Log in Controller1 first to create the Keystone database and assign permissions to remote and local access. mysql-u root-pCREATE DATABASE Keystone;GRANT All privileges the keystone.* to ' keystone ' @ ' localhost ' identified by ' venic8888 ';GRANT All privileges the keystone.* to ' Keystone ' @ '% ' identified by ' venic8888 ';flush Privileges; 2 controller server (KXCONTROLELR1 kxcontroller2) installs components of other stateless services, Yum Install openstack-keystone httpd mod_wsgi memcached python-memcached-yOpen Memcache FirstSystemctl Enable Memcached.servicesystemctl start Memcached.service Controller1 onvi/etc/keystone/keystone.conf [DEFAULT]Admin_token = Venicchinaverbose = True[Database]connection = Mysql://keystone:[email Protected]/keystone[Memcache]servers = controller1:11211[token]Provider = UUIDDriver = memcacheexpiration = 86400caching = Truecache_time = 86400[Revoke]Driver = SQLExpiration_buffer = 86400caching = Truecache_time = 86400[Catalog]Driver = Keystone.catalog.backends.sql.Catalog[Identity]Driver = keystone.identity.backends.sql.Identity Controller2 onvi/etc/keystone/keystone.conf[DEFAULT]Admin_token = Venicchinaverbose = True[Database]connection = Mysql://keystone:[email Protected]/keystone[Memcache]servers = controller2:11211[token]Provider = UUIDDriver = memcacheexpiration = 86400caching = Truecache_time = 86400[Revoke]Driver = SQLExpiration_buffer = 86400caching = Truecache_time = 86400[Catalog]Driver = Keystone.catalog.backends.sql.Catalog[Identity]Driver = keystone.identity.backends.sql.Identity each of the above two sets of yellow bottom 86400 is the token to define the expiration time, the default 30 minutes or 1 hours, because sometimes migrating some very large instances, when the migration of 200G, time will exceed, when there will be token error, when the instance is discarded. Increase the length is must, here I define 1 days timeout in one of the Kxcontroller1 synchronization databases, generate the formsu-s/bin/sh-c "Keystone-manage db_sync" Keystone ---------------------------------------Modifying the httpd configuration Controller1 onvi/etc/httpd/conf/httpd.conf ServerName Controller1Change Listen This is the following line: Listen 10.40.42.1:80#与VIP监听的IP不同 Controller2 onvi/etc/httpd/conf/httpd.conf ServerName Controller2Change Listen This is the following line: Listen 10.40.42.2:80#与VIP监听的IP不同 ------------------------------------------Controller1 onvi/etc/httpd/conf.d/wsgi-keystone.conf Listen 10.40.42.1:5000Listen 10.40.42.1:35357 <virtualhost *:5000>wsgidaemonprocess keystone-public processes=5 threads=1 user=keystone group=keystone Display-name=%{GROUP}Wsgiprocessgroup keystone-publicWsgiscriptalias//usr/bin/keystone-wsgi-publicWsgiapplicationgroup%{global}wsgipassauthorization on<ifversion >= 2.4>Errorlogformat "%{cu}t%M"</IfVersion>Errorlog/var/log/httpd/keystone-error.logCustomlog/var/log/httpd/keystone-access.log Combined <Directory/usr/bin><ifversion >= 2.4>Require All granted</IfVersion><ifversion < 2.4>Order Allow,deny allow from all</IfVersion></Directory></VirtualHost> <virtualhost *:35357>wsgidaemonprocess keystone-admin processes=5 threads=1 user=keystone group=keystone Display-name=%{GROUP}Wsgiprocessgroup keystone-adminWsgiscriptalias//usr/bin/keystone-wsgi-adminWsgiapplicationgroup%{global}wsgipassauthorization on<ifversion >= 2.4>Errorlogformat "%{cu}t%M"</IfVersion>Errorlog/var/log/httpd/keystone-error.logCustomlog/var/log/httpd/keystone-access.log Combined <Directory/usr/bin><ifversion >= 2.4>Require All granted</IfVersion><ifversion < 2.4>Order Allow,deny allow from all</IfVersion></Directory></VirtualHost> Controller2 onvi/etc/httpd/conf.d/wsgi-keystone.conf Listen 10.40.42.2:5000Listen 10.40.42.2:35357 <virtualhost *:5000>wsgidaemonprocess keystone-public processes=5 threads=1 user=keystone group=keystone Display-name=%{GROUP}Wsgiprocessgroup keystone-publicWsgiscriptalias//usr/bin/keystone-wsgi-publicWsgiapplicationgroup%{global}wsgipassauthorization on<ifversion >= 2.4>Errorlogformat "%{cu}t%M"</IfVersion>Errorlog/var/log/httpd/keystone-error.logCustomlog/var/log/httpd/keystone-access.log Combined <Directory/usr/bin><ifversion >= 2.4>Require All granted</IfVersion><ifversion < 2.4>Order Allow,deny allow from all</IfVersion></Directory></VirtualHost> <virtualhost *:35357>wsgidaemonprocess keystone-admin processes=5 threads=1 user=keystone group=keystone Display-name=%{GROUP}Wsgiprocessgroup keystone-adminWsgiscriptalias//usr/bin/keystone-wsgi-adminWsgiapplicationgroup%{global}wsgipassauthorization on<ifversion >= 2.4>Errorlogformat "%{cu}t%M"</IfVersion>Errorlog/var/log/httpd/keystone-error.logCustomlog/var/log/httpd/keystone-access.log Combined <Directory/usr/bin><ifversion >= 2.4>Require All granted</IfVersion><ifversion < 2.4>Order Allow,deny allow from all</IfVersion></Directory></VirtualHost> 2 Controller service started, added to boot # Systemctl Enable Httpd.service# systemctl Start Httpd.service verify: On haproxy page http://10.40.42.10:8888/stats View 80 5000 35357 Port status forwarding succeeded
SME OpenStack Private Cloud Deployment Practice "7.2 Keystone + memcache (office environment)"