OpenStack Growth Tour-Introduction and installation of 4 Keystone

Source: Internet
Author: User

Start speaking today about installing the components in OpenStack, then install it from Keystone, a secure authentication service, and, of course, there are some preparations to make before installing.

First of all, what is the next keystone to do?

In fact, in the early morning OpenStack is not keystone This component, some security authentication for example, user, message, API call authentication, etc. are in the Nova this module.

However, in the later development, because of a variety of modules to join OpenStack, security certification involves a wider range of aspects, such as: User login, user message delivery, module message communication, service registration and other different authentication, processing these various security certification change is more and more complex, Therefore, a module is needed to manage these different security certifications, and Keystone is born.

Whether the public cloud or private cloud, will open the interface to many users, Keystone in the authentication of many users at the same time, there are restrictions on the user's rights, Keystone will ensure the normal registration of OpenStack services, At the same time, the password verification of each service passing message is also done by Keystone.

Keystone all the data are stored in the database, this article will take MySQL as an example to explain, MySQL installation as an experimental nature, do not explain a variety of complex methods, large-scale environment installation please refer to MySQL more professional documentation.

This article uses CENTOS7 to install Keystone, special Note: It is best not to install other components on the Keystone server, otherwise prone to conflict, depending on the personal environment.

1. mysql installation

# download Mysqlrepo source

wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

# Install MYSQL-COMMUNITY-RELEASE-EL7-5.NOARCH.RPM package

RPM-IVH mysql-community-release-el7-5.noarch.rpm

After installing this package, you will get two MySQL yum repo Source:/etc/yum.repos.d/mysql-community.repo,/etc/yum.repos.d/mysql-community-source.repo.

# set MySQL root password

Use MySQL

Update user set Password=password (' 123456 ') where user= ' root ';

Exit

# set Iptables firewall

Vim/etc/sysconfig/iptables #添加一下内容

-----------------------------------------------------------------------------

-A input-p tcp-m state--state new-m TCP--dport 3306-j ACCEPT

-----------------------------------------------------------------------------

Service iptables Restart #重启下iptables

2. Keystone Installation Configuration

# Create a database

Mysql-u root–p123456

CREATE DATABASE Keystone;

GRANT all privileges the keystone.* to ' keystone ' @ ' localhost ' identified by ' Keystone '; #创建keystone用户, the password is Keystone.

GRANT all privileges the keystone.* to ' Keystone ' @ '% ' identified by ' Keystone ';

# Components required to install the Keystone

Yum-y Install Openstack-keystone python-keystoneclient

# Modify the keystone.conf configuration file

Vim/etc/keystone/keystone.conf

-----------------------------------------------------------------------------

Dmin_token = 12345678 #这里可以随意写, but you need to remember

verbose = True

[database]connection = Mysql://keystone:[email Protected]/keystone

-----------------------------------------------------------------------------

# Synchronize Database

Su-s/bin/sh-c "Keystone-manage Db_sync" Keystone

# Restart Service

Systemctl Enable Openstack-keystone.service

Systemctl Start Openstack-keystone.service

# Create tenants, users, and roles

Keystone Tenant-create--name domain--description "Admin tenant"

Keystone User-create--name domain--pass users--email [email protected]

Keystone role-create--name Domain

# License

Keystone User-role-add--tenant domain--user domain--role domain

# Create Services

Keystone Tenant-create--name service--description "service Tenant"

# Create service entity and API endpoint

Keystone Service-create--name Keystone--type identity \--description "OpenStack identity"

Keystone Endpoint-create \--service-id $ (Keystone Service-list | awk '/identity/{print $} ') \--publicurl Http://contro ller:5000/v2.0 \--internalurl http://controller:5000/v2.0 \--adminurl http://controller:35357/v2.0 \--region Regionone

# Validation Actions

Keystone User-list # Normal display means the installation is successful.


This article is installed using the most concise installation, please according to the internal requirements of the company planning, then Keystone even if the installation is completed, tomorrow will give you a brief introduction of the important components of swift, installation and accession to the Keystone Registration service, the later more wonderful, Please pay attention to me.




This article is from the "11283981" blog, please be sure to keep this source http://11293981.blog.51cto.com/11283981/1793198

OpenStack Growth Tour-Introduction and installation of 4 Keystone

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.