centos 6.4下openstack-grizzly安装：控制节点问题

发布时间：2016-09-12 01:52:36 所属栏目：Linux 来源：站长网

导读：参考的是官方文档，由于官方文档有些文件及步骤没有列出来，现已经补齐。经过测试没问题。备忘一下。 You need at leastthree machines, virtual or physical,

...and then to validate that these usersactually exist now:
[root@os-controller ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
guest@QPID: userPassword <--- password obscured by program
steve@QPID: userPassword <-- another I added "just to test"

There were no users listed in the SASLdbat all after my initial installation, so the QPID docs (security chapter) werequite handy:

Start the messaging service:

service qpidd start

OpenStack Identity Service

The OpenStackIdentity Service provides the cloud environment with an authentication andauthorization system. In this system, users are a part of one or more projects.In each of these projects, they hold a specific role.

Install the packages:

yum install openstack-utils openstack-keystone python-keystonepython-keystoneclient

Edit /etc/keystone/keystone.conf:

3.[DEFAULT]

4.admin_token = password

5.debug = True

6.verbose = True

8.[sql]

connection =mysql://keystone:password@localhost/keystone

Create the ssl keys:

10. keystone-manage pki_setup

chown -R keystone:keystone /etc/keystone/*

Restart Keystone and create the tables in the database:

12. service openstack-keystone restart

openstack-db --init --service keystone

spacer.gif

Note

Check the /var/log/keystone/keystone.log file for errors that would prevent the Identity Service from successfully starting.

Create an openrc file:

Create a file called ~/openrc. This file contains the OpenStack admin credentials that are used when interacting with the OpenStack environment on the command line.

·export OS_TENANT_NAME=admin

·export OS_USERNAME=admin

·export OS_PASSWORD=password

·export OS_AUTH_URL="http://localhost:5000/v2.0/"

·export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"

export OS_SERVICE_TOKEN=password

spacer.gif

Note

Best practice for bootstrapping the first administrative user is to use the OS_SERVICE_ENDPOINT and OS_SERVICE_TOKEN together as environment variables, then set up a separate RC file just for Identity administration that uses port 35357 for the OS_AUTH_URL. This example is meant to provide a quick setup, not an audit-able environment.

Source the credentials into your environment:

source ~/openrc

Configure the Bash shell to load these credentials upon each login:

echo "source ~/openrc">> ~/.bashrc

The following bash script will populate Keystone with some initial data:

Projects: admin and services

Roles: admin, Member

Users: admin, demo, nova, glance, quantum, and cinder

Services: compute, volume, image, identity, ec2, and network

15.!/bin/bash

16.

17. Modify these variables as needed