Oracle VM + centos7.1+openstack kilo Multi-node installation tutorial---Keystone installation (3)

Disclaimer: The recent installation of the kilo version of OpenStack found that there were very few existing web tutorials and that most of the tutorials did not install successfully, So write this tutorial. The installation of OpenStack is complex, and this tutorial does not guarantee that it will be installed successfully in different environments. Personal installation tutorials are also prone to errors. At the same time, the installation is in the virtual machine environment, the real installation environment needs to be changed.

Reprint please declare the source:

Zhang someone ER

Original link:http://blog.csdn.net/xinxing__8185/article/details/51191337

Part II installation of the Keystone(3)
OpenStack Basic Concepts explained:

A tenant (tenant) is a project in OpenStack. When you create a user, you must first assign a tenant to the user, or you will not be able to create the user, so you first create the tenant.

A roleis a permission that is assigned to a user in a tenant. Here you configure two roles, one admin role for managing the cloud environment, and another member role for assigning to ordinary users who use the cloud environment .

When you add a user to the openstack Authentication Service, you must have a tenant that can accommodate the user, and you need to define a role that can be assigned to that user.

Each service in the cloud environment runs on a specific URL and Port, which is the endpoint address of those services. When a client program is connected to a cloud environment,theKeystone Authentication Service is responsible for returning the endpoint addresses of each service in the cloud environment so that the client program is using these services. To start this feature, you must define these endpoints first. In a cloud environment, you can define multiple regions, and you can interpret different regions as different data centers, each with a different URL and IP address. In Openstack identity authentication, you can define URL endpoints separately in each region . Here, there is only one area, identified as Regionone.

Create service

Chown-r Keystone:keystone/var/log/keystonechown-r Keystone:keystone/etc/keystone

Creating environment Variables

Export Os_token=openstackexport os_url=http://controller:35357/v2.0

Creating services and Endpoint

OpenStack Service Create--name Keystone--description "Opentack identity" identity OpenStack endpoint Create--publicurl http://controller:5000/v2.0--internalurl http://controller:5000/v2.0--adminurl http://controller:35357/v2.0-- Region Regionone Identity

Create projects,users,roles

OpenStack Project Create--description "admin project" Adminopenstack user create--password-prompt Admin #这里需要设置密码, I set to: Adminopenstack role Create Adminopenstack role Add--project admin--user admin admin #admin角色 OpenStack Project Create-- Description "Service Project" Serviceopenstack project Create--description "Demo project" Demoopenstack User Create--pas Sword-prompt demo #这里需要设置密码, I set to: demoopenstack role Create Useropenstack role add--project demo--user demo user  #use R role

  

Test action

Vim/usr/share/keystone/keystone-dist-paste.ini

The corresponding configuration file is configured as follows:

[pipeline:public_api]pipeline = Admin_token_auth removed [Pipeline:admin_api] pipeline = instead admin_token_auth removed [pipeline : Api_v3] Pipeline = Remove Admin_token_auth instead

unset os_token os_url OpenStack--os-auth-url http://controller:35357--os-project-name Admin--os-username admin-- Os-auth-type Password Token issue

Note: The appropriate display results can be found in the official manual

Create an environment variable file

Vim admin-openrc.sh

The documents in the Official Handbook are as follows:

Export Os_project_domain_id=defaultexport os_user_domain_id=defaultexport os_project_name=adminexport OS_TENANT_ Name=adminexport Os_username=adminexport Os_password=openstackexport Os_auth_url=http://controller:35357/v3

Note: However, the author in the installation of the following components, there will be auth_url version of the problem, the relevant configuration file (in the official document), the authentication URL is v2 version, if the source of this file, there will be unable to find the authentication Service error.

The author's file contents are as follows:

Export Os_project_name=adminexport os_tenant_name=adminexport os_username=adminexport OS_PASSWORD=admin#export OS_ Auth_url=http://controller:35357/v2.0/export Os_token=openstackexport Os_url=http://controller:35357/v2.0/export Os_region_name=regionone

Note: Of course this environment variable file is based on the above created service and endpoint, and Admin user. If the above steps are different, make the relevant changes.

Test it:

SOURCE Admin-openrc.shopenstack Token Issue

If everything works, the Keystone component is installed successfully.

Oracle VM + centos7.1+openstack kilo Multi-node installation tutorial---Keystone installation (3)