### RabbitMQ安装
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
### 创建openstack用户 密码为redhat
[root@controller ~]# rabbitmqctl add_user openstack redhat
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
### Memcached 安装
[root@controller ~]# yum -y install memcached python-memcached
[root@controller ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
### Keystone 安装
[root@controller ~]# mysql -u root -p
Enter password:
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'redhat';
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'redhat';
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
MariaDB [(none)]> exit
### 安装和配置组件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:redhat@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
### Bootstrap the identity service
[root@controller ~]# keystone-manage bootstrap --bootstrap-password redhat \
> bootstrap-admin-url http://controller:35357/v3/ \
> bootstrap-internal-url http://controller:5000/v3/ \
> bootstrap-public-url http://controller:5000/v3/ \
> bootstrap-region-id RegionOne
### Apache HTTP
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# vim /root/adminrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=redhat
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
### Create a domain, projects, users, and roles
[root@controller ~]# source /root/adminrc.sh
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 1959e8418f664fde93cdadf0a925f7f6 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | aa7413da4c6a4153ae4bd68851b5fe6d |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bafa586cef644752b9c6bdf5351a8110 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 7e459d4ebf784294975f92e8b45d90dc |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# vim /etc/keystone/keystone-paste.ini
Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the
[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+--------------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------------+
| expires | 2017-07-27T11:51:37+0000 |
| id | gAAAAABZecW5_txpfvACrnljiJnwgzr5vrOk-mfyjg4g7cgu9EKJRa6pgrQp5Rye2cNzrFs5f-RRAI3ARvHC |
| | Y7t9ypQrBO0oaAyjszADnIZUI5Mw4sseGGQ1-g8QuauuUwkORUhxJagoVXP95pkZlofss5So4HG75tx6B3P_ |
| | qleiRhYuEl8P6uI |
| project_id | 7b67e849f4a84d6586fbdd5abf6bb28a |
| user_id | 803b2c8e1a9943f5a0d093856b12e276 |
+------------+--------------------------------------------------------------------------------------
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+--------------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------------+
| expires | 2017-07-27T11:53:27+0000 |
| id | gAAAAABZecYnnqcHv3o2gPRjqOnBUxHIFR4HCcRT9h8SS4cKfRTUiPLiZ0UyP56RSoJ8wzib8mzDfm-X4Kut |
| | DyFIZUtRmWCiRCr5_LGexuqNnuYaxS3SEXIWSTFMDh9o8-Ha4d9-Fw0hEYMLuCb8Ns0j7_FDmA8JzVvTU3q3 |
| | GmrsdTfaZJ8IHSg |
| project_id | aa7413da4c6a4153ae4bd68851b5fe6d |
| user_id | bafa586cef644752b9c6bdf5351a8110 |
+------------+--------------------------------------------------------------------------------------
### Create OpenStack client environment scripts
[root@controller ~]# vim /root/adminrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=redhat
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim /root/demorc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=redhat
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# clear
[root@controller ~]# source /root/adminrc.sh
[root@controller ~]# openstack token issue
+------------+--------------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------------+
| expires | 2017-07-27T12:00:02+0000 |
| id | gAAAAABZeceyaN8EPLduucFqZFsCP0D3vQ8y6OnMA8BsUfYcfQc28kRiouUv8PAvxXY3JsP0vcqiKJLPKMVc |
| | -TbmgMsV6cSEeuiHSiQEDIPEsOO6niomc9AWWEMvtBmAlhmMJrxsua82onU9VP- |
| | fqaR6Lzmxgew9U_Z157R6Emqo1IJDKVdyYmo |
| project_id | 7b67e849f4a84d6586fbdd5abf6bb28a |
| user_id | 803b2c8e1a9943f5a0d093856b12e276 |
+------------+---------------------------------------------