Openstack安装（1）—keystone配置

(controller)keystone的工作细节：

OpenStack Keystone Workflow & Token Scoping

1.创建tenant openstackDemo

$ keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 tenant-create —name openstackDemo —description “Default Tenant”
+——————-+—————————————————+
| Property | Value |
+——————-+—————————————————+
| description | Default Tenant |
| enabled | True |
| id | ac0da7079c8d4bc2b95009175b21fa66 |
| name | openstackDemo |
+——————-+—————————————————+
2.创建用户admin
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-create —tenant-id ac0da7079c8d4bc2b95009175b21fa66 —name admin —pass keystoneadmin
+—————+————————————————————————————————————————————————————————————-+
| Property | Value |
+—————+————————————————————————————————————————————————————————————-+
| email | |
| enabled | True |
| id | 264de00cea3348cda1b968f31b369e92 |
| name | admin |
| password | $6$rounds=40000$cjEp2NZMf67VgeML$qognuEx/idO5meuCN0VQZfD4t9skm9K25ymF8XWt.4UYaFteJZHQQCUpd6oLYswHdliTKNJT9NNysbT8ozTlm. |
| tenantId | ac0da7079c8d4bc2b95009175b21fa66 |
+—————+————————————————————————————————————————————————————————————-+
3.创建role,admin和member
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 role-create —name admin
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 role-create —name Member
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 role-list
+—————————————————+————+
| id | name |
+—————————————————+————+
| 13253694d6704b19bbcbdc96877d9262 | Member |
| 25f36f99603c4c95888e71793365826e | admin |
+—————————————————+————+
4.在租户openStackDemo中，将角色admin赋予用户admin。user-role-add
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-role-add —user-id 264de00cea3348cda1b968f31b369e92 —tenant-id ac0da7079c8d4bc2b95009175b21fa66 —role-id 25f36f99603c4c95888e71793365826e
这个命令没有任何输出。
通过以上四步，keystone的基本使用方法明了了。
-——————————————————————————-分割线————————————————————————————————————————————————————-

现在为几个组建创建租户、用户、角色。

一、Glance
1.创建租户service
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 tenant-create —name service —description “Service Tenant”
+——————-+—————————————————+
| Property | Value |
+——————-+—————————————————+
| description | Service Tenant |
| enabled | True |
| id | a295e1962f124d2992beacbec452d9c4 |
| name | service |
+——————-+—————————————————+
2.在租户service中创建用户glance
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-create —tenant-id a295e1962f124d2992beacbec452d9c4 —name glance —pass glance
+—————+————————————————————————————————————————————————————————————-+
| Property | Value |
+—————+————————————————————————————————————————————————————————————-+
| email | |
| enabled | True |
| id | b6edb3ec9e2e49d39f3a01d4f8981772 |
| name | glance |
| password | $6$rounds=40000$5lWn2BruhOqK/O.6$JBpB8DGl8IMEDjbdp9YEGid5r4I96g/qkimZ1zGjNkE8EJJZL7JQBV2A4tLRa/wDBAWXiTCl.RtO/G2RJJtUR. |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+—————+————————————————————————————————————————————————————————————-+
3.在租户service中，将角色admin赋予用户glance。
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-role-add —user-id b6edb3ec9e2e49d39f3a01d4f8981772 —tenant-id a295e1962f124d2992beacbec452d9c4 —role-id 25f36f99603c4c95888e71793365826e

二、Nova
1.在租户service中创建用户nova
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-create —tenant-id a295e1962f124d2992beacbec452d9c4 —name nova —pass nova
+—————+————————————————————————————————————————————————————————————-+
| Property | Value |
+—————+————————————————————————————————————————————————————————————-+
| email | |
| enabled | True |
| id | d746324fe1aa436087e87e92b38ed2d8 |
| name | nova |
| password | $6$rounds=40000$.xbXsBlZ3cgkRJe6$j8d.p/6GstU3S5RCbSt5iEBIgXeK9QArjDiIyCW5.j/uZoB2hG3YbKspf0uSfV2UKvvhg/04WgOFGLorZiv7p0 |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+—————+————————————————————————————————————————————————————————————-+
2.在租户service中，将角色admin赋予用户nova。
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-role-add —user-id d746324fe1aa436087e87e92b38ed2d8 —tenant-id a295e1962f124d2992beacbec452d9c4 —role-id 25f36f99603c4c95888e71793365826e

三、EC2 Service
1.在租户service中创建用户ec2
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-create —tenant-id a295e1962f124d2992beacbec452d9c4 —name ec2 —pass ec2
+—————+————————————————————————————————————————————————————————————-+
| Property | Value |
+—————+————————————————————————————————————————————————————————————-+
| email | |
| enabled | True |
| id | e88417ed8c394d73a52f7709a113bb9a |
| name | ec2 |
| password | $6$rounds=40000$ki7fxWVrFhEeQclE$BPelQcPtikG4x/yQg26QtnWA4Z1A.Bj7VwALxjMUotPf5syivhj7IgqCuIExZRsNniopKjfGSt.yXgCkIesWc/ |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+—————+————————————————————————————————————————————————————————————-+
2.在租户service中，将角色admin赋予用户ec2
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-role-add —user-id e88417ed8c394d73a52f7709a113bb9a —tenant-id a295e1962f124d2992beacbec452d9c4 —role-id 25f36f99603c4c95888e71793365826e

四、Object Storage Service （swift）
1.在租户service中创建用户swift
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-create —tenant-id a295e1962f124d2992beacbec452d9c4 —name swift —pass swift
+—————+————————————————————————————————————————————————————————————-+
| Property | Value |
+—————+————————————————————————————————————————————————————————————-+
| email | |
| enabled | True |
| id | 3a8ccf71549f491b8eccc31b4b04d80e |
| name | swift |
| password | $6$rounds=40000$SthEV8h8scvp9hBJ$r6oCf8J1OGb39QymElLJr79XD6suL4jKimUHLrz8VWz3W2Wxl8EqCYmYZUBs8LigGUNGDrG.9mrhJQ86/AgKH1 |
| tenantId | a295e1962f124d2992beacbec452d9c4 |
+—————+————————————————————————————————————————————————————————————-+
2.在租户service中，将角色admin赋予用户swift
keystone —token 558ec87e86aa43b11798 —endpoint http://10.10.4.47:35357/v2.0 user-role-add —user-id 3a8ccf71549f491b8eccc31b4b04d80e —tenant-id a295e1962f124d2992beacbec452d9c4 —role-id 25f36f99603c4c95888e71793365826e

-—————————————————————————分割线——————————————————————————————-
为了在命令中少两个参数：
export SERVICE_ENDPOINT=”http://localhost:35357/v2.0“
export SERVICE_TOKEN=558ec87e86aa43b11798

为各组件配置服务
keystone service-create —name=keystone —type=identity —description=”Keystone Identity Service”

keystone service-create —name=nova —type=compute —description=”Nova Compute Service”

keystone service-create —name=volume —type=volume —description=”Nova Volume Service”

keystone service-create —name=glance —type=image —description=”Glance Image Service”

keystone service-create —name=ec2 —type=ec2 —description=”EC2 Compatibility Layer”

为各组件配置服务endpoint
1.keystone
keystone endpoint-create —region RegionOne —service-id=0ef9d77e2ca44d2e94a58f98eaea46fc \
—publicurl=http://10.10.4.47:5000/v2.0 \
—internalurl=http://192.168.1.2:5000/v2.0 \
—adminurl=http://10.10.4.47:35357/v2.0
2.nova
keystone endpoint-create \
—region RegionOne \
—service-id=ec5b17f444ed49a9b5f785eff16be656 \
—publicurl=’http://10.10.4.47:8774/v2/%(tenant\_id)s‘ \
—internalurl=’http://192.168.1.2:8774/v2/%(tenant\_id)s‘ \
—adminurl=’http://10.10.4.47:8774/v2/%(tenant\_id)s‘
3.volume
keystone endpoint-create \
—region RegionOne \
—service-id=1ab16c3a56314f81bf6d7ab4c96cf9ba \
—publicurl=’http://10.10.4.47:8776/v1/%(tenant\_id)s‘ \
—internalurl=’http://192.168.1.2:8776/v1/%(tenant\_id)s‘ \
—adminurl=’http://10.10.4.47:8776/v1/%(tenant\_id)s‘
4.glance
keystone endpoint-create \
—region RegionOne \
—service-id=f3e375536aac48fa8463660bbe91c12a \
—publicurl=http://10.10.4.47:9292/v1 \
—internalurl=http://192.168.1.2:9292/v1 \
—adminurl=http://10.10.4.47:9292/v1
5.ec2
keystone endpoint-create \
—region RegionOne \
—service-id=2e7c422762a24306879dc3459c8d4ac0 \
—publicurl=http://10.10.4.47:8773/services/Cloud \
—internalurl=http://192.168.1.2:8773/services/Cloud \
—adminurl=http://10.10.4.47:8773/services/Admin
6.swift
keystone endpoint-create \
—region RegionOne \
—service-id=b0753c9823ec43bba5f44a431df108f4 \
—publicurl ‘http://10.10.4.47:8888/v1/AUTH\_%(tenant\_id)s‘ \
—adminurl ‘http://10.10.4.47:8888/v1‘ \
—internalurl ‘http://192.168.1.2:8888/v1/AUTH\_%(tenant\_id)s‘
+—————————————————+—————-+———————————————————————+———————————————————————-+————————————————————-+—————————————————+
| id | region | publicurl | internalurl | adminurl | service_id |
+—————————————————+—————-+———————————————————————+———————————————————————-+————————————————————-+—————————————————+
| 213af135dbf74933a24872b3a2d6c4b8 | RegionOne | http://10.10.4.47:8888/v1/AUTH\_%(tenant\_id)s | http://192.168.1.2:8888/v1/AUTH\_%(tenant\_id)s | http://10.10.4.47:8888/v1 | b0753c9823ec43bba5f44a431df108f4 |
| 2e80ec27f90d48648ae6326ca34eeba7 | RegionOne | http://10.10.4.47:8774/v2/%(tenant\_id)s | http://192.168.1.2:8774/v2/%(tenant\_id)s | http://10.10.4.47:8774/v2/%(tenant\_id)s | ec5b17f444ed49a9b5f785eff16be656 |
| 6a97f8e4d265421baa757ce262333bf2 | RegionOne | http://10.10.4.47:9292/v1 | http://192.168.1.2:9292/v1 | http://10.10.4.47:9292/v1 | f3e375536aac48fa8463660bbe91c12a |
| b4ab7b18688a461dbdb375ade57c7f22 | RegionOne | http://10.10.4.47:8776/v1/%(tenant\_id)s | http://192.168.1.2:8776/v1/%(tenant\_id)s | http://10.10.4.47:8776/v1/%(tenant\_id)s | 1ab16c3a56314f81bf6d7ab4c96cf9ba |
| bbd0e9146ccd4a3aa329c2379960efa7 | RegionOne | http://10.10.4.47:5000/v2.0 | http://192.168.1.2:5000/v2.0 | http://10.10.4.47:35357/v2.0 | 0ef9d77e2ca44d2e94a58f98eaea46fc |
| fadb5bb02f364e838781179b3909afc2 | RegionOne | http://10.10.4.47:8773/services/Cloud | http://192.168.1.2:8773/services/Cloud | http://10.10.4.47:8773/services/Admin | 2e7c422762a24306879dc3459c8d4ac0 |
+—————————————————+—————-+———————————————————————+———————————————————————-+————————————————————-+—————————————————+
验证
keystone --os-username=admin —os-password=keystoneadmin —os-auth-url=http://10.10.4.47:35357/v2.0 token-get
No handlers could be found for logger “keystoneclient.v2_0.client”
+—————+—————————————————+
| Property | Value |
+—————+—————————————————+
| expires | 2013-03-02T01:25:40Z |
| id | 00d71cef161a467ebb3ef3646172906c |
| user_id | 264de00cea3348cda1b968f31b369e92 |
+—————+—————————————————+

Openstack安装（2）——glance安装与配

１.安装

nova与glance yum install openstack-glance

2.数据库建立与配置

mysql -u root –p

mysql> CREATE DATABASE glance;

mysql> GRANT ALL ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘[YOUR_GLANCEDB_PASSWORD]‘;

mysql> GRANT ALL ON glance.* TO ‘glance’@’localhost’ IDENTIFIED BY ‘[YOUR_GLANCEDB_PASSWORD]‘;

mysql> quit

用户名 glance 密码 glanceadmin

二、glance配置

1.配置文件

glance-api.conf

2.让glance-api服务支持OpenStack Images API的两个版本。

enable_v1_api=True
enable_v2_api=True

3.官方文档指出，如果要支持V2 API，还需要一些配置。

In order to use the v2 API, you must copy the necessary SQL configuration from your glance-registry service to your glance-api configuration file.

4.配置认证（keystone）

/etc/glance/glance-api-paste.ini
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance

5.添加keyStone支持

/etc/glance/glance-api.conf

[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance

[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
config_file = /etc/glance/glance-api-paste.ini

# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as ‘keystone’.
flavor=keystone

6.重启服务

service openstack-glance-api restart

7.配置glance-registry

文件/etc/glance/glance-registry.conf
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance

[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
config_file = /etc/glance/glance-registry-paste.ini

8支持keystone

更新文件/etc/glance/glance-registry-paste.ini
# Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = authtoken context registryapp

9.数据库 /etc/glance/glance-registry.conf

sql_connection = mysql://glance:[YOUR_GLANCEDB_PASSWORD]@192.168.206.130/glance

10.初始化数据库

glance-manage db_sync

11.重启动服务

service openstack-glance-api restart
service openstack-glance-registry restart

12.异常处理，查看日志

/var/log/glance/registry.log
/var/log/glance/api.log

13.环境变量

export OS_USERNAME=admin
export OS_TENANT_NAME=openstackDemo
export OS_PASSWORD=keystoneadmin
export OS_AUTH_URL=http://localhost:5000/v2.0/
export OS_REGION_NAME=RegionOne

14.使用

glance image-create —name=cirros-0.3.0-x86_64 —disk-format=qcow2 —container-format=bare < stackimages/cirros.img
Added new image with ID: f4addd24-4e8a-46bb-b15d-fae2591f1a35