yum
: # yum install openstack-utils openstack-keystone python-keystoneclient
mysql
: # yum install mysql mysql-server MySQL-python
mysqld
venga avviato di default al riavvio del server ed avviare il servizio: # chkconfig mysqld on # service mysqld start
root
: # mysqladmin -u root password *******
/var/lib/keystone/keystone.db
(cioè il DB sqlite). Verrà utilizzato MySQL che permette a più Keystone di utilizzare lo stesso DB e al DB stesso di essere replicato utilizzando le feature di MySQL.
# openstack-db --init --service keystone
/etc/keystone/keystone.conf
che esista una riga del tipo: connection = mysql://keystone:keystone@hostname1.domain/keystoneNota bene: in
keystone:keystone
il primo keystone è il nome utente, il secondo è la password. Utilizzando il comando openstack-db --init --service keystone
per l'inizializzazione del DB keystone verranno utilizzati quei valori di default.
admin_token
contenuto all'interno del file /etc/keystone/keystone.conf
, attraverso il comando: # openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $(openssl rand -hex 10)
# chkconfig openstack-keystone on # service openstack-keystone restart
# keystone-manage db_sync
# export ADMIN_TOKEN=<ADMIN_TOKEN_VALUE> export OS_USERNAME=adminUser export OS_PASSWORD=<PASSWORD> export OS_TENANT_NAME=adminTenant export ENDPOINT=http://openstack-01.cnaf.infn.it:35357/v2.0/ export OS_AUTH_URL=http://openstack-01.cnaf.infn.it:5000/v2.0/Dove <ADMIN_TOKEN_VALUE> è il valore del parametro
admin_token
contenuto nel file /etc/keystone/keystone.conf
.
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name adminTenant --description "Admin Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | db2cf825309c49989595fc2ff915dc7e | | name | adminTenant | +-------------+----------------------------------+ export ADMIN_TENANT_ID=db2cf825309c49989595fc2ff915dc7e
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $ADMIN_TENANT_ID --name $OS_USERNAME --pass $OS_PASSWORD --enabled true +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 7d6a3a42c37948b88e2fa692b63587cd | | name | adminUser | | password | $6$rounds=40000$NxZyxUfO8VRj3gR.$zt9GJKwMDOUMDHCMhqAqJje3JAJmqqTXADZkXll.usGHEsEpAMgKsnZEfF0itF75ooyY1/tjxXBJq9MaQXnfo. | | tenantId | db2cf825309c49989595fc2ff915dc7e | +----------+-------------------------------------------------------------------------------------------------------------------------+Dove <ADMIN_TENANT_ID> è l'ID del tenant appena creato, mentre <ADMIN_PASSWORD> è la password scelta per l'utente "adminUser".
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 2f196d11ff954c67befc3f190195f47c | | name | admin | +----------+----------------------------------+ # export ADMIN_ROLE_ID=2f196d11ff954c67befc3f190195f47c
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $ADMIN_USER_ID --tenant_id $ADMIN_TENANT_ID --role_id $ADMIN_ROLE_ID
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name service --description "Service Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 73016aa2c9ca4aeba3736cf44cc8433b | | name | service | +-------------+----------------------------------+ # export SERVICE_TENANT_ID=73016aa2c9ca4aeba3736cf44cc8433b
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name glance --pass <GLANCE_PASSWORD> --enabled=true +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 90ee5ac051eb4d1eaa543243987968a6 | | name | glance | | password | $6$rounds=40000$LApm.pXGC43cDMhN$J1mDpXad5r2YYNoMKK/P5t0VwXQidKauP/oHaVH5Nm9E7zGQLYamwa1Xxvh0FRcjOvