###openstack-ocata 單節點安裝 部署 目錄彙總

一. 建立keystone資料庫端點，資料庫等

mysql -u root -p

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

--------------------------------------------------------------------------------

二 . 安裝keystone軟體包

yum install openstack-keystone httpd mod_wsgi

--------------------------------------------------------------------------------
三 . 配置keystone檔案
cp /etc/keystone/keystone.conf{,.bak}
>/etc/keystone/keystone.conf

echo "
[DEFAULT]
verbose = true

[database]

connection = mysql+pymysql://keystone:

[token]

provider = ferne

">/etc/keystone/keystone.conf

--------------------------------------------------------------------------------
四 . 填充資料庫服務

su -s /bin/sh -c "keystone-manage db_sync" keystone

--------------------------------------------------------------------------------
五 . 初始化儲存庫

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

--------------------------------------------------------------------------------

六 . 引導身份服務

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

--------------------------------------------------------------------------------

七 . 編輯httpd 配置檔案

cp /etc/httpd/conf/httpd.conf{,.bak}
echo "ServerName controller">>/etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

-------------------------------------------------------------------------------

八 . 啟動keystone服務並設定開機自動啟動

systemctl enable httpd.service
systemctl start httpd.service
systemctl status httpd.service

--------------------------------------------------------------------------------

九 . 配置身份認證檔案

echo '
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
'>>/root/adminrc

--------------------------------------------------------------------------------

十 . 建立域，專案，使用者和角色

openstack project create --domain default --description "Service Project" service

openstack project create --domain default --description "Demo Project" demo

openstack user create --domain default --password-prompt demo

openstack role create user

openstack role add --project demo --user demo user

--------------------------------------------------------------------------------

十一 . 建立demo使用者認證

echo '
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
'>>/root/demorc

--------------------------------------------------------------------------------

十三 . 驗證

. adminrc
openstack user list

.demorc
openstack user list