This series of articles will teach you how to build an OpenStack development environment from scratch across multiple OpenStack systems. The installation version of OpenStack used in the current tutorial is version 20 Train (version T for short). Release Note Train, Originally Released: 16 October, 2019 13 May, 2020 Victoria, Originally Released: 14 October, 2020
The nuggets community
OpenStack Ussuri offline Deployment: OpenStack Train Offline Deployment: OpenStack Ussuri Offline deployment
OpenStack Train Offline deployment | 0 Local offline deployment yum OpenStack Train offline deployment | 1 Controller node – Environment Preparation OpenStack Train Offline deployment | 2 Compute node – Environment Preparation OpenStack Train offline deployment | 3 controller nodes -Keystone authentication service component OpenStack Train offline deployment | 4 controller nodes -Glance image service component OpenStack Train offline deployment | 5 Controller nodes -Placement service component OpenStack Train Offline deployment | 6.1 Controller Node -Nova Computing service component OpenStack Train Offline deployment | 6.2 Compute Node -Nova Computing service Component OpenStack Train Offline deployment | 6.3 Controller Node -Nova Computing service component OpenStack Train Offline Deployment | 7.1 Controller Node -Neutron Network service Component OpenStack Train Offline Deployment | 7.2 Compute Node -Neutron Network service Component OpenStack Train deployment | 7.3 Controller Node -Neutron Service component OpenStack Train Deployment | 8 Controller Node -Horizon Service component OpenStack Train Deployment | 9 Start an OpenStack instance Train Offline deployment | 10 Controller node -Heat service component OpenStack Train Offline deployment | 11.1 Controller Node -Cinder Storage Service Component OpenStack Train Offline deployment | 11.2 Storage node -Cinder storage service component OpenStack Train Offline Deployment | 11.3 Controller Node -Cinder Storage Service Component OpenStack Train Offline Deployment | 11.4 Compute Node -Cinder Storage Service Component OpenStack Offline Deployment of Train | 11.5 Instance Using -Cinder storage service components
Gold Mining community: Customizing OpenStack Images | Customizing OpenStack images | Environment Preparation Customizing OpenStack images | Windows7 Customizing OpenStack images | Windows10 Customizing OpenStack images | Linux Customize an OpenStack image | Windows Server2019
CSDN
CSDN: OpenStack Ussuri Offline Installation and Deployment Series (full) OpenStack Train Offline Installation and Deployment Series (full) Looking forward to making progress together with you.
OpenStack Train Offline deployment | 3 Controller node -Keystone authentication service component
Openstack (Rocky version)-02 Installing Keyston Authentication Service Components (controller nodes)
1. Create and authorize the Keystone database
1. Log in to the database
Log in to the mysql database as user root. The password is root that was set during the initialization of mysql data during the preparation of the controller node environment.
mysql -u root -proot
Copy the code2. Create and authorize the Keystone database
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@The '%' \
IDENTIFIED BY 'keystone';
flush privileges;
show databases;
select user,host from mysql.user;
exit
Copy the codeInstall and configure Keystone software
1. Install Keystone software
#Configure the Apache service to authenticate service requests using the HTTP server with "mod_wsgi" on ports 5000 and 35357. By default, the Kestone service still listens on these ports
yum install httpd mod_wsgi -y
yum install openstack-keystone python-keystoneclient -y
#For quick configuration
yum install openstack-utils -y
Copy the code2. Quickly modify keystone configurations
#The following quick configuration method requires Openstack-utils to be installed
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet
#Note: Keystone does not need to connect to RabbitMQ
#View the configurations that have taken effect
egrep -v "^#|^$" /etc/keystone/keystone.conf
#Check the effective configurations in other ways
grep '^[a-z]' /etc/keystone/keystone.conf
#Keystone does not need to be started and is invoked through the HTTP service
Copy the code3. Initialize the keystone database synchronization
Synchronizing the Keystone Database
su -s /bin/sh -c "keystone-manage db_sync" keystone
Copy the code4. After the synchronization is complete, test the connection
mysql -ukeystone -pkeystone -e "use keystone; show tables;" Mysql -h192.168.232.101 -ukeystone -pkeystone -e "use keystone; show tables;" |wc -lCopy the code5. Initialize the Fernet token library
Initialize Fernet Tokens
#No information is displayed after the following command is executed
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Copy the code6. Start Apache (HTTPD)
(1) Modify the HTTPD master configuration file
sed -i "s/#ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
Copy the codeor
vim /etc/httpd/conf/httpd.conf +95
-------------------------------------
ServerName controller
-------------------------------------
Copy the code(2) Configure the virtual host
#You can also copy the shortcut to creating the Keystone virtual host profile
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
Copy the codeIf HTTP does not start, disable selinux or install yum install openstack-selinux
systemctl start httpd.service
systemctl status httpd.service
netstat -anptl|grep httpd
systemctl enable httpd.service
systemctl list-unit-files |grep httpd.service
Copy the codeAt this point, the HTTP service is configured
7. Initialize the Keystone authentication service
(1) Create a Keystone user and initialize service entities and API endpoints. Create a user with the password ADMIN_PASS to log in to openstack as the admin user. In this case, the password is also admin. Create the Keystone service entity and identity authentication service. The following three types are public, internal, and managed.
- Add API endpoints for three service entities to the endpoint table
- Create the admin user in the local_user table
- Create admin and Default projects in the Project table (Default domain)
- Create three roles in the role table: admin, Member, and Reader.
- Create the identity service in the Service table
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
source admin-openrc.sh
openstack catalog list
Copy the code(1) Change the controller to the IP address of the management network, so that other hosts can easily call the API, or set the controller to the corresponding IP address in the host file of other hosts. In the previous version (before Queens), the boot service required two ports (user 5000 and management 35357). In this version, the service is provided through the same port. Keystone introduction, Keystone introduction and installation Endpoint is an address that can be accessed on the network, usually a URL. The Service exposes its API through an Endpoint. Keystone manages and maintains the Endpoint of each Service. You can use the following command to view the Endpoint.
(2) Temporarily configure variables related to the administrator account for management
#Here,exportOS_PASSWORD uses ADMIN_PASS as configured aboveexport OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3
#View the declared variables
env |grep OS_
Copy the codeNote: Common openstack management commands require environment variables of application administrators
#View keystone instance information
openstack endpoint list
openstack project list
openstack user list
#Delete the endpoint
openstack endpoint delete [ID]
Copy the code8. Create a common instance of Keystone
1
www.cnblogs.com/shhnwangjia…
openstack service create \
--name=keystone \
--description="Keystone Identity Service" \
identity
openstack user create --password admin admin
openstack role create admin
openstack project create admin
openstack role add --project admin --user admin admin
openstack user create --password demo demo
openstack role create _member_
openstack project create demo
openstack role add --project demo --user demo _member_
Copy the code() 2
Create user admin. 1. Create user admin# keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL2. Create the admin role# keystone role-create --name=admin3. Create the admin vstore# keystone tenant-create --name=admin --description="Admin Tenant"4. Associate the admin user, the admin role, and the admin tenant# keystone user-role-add --user=admin --tenant=admin --role=admin5. Associate user admin, _member_ role, and tenant admin# keystone user-role-add --user=admin --role=_member_ --tenant=adminTo create a common user, repeat the following steps to create other users. When creating other users, skip the steps of creating tenants. 1. Create a Demo user# keystone user-create --name=demo --pass=DEMO_PASS--email=DEMO_EMAIL2. Create a Demo vstore:# keystone tenant-create --name=demo --description="Demo Tenant"3. Associate the Demo user, _member_ role, and Demo tenant# keystone user-role-add --user=demo --role=_member_ --tenant=demoCreating a service Tenant OpenStack services require a user name, tenant, and role to access other OpenStack services. All OpenStack services share a tenant named service. Creating a Service vstore# keystone tenant-create --name=service --description="Service Tenant"———————————————— Copyright notice: this article is written BY CSDN blogger "KILL_USR" and is reproduced under THE CC 4.0 BY-SA copyright agreement. Please attach a link to the original source and this notice. The original link: https://blog.csdn.net/shajc0504/article/details/39835817Copy the codeCreate domain domain, project projects, user users, role roles, and OpenStack. The official description is Keystone-users-rdo
Domain: default, which has been created in the Keystone bootstrapper step.
