ubuntu openstack 使用 ubuntu16.04安装openstack

转载

mob6454cc685264 2024-06-17 21:06:42

文章标签 ubuntu openstack 使用十六进制字段 bootstrap 文章分类 OpenStack 云计算

Ubuntu 18.04上单机安装OpenStack Stein（非脚本方式）：Keystone

安装与配置
创建域、项目、用户和角色
验证操作
创建OpenStack客户端环境脚本

安装与配置

使用root用户登陆MySQL数据库

# mysql

新建keystone数据库

MariaDB [(none)]> CREATE DATABASE keystone;

对keystone数据库授予权限

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

用之前对应生成的十六进制数代替“KEYSTONE_DBPASS”字段

退出数据库，然后安装keystone软件包

# apt-get install keystone

输入如下指令编辑keystone配置文件

# vim /etc/keystone/keystone.conf

在打开的文件中修改如下键值

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]
# ...
provider = fernet

用之前对应生成的十六进制数代替“KEYSTONE_DBPASS”字段
省略号（…）表示保留原有默认配置选项

完成后同步keystone数据库

# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet key库

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导身份认证服务

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

用之前对应生成的十六进制数代替“ADMIN_PASS”字段

输入如下指令编辑Apache HTTP服务器配置文件

# vim /etc/apache2/apache2.conf

在打开的文件中插入如下键值

ServerName controller

完成后重启apache服务

# service apache2 restart

打开另一个终端，设置如下环境变量

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:5000/v3
$ export OS_IDENTITY_API_VERSION=3

用之前对应生成的十六进制数代替“ADMIN_PASS”字段

创建域、项目、用户和角色

可使用以下指令创建新的域

$ openstack domain create --description "An Example Domain" example

输出结果

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | An Example Domain                |
| enabled     | True                             |
| id          | 513e0d3ab1884f089a5842a20dfad68c |
| name        | example                          |
| tags        | []                               |
+-------------+----------------------------------+

OpenStack 是动态生成 ID 的，其值在每次输出会有所不同

创建service项目

$ openstack project create --domain default --description "Service Project" service

输出结果

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 2e2e72dde2fa457089308bb4c5de1a18 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

创建myproject项目

$ openstack project create --domain default --description "Demo Project" myproject

输出结果

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 2dfb5d3e8b054080b0ce0f8b469ef4cf |
| is_domain   | False                            |
| name        | myproject                        |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

创建myuser用户

$ openstack user create --domain default --password-prompt myuser

输出结果

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | c87651bfd1054d3d978b6ed31ad624c0 |
| name                | myuser                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

创建myrole角色

$ openstack role create myrole

输出结果

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | 712ee8d26afd4cb482108a4ba4a8eb9f |
| name        | myrole                           |
+-------------+----------------------------------+

myrole角色没有管理权限

授予myuser用户在myproject项目中使用myrole角色

$ openstack role add --project myproject --user myuser myrole

验证操作

去掉 OS_AUTH_URL和OS_PASSWORD这两个环境变量

$ unset OS_AUTH_URL OS_PASSWORD

获取admin用户的认证token令牌

$ openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

输出结果

Password: 
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2019-09-09T08:03:24+0000                                                                                                                                                                |
| id         | gAAAAABddfk8vXnp9NXEZMFJN3luejw-AYT3qZ8Qry5ghVSY2PvGHD3n8_Y5UFQAawXaeP7F710EJ20qcteXIZz33q1W4Sbj59W4Qemf1kLf7IiSdygBEDd9u2MQIGV2HM_pVaUUrlWHOXTbQBuX5xeGJaWNThTxNFIUCgk-Zn2UzRxsqKxOkUw |
| project_id | 6e83323c84a6469e8c94f50996d2dd78                                                                                                                                                        |
| user_id    | 4892a985c02c4b70ac19eb6a4a273614                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

密码为“ADMIN_PASS”对应的十六进制数

获取myuser用户的认证token令牌

$ openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

输出结果

Password: 
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2019-09-09T08:12:55+0000                                                                                                                                                                |
| id         | gAAAAABddft3wDQHw7GtkHERe7wSdqLCQ1uT4-qijLDZiuOHqjMVtoG1ukzGpGBMad6kx7U8514LCgOgwxqWxSsyJ-GWGGHNNfEzszdgxHkcpTsyqx8PsfUb1_rl_wjdOPfUeYPiLSP7iaIL54OpvhEiMBn47JEKh3beF5wl3URMYzkOAhgLxZI |
| project_id | 2dfb5d3e8b054080b0ce0f8b469ef4cf                                                                                                                                                        |
| user_id    | c87651bfd1054d3d978b6ed31ad624c0                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

创建OpenStack客户端环境脚本

OpenStack客户端环境脚本OpenRC文件把前面多条设置环境变量的指令放在一个文件中，用户可以直接运行脚本文件设置环境变量，提高操作效率。OpenStack客户端同样支持使用clouds.yaml文件。

输入如下指令创建和编辑admin用户的脚本文件

$ vim admin-openrc

在打开的文件中添加如下键值

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

用之前对应生成的十六进制数代替“ADMIN_PASS”字段

输入如下指令创建和编辑myuser用户的脚本文件

$ vim myuser-openrc

在打开的文件中添加如下键值

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

用之前设置的密码代替“MYUSER_PASS”字段

运行脚本验证操作

$ . admin-openrc
$ openstack token issue

输出结果

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2019-09-09T08:36:50+0000                                                                                                                                                                |
| id         | gAAAAABddgESq_yXWE3Jy6CkXi-FdKYQjEH26V43SPurSnRkF6-o__zPygYl_GEaFIzRM_PrmwJHTQj4Z5XdGGk6bXSpxhCK2dciusZI-7Ei_SVwSmezCGPjfhzEKO7iYPx_g2OWehdsmknFOU0X8mS3inlv9o0AoLT6cD-9ZGnyNMshwFMuZAI |
| project_id | 6e83323c84a6469e8c94f50996d2dd78                                                                                                                                                        |
| user_id    | 4892a985c02c4b70ac19eb6a4a273614                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。