2. 安装 keystone（控制节点）— OpenStack Queens 三节点部署

keystone服务只需安装在控制节点上。

创建 keystone 数据库

root@controller:~# mysql
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 40
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

# 添加数据库
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

# 创建keystone用户，并授权keystone数据库
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'root';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'root';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

安装keystone软件包

root@controller:~# apt install keystone python-openstackclient apache2 libapache2-mod-wsgi python-oauth2client -y

配置keystone

root@controller:~# vi /etc/keystone/keystone.conf

# 第606行，取消注释并添加控制节点IP

# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
# oslo_cache.memcache_pool backends only). (list value)
memcache_servers = 10.0.0.7:11211


# 第740行，取消注释并修改数据库连接信息
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
connection = mysql+pymysql://keystone:root@10.0.0.7/keystone


# 第2891行，添加以下信息
[token]
provider = fernet

# 保存退出

初始化数据库

root@controller:~# su -s /bin/bash keystone -c "keystone-manage db_sync"

初始化fernet密钥

root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

启动keystone服务（所有的密码都设置为root）

root@controller:~# keystone-manage bootstrap --bootstrap-password root 
--bootstrap-admin-url http://10.0.0.7:5000/v3/ 
--bootstrap-internal-url http://10.0.0.7:5000/v3/ 
--bootstrap-public-url http://10.0.0.7:5000/v3/ 
--bootstrap-region-id RegionOne

配置Apache httpd服务

root@controller:~# vi /etc/apache2/apache2.conf

# 第70行，设置主机名
#ServerRoot "/etc/apache2"
ServerName controller

# 保存退出

重启服务

root@controller:~# service apache2 restart

配置环境变量

添加环境变量文件

root@controller:~# vi ~/keystonerc

# 添加以下内容，并保存退出
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=root
export OS_AUTH_URL=http://10.0.0.7:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='u@h W(keystone)$ '

引入环境变量

root@controller:~# . keystonerc 
root@controller ~(keystone)# 

添加一个项目

root@controller ~(keystone)# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 2fae0cd7579441f88cab61f4291bfd17 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

验证配置

root@controller ~(keystone)# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 2fae0cd7579441f88cab61f4291bfd17 | service |
| 460e4247a8984b2cbf1b35c3da7e6708 | admin   |
+----------------------------------+---------+

参考

• Server World
• DennisCai's blog