The actual operation
DO as followed
Create a project named example in the project table
openstack domain create --description "An Example Domain" example
Copy the code(2) [Must] Create a project named service in the default domain. For general (non-administrative) tasks, an unprivileged user is required. The following command creates a project named service in the project table
openstack project create --domain default --description "Service Project" service
Copy the code(3) [Not required] Create a project named myProject in the default domain.
As a regular user (non-administrator) project, to provide services for regular users. The following command creates a project named myProject in the project table
openstack project create --domain default --description "Demo Project" myproject
Copy the code(4) [Not required] Create user myuser in default domain. The following command adds the user myuser to the local_user table. Using the –password option to directly configure a plaintext password, and using the –password-prompt option to directly create a user and password for interactive password entry
openstack user create --domain default --password=myuser myuser
Copy the codeOr interactively enter passwords
openstack user create --domain default --password-prompt myuser
Copy the code(5) [Not required] Create role myrole in the role table.
openstack role create myrole
Copy the code[Required] However, a default role user or _member_ needs to be created
openstack role create user
Copy the codeCause: User is specified in the /etc/openstack-dashboard-local_settings file
vim /etc/openstack-dashboard/local_settings
--------------
# OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_HOST = "controller"
#unchanged
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#add new
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
--------------
Copy the codeOpenStack Offline Train installation series – 8. Controller Node -Horizon Service component
(6) Add the role myrole to the project myProject and the following commands of the user myuser do not return, the operation of the data table is not obvious
openstack role add --project myproject --user myuser myrole
Copy the code8. The role name of the Horizon service component on the controller node can also be changed to _member_ when keystone is created in step 5
(7) View keystone instance information
openstack endpoint list
openstack project list
openstack user list
Copy the code3. Check whether keystone is successfully installed
1. Remove environment variables
Disable the temporary authentication token mechanism, obtain the token, and verify that keystone is successfully configured
unset OS_AUTH_URL OS_PASSWORD
env |grep OS_
##
Copy the code2. Request an authentication token as an administrator
Test whether you can use the admin account for login authentication and request authentication token
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue Enter the password adminCopy the code3. Obtain the authentication token as a common user
The following command allows only regular (non-administrative) access to the authentication service API using the password of user “myuser” and API port 5000.
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser token issue Enter the password: myuserCopy the codeCreate environment variable scripts on the OpenStack client
Create OpenStack Client environment scripts, which uses a combination of environment variables and command options to interact with the identity authentication service through the OpenStack client. To improve the efficiency of client operations, OpenStack supports simple client-side environment variable scripts called OpenRC files. I use custom file names here
1. Create an environment management script for user admin
cd
touch admin-openrc.sh
vim admin-openrc.sh
#The file contentexport OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2Copy the code2. Create a client environment variable script for common user myuser
touch myuser-openrc.sh
vim myuser-openrc.sh
#The file content
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Copy the code3. Test environment management script
source admin-openrc.sh
openstack token issue
source myuser-openrc.sh
openstack token issue
Copy the codeIf the user_id is the same as that obtained using the preceding command, the configuration is successful
5. Keystone is installed
The Keystone authentication service component has been installed and configured on the controller node. If VMware VMS are used, they can be shut down to create snapshots.