.contrib.revoke.backends.sql.Revoke
复制代码



修改[DEFAULT]部分

  1. [DEFAULT]
  2. ...
  3. verbose = True
复制代码

填充keystone

  1. su -s /bin/sh -c "keystone-manage db_sync" keystone
复制代码

这里最好切换至root用户,否则会同步不成功。

同步成功,有如下信息:
同步成功.png



重启keystone

  1. service keystone restart
复制代码

删除 Ubuntu 包,创建的 SQLite 数据库

  1. rm -f /var/lib/keystone/keystone.db
复制代码

为了效率设定定期清理过期token
  1. # (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
  2.   echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \
  3.   >> /var/spool/cron/crontabs/keystone
复制代码






相关内容:

openstack【juno】入门 【准备篇】零:整体介绍

openstack【juno】入门 【准备篇】一: Ubuntu14.04远程连接(ssh安装)

openstack【juno】入门 【准备篇】二::NTP安装

openstack【juno】入门 【准备篇】三:mysql(MariaDB)安装

openstack【juno】入门 【准备篇】四::RabbitMQ 安装

openstack【juno】入门 【keystone篇】五::Keystone部署及介绍

openstack【juno】入门 【keystone篇】六::Keystone使用及遇到问题解决办法

openstack【juno】入门 【keystone篇】七:创建 service entity 和 API endpoint

openstack【juno】入门 【keystone篇】八:新手操作篇(验证操作篇)

openstack【juno】入门 【keystone篇】九:创建openstack客户端环境变量脚本

openstack【juno】入门 【glance 篇】十:glance初步介绍

openstack【juno】入门 【glance 篇】十一:glance安装配置

openstack【juno】入门 【glance 篇】十二:glance安装配置验证及相关操作

openstack【juno】入门 【nova 篇】十三(1):nova简单介绍

openstack【juno】入门 【nova 篇】十三(2):安装配置计算服务

openstack【juno】入门 【网络篇】十四:neutron介绍

openstack【juno】入门 【网络篇】十五:neutron安装部署(控制节点)

openstack【juno】入门 【网络篇】十六:neutron安装部署(网络节点)

openstack【juno】入门 【网络篇】十七:neutron安装部署(计算节点)

openstack【juno】入门 【网络篇】十八:创建实例化网络

openstack【juno】入门 【dashboard篇】十九:添加dashboard

openstack【juno】入门 【cinder篇】二十:cinder介绍及安装配置【控制节点】

openstack【juno】入门 【cinder篇】二十一:安装配置块存储节点(cinder)

openstack【juno】入门 【swift篇】二十二:对象存储安装配置【控制节点】

openstack【juno】入门 【swift篇】二十三:安装配置swift节点

openstack【juno】入门 【swift篇】二十四:创建初始rings

openstack【juno】入门 【swift篇】二十五:验证安装(控制节点)

openstack【juno】入门 【实例篇】二十六:创建实例(neutron)

openstack【juno】入门 【总结篇】二十七:openstack排除故障及常见问题记录

openstack【juno】入门 【总结篇】二十八:keystone及网络总结



已有(33)人评论

跳转到指定楼层
zhenxianbo 发表于 2015-3-5 13:11:01
提示: 作者被禁止或删除 内容自动屏蔽
回复

使用道具 举报

pig2 发表于 2015-3-5 16:29:00
zhenxianbo 发表于 2015-3-5 13:11
清理过期token这命令在xshell里怎么个输入法?有换行之类的吗?

直接复制即可,有换行
回复

使用道具 举报

cappuccino 发表于 2015-3-6 16:05:40
本帖最后由 cappuccino 于 2015-3-7 23:29 编辑

问题一:

按照楼主的操作出现错误

Unknown MySQL server host 'controller'


connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
分别改成
connection = mysql://keystone:KEYSTONE_DBPASS@127.0.0.1/keystone
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone’@‘127.0.0.1’ \
之后还是报错
OperationalError: (OperationalError) (2003, "Can't connect to MySQL server on '127.0.0.1' (111)") None None

然后又尝试把
connection = mysql://keystone:KEYSTONE_DBPASS@127.0.0.1/keystone
改成
connection = mysql://keystone:KEYSTONE_DBPASS@10.0.0.11/keystone
才同步成功。。

不知道是什么原因?(俺不是很明白原理,都是瞎蒙的。。)


问题二:


root@ubuntu:/home/zero# service keystone restart
stop: Unknown job: keystone
start: Unknown job: keystone
root@ubuntu:/home/zero# sudo service keystone restart
keystone stop/waiting
keystone start/running, process 4594

不明白为什么service keystone restart和sudo service keystone restart的区别?为什么不起作用?


