Start speaking today about installing the components in OpenStack, then install it from Keystone, a secure authentication service, and, of course, there are some preparations to make before installing.
First of all, what is the next keystone to do?
In fact, in the early morning OpenStack is not keystone This component, some security authentication for example, user, message, API call authentication, etc. are in the Nova this module.
However, in the later development, because of a variety of modules to join OpenStack, security certification involves a wider range of aspects, such as: User login, user message delivery, module message communication, service registration and other different authentication, processing these various security certification change is more and more complex, Therefore, a module is needed to manage these different security certifications, and Keystone is born.
Whether the public cloud or private cloud, will open the interface to many users, Keystone in the authentication of many users at the same time, there are restrictions on the user's rights, Keystone will ensure the normal registration of OpenStack services, At the same time, the password verification of each service passing message is also done by Keystone.
Keystone all the data are stored in the database, this article will take MySQL as an example to explain, MySQL installation as an experimental nature, do not explain a variety of complex methods, large-scale environment installation please refer to MySQL more professional documentation.
This article uses CENTOS7 to install Keystone, special Note: It is best not to install other components on the Keystone server, otherwise prone to conflict, depending on the personal environment.
1. mysql installation
# download Mysqlrepo source
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
# Install MYSQL-COMMUNITY-RELEASE-EL7-5.NOARCH.RPM package
RPM-IVH mysql-community-release-el7-5.noarch.rpm
After installing this package, you will get two MySQL yum repo Source:/etc/yum.repos.d/mysql-community.repo,/etc/yum.repos.d/mysql-community-source.repo.
# set MySQL root password
Use MySQL
Update user set Password=password (' 123456 ') where user= ' root ';
Exit
# set Iptables firewall
Vim/etc/sysconfig/iptables #添加一下内容
-----------------------------------------------------------------------------
-A input-p tcp-m state--state new-m TCP--dport 3306-j ACCEPT
-----------------------------------------------------------------------------
Service iptables Restart #重启下iptables
2. Keystone Installation Configuration
# Create a database
Mysql-u root–p123456
CREATE DATABASE Keystone;
GRANT all privileges the keystone.* to ' keystone ' @ ' localhost ' identified by ' Keystone '; #创建keystone用户, the password is Keystone.
GRANT all privileges the keystone.* to ' Keystone ' @ '% ' identified by ' Keystone ';
# Components required to install the Keystone
Yum-y Install Openstack-keystone python-keystoneclient
# Modify the keystone.conf configuration file
Vim/etc/keystone/keystone.conf
-----------------------------------------------------------------------------
Dmin_token = 12345678 #这里可以随意写, but you need to remember
verbose = True
[database]connection = Mysql://keystone:[email Protected]/keystone
-----------------------------------------------------------------------------
# Synchronize Database
Su-s/bin/sh-c "Keystone-manage Db_sync" Keystone
# Restart Service
Systemctl Enable Openstack-keystone.service
Systemctl Start Openstack-keystone.service
# Create tenants, users, and roles
Keystone Tenant-create--name domain--description "Admin tenant"
Keystone User-create--name domain--pass users--email [email protected]
Keystone role-create--name Domain
# License
Keystone User-role-add--tenant domain--user domain--role domain
# Create Services
Keystone Tenant-create--name service--description "service Tenant"
# Create service entity and API endpoint
Keystone Service-create--name Keystone--type identity \--description "OpenStack identity"
Keystone Endpoint-create \--service-id $ (Keystone Service-list | awk '/identity/{print $} ') \--publicurl Http://contro ller:5000/v2.0 \--internalurl http://controller:5000/v2.0 \--adminurl http://controller:35357/v2.0 \--region Regionone
# Validation Actions
Keystone User-list # Normal display means the installation is successful.
This article is installed using the most concise installation, please according to the internal requirements of the company planning, then Keystone even if the installation is completed, tomorrow will give you a brief introduction of the important components of swift, installation and accession to the Keystone Registration service, the later more wonderful, Please pay attention to me.
This article is from the "11283981" blog, please be sure to keep this source http://11293981.blog.51cto.com/11283981/1793198
OpenStack Growth Tour-Introduction and installation of 4 Keystone