keystone組件簡介和安裝配置
keystone是Openstack中提供認證服務的一個組件,主要負責項目管理、用戶管理,用戶鑑權,用戶信息認證等。keystone租件安裝配置在控制節點上,爲了實現可伸縮性,此配置部署Fernet令牌和ApacheHTTP服務器來處理請求,步驟如下所示:
在數據庫中創建keystone的表
mysql -uroot -pwwwwww
create database keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
安裝keystone的組件
yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached -y
其中memcached 是一個開源的、高性能的分佈式內存對象緩存系統。通過在內存中緩存數據和對象來減少讀取數據庫的次數,從而提高網站訪問速度,加速動態WEB應用、減輕數據庫負載。keystone利用Memcached來緩存租戶的Token等身份信息,從而在用戶登陸驗證時無需查詢存儲在MySQL後端數據庫中的用戶信息,這在數據庫高負荷運行下的大型openstack集羣中能夠極大地提高用戶的身份驗證過程。
啓動memcached服務:
systemctl enable memcached.service
systemctl start memcached.service
修改keystone配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
vim /etc/keystone/keystone.conf
[database]
...
connection = mysql://keystone:keystone@localhost/keystone
...
[memcache]
...
servers = localhost:11211
...
[token]
....
provider = fernet
...
同步數據庫
su -s /bin/sh -c "keystone-manage db_sync" keystone
此時在mysql中的keystone庫下已經創建成功多張表,進入數據庫中查看並驗證
設置keystone的用戶和組
設置一個查看keystone時候從組裏的用戶查找
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
設置keystone的Endpoint
keystone-manage bootstrap --bootstrap-password wwwwww --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
其中設置三種endpoint,管理(admin)、內部(internal)以及公共(public)url
配置keystone的httpd服務
修改apache服務的配置文件
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
vim /etc/httpd/conf/httpd.conf
配置文件中的修改如下:
...
ServerName 控制節點對應的主機名
...
軟連接keystone到httpd
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
啓動httpdServer
systemctl enable httpd.service
systemctl start httpd.service
systemctl status httpd.service
配置系統環境變量
在~/目錄中創建文件openrc,內容如下所示
export OS_USERNAME=admin
export OS_PASSWORD=wwwwww
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
每次打開系統之後,在命令行中通過source openrc即可登陸admin用戶,在命令行中進行openstack相關的操作
創建項目、用戶、角色等信息
創建項目
openstack project create --description "Admin Project" admin
爲項目admin創建用戶:admin
openstack user create --password-prompt admin
創建角色:admin
openstack role create admin
將角色admin授權給用戶admin
openstack role add --project admin --user admin admin
keystone官方安裝文檔:https://docs.openstack.org/keystone/train/install/keystone-install-rdo.html
glance組件簡介和安裝配置
glance組件是爲openstack中其他組件提供鏡像服務的組件。glance的鏡像服務包括:鏡像發現、鏡像註冊,拉取虛擬機鏡像等。本教程的glance組件安裝配置在控制節點,鏡像存儲於控制節點本地文件系統中
數據庫,服務憑證和endpoint的配置
登陸mysql並創建glance數據庫
mysql -uroot -pwwwwww
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
創建glance用戶並添加 admin 角色到 glance 用戶和 service 項目上
openstack user create --password-prompt glance
openstack role add --project service --user glance admin
創建glance服務實體
openstack service create --name glance --description “OpenStack Image” image
創建鏡像服務的endpoint
openstack endpoint create --region RegionOne image public http://控制節點主機名:9292
openstack endpoint create --region RegionOne image internal http://控制節點主機名:9292
openstack endpoint create --region RegionOne image admin http://控制節點主機名:9292
安裝並配置glance組件
yum install openstack-glance -y
編輯glance-api配置文件 /etc/glance/glance-api.conf
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
vim /etc/glance/glance-api.conf
以下是glance-api.conf中應該配置的內容
[database]
...
connection = mysql://glance:glance@localhost/glance
...
[keystone_authtoken]
...
auth_uri = http://控制節點主機名:5000
auth_url = http://控制節點主機名:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
...
[paste_deploy]
...
flavor = keystone
...
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
編輯glance-registry配置文件 /etc/glance/glance-registry.conf
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
vim /etc/glance/glance-registry.conf
以下是glance-registry.conf中應該配置的內容
[database]
...
connection = mysql://glance:glance@localhost/glance
[keystone_authtoken]
auth_uri = http://控制節點主機名:5000
auth_url = http://控制節點主機名:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
...
flavor = keystone
寫入鏡像服務數據庫
su -s /bin/sh -c “glance-manage db_sync” glance
進入glance數據庫驗證是否已經出現15張表
啓動glance服務並驗證
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
從官網上下載鏡像cirros進行測試
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
驗證能否上傳鏡像
openstack image create "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
glance官方安裝文檔:https://docs.openstack.org/glance/train/install/