求指点,谢谢~

点评

问题一我也遇到了,是host的原因,在control节点修改/etc/hosts文件,加上 10.0.0.11 controller。不过一定存在127.0.0.1,所以你@127.0.0.1 也没问题  发表于 2015-3-28 14:03
配置失败了,核实hosts,hostname是否修改  发表于 2015-3-19 15:17
回复

使用道具 举报

cappuccino 发表于 2015-3-7 00:00:19
楼上的[问题一]自问自答一下:
查了官网,俺好像是漏了以下步骤?求确认。。
  1. To configure name resolution:
  2.     Set the hostname of the node to controller.
  3.     Edit the /etc/hosts file to contain the following:
  4.     # controller
  5.     10.0.0.11       controller
  6.     # network
  7.     10.0.0.21       network
  8.     # compute1
  9.     10.0.0.31       compute1
复制代码


And,继续求问题二答案。。
回复

使用道具 举报

desehawk 发表于 2015-3-7 07:50:55
cappuccino 发表于 2015-3-6 16:05
问题一:

按照楼主的操作出现错误

是否有zero账户,最好切换到root根目录下。然后尝试执行
回复

使用道具 举报

cappuccino 发表于 2015-3-7 23:31:30
desehawk 发表于 2015-3-7 07:50
是否有zero账户,最好切换到root根目录下。然后尝试执行

root@ubuntu:~# service keystone restart
stop: Unknown job: keystone
start: Unknown job: keystone
root@ubuntu:~# sudo service keystone restart
keystone stop/waiting
keystone start/running, process 4814
root@ubuntu:~#

这样吗?还是不行。。

回复

使用道具 举报

desehawk 发表于 2015-3-8 00:55:47
cappuccino 发表于 2015-3-7 23:31
root@ubuntu:~# service keystone restart
stop: Unknown job: keystone
start: Unknown job: keystone ...

账户出错了,肯定是在非root用户下安装的。
最好都在root下安装,不要在两个账户下,配置。可能自己也疏忽了。
回复

使用道具 举报

desehawk 发表于 2015-3-8 00:56:41
cappuccino 发表于 2015-3-7 23:31
root@ubuntu:~# service keystone restart
stop: Unknown job: keystone
start: Unknown job: keystone ...

像这种在/var/log/ketstone下也有日志,也可以看看日志
回复

使用道具 举报

cappuccino 发表于 2015-3-12 16:39:57
本帖最后由 cappuccino 于 2015-3-19 13:01 编辑
desehawk 发表于 2015-3-8 00:55
账户出错了,肯定是在非root用户下安装的。
最好都在root下安装,不要在两个账户下,配置。可能自己也疏 ...

全程在root模式下配置的(su,然后输入密码的那种),完整安装过程如下:

root@ubuntu:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 30
Server version: 5.5.41-MariaDB-1ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

……
MariaDB [(none)]> exit
Bye
root@ubuntu:~# openssl rand -hex 10
……
root@ubuntu:~# apt-get install keystone python-keystoneclient
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
……
Suggested packages:
……
The following NEW packages will be installed:
……
0 upgraded, 61 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,226 kB of archives.
After this operation, 40.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.yun-idc.com/ubuntu/ trusty/main librabbitmq1 amd64 0.4.1-1 [35.2 kB]
……
Fetched 7,226 kB in 3min 44s (32.1 kB/s)                                       
Extracting templates from packages: 100%
Selecting previously unselected package librabbitmq1.
(Reading database ... 200465 files and directories currently installed.)
Preparing to unpack .../librabbitmq1_0.4.1-1_amd64.deb ...
Unpacking librabbitmq1 (0.4.1-1) ...
……
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
……
……
2015-03-12 16:01:05.323 13660 WARNING keystone.cli [-] keystone-manage pki_setup is not recommended for production use.
initctl: Unknown job: keystone
Processing triggers for libc-bin (2.19-0ubuntu6.6) ...
Processing triggers for ureadahead (0.100.0-16) ...
root@ubuntu:~# apt-get install keystone python-keystoneclient
Reading package lists... Done
Building dependency tree      
Reading state information... Done
keystone is already the newest version.
python-keystoneclient is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@ubuntu:~# service keystone start
start: Unknown job: keystone
root@ubuntu:~# emacs /etc/keystone/keystone.conf
No protocol specified
Display :0 unavailable, simulating -nw
root@ubuntu:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
2015-03-12 16:37:03.182 14473 INFO migrate.versioning.api [-] 33 -> 34...
2015-03-12 16:37:03.584 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.584 14473 INFO migrate.versioning.api [-] 34 -> 35...
2015-03-12 16:37:03.603 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.604 14473 INFO migrate.versioning.api [-] 35 -> 36...
2015-03-12 16:37:03.618 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.618 14473 INFO migrate.versioning.api [-] 36 -> 37...
2015-03-12 16:37:03.636 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.636 14473 INFO migrate.versioning.api [-] 37 -> 38...
2015-03-12 16:37:03.680 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.680 14473 INFO migrate.versioning.api [-] 38 -> 39...
2015-03-12 16:37:03.731 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.732 14473 INFO migrate.versioning.api [-] 39 -> 40...
2015-03-12 16:37:03.763 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.763 14473 INFO migrate.versioning.api [-] 40 -> 41...
2015-03-12 16:37:03.777 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.778 14473 INFO migrate.versioning.api [-] 41 -> 42...
2015-03-12 16:37:03.809 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.811 14473 INFO migrate.versioning.api [-] 42 -> 43...
2015-03-12 16:37:03.821 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.821 14473 INFO migrate.versioning.api [-] 43 -> 44...
2015-03-12 16:37:03.846 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.846 14473 INFO migrate.versioning.api [-] 44 -> 45...
2015-03-12 16:37:03.850 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.850 14473 INFO migrate.versioning.api [-] 45 -> 46...
2015-03-12 16:37:03.855 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.855 14473 INFO migrate.versioning.api [-] 46 -> 47...
2015-03-12 16:37:03.861 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.861 14473 INFO migrate.versioning.api [-] 47 -> 48...
2015-03-12 16:37:03.866 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.867 14473 INFO migrate.versioning.api [-] 48 -> 49...
2015-03-12 16:37:03.874 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.874 14473 INFO migrate.versioning.api [-] 49 -> 50...
2015-03-12 16:37:03.933 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.933 14473 INFO migrate.versioning.api [-] 50 -> 51...
2015-03-12 16:37:03.954 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.955 14473 INFO migrate.versioning.api [-] 51 -> 52...
2015-03-12 16:37:03.974 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:03.974 14473 INFO migrate.versioning.api [-] 52 -> 53...
2015-03-12 16:37:04.047 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:04.048 14473 INFO migrate.versioning.api [-] 53 -> 54...
2015-03-12 16:37:04.071 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:04.071 14473 INFO migrate.versioning.api [-] 54 -> 55...
2015-03-12 16:37:04.106 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:04.135 14473 INFO migrate.versioning.api [-] 0 -> 1...
2015-03-12 16:37:04.165 14473 INFO migrate.versioning.api [-] done
2015-03-12 16:37:04.166 14473 INFO migrate.versioning.api [-] 1 -> 2...
2015-03-12 16:37:04.203 14473 INFO migrate.versioning.api [-] done
root@ubuntu:~# service keystone restart
stop: Unknown job: keystone
start: Unknown job: keystone

点评

keystone 配置失败了,导致不认识服务  发表于 2015-3-18 12:19
回复

使用道具 举报

123下一页
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

推荐上一条 /5 下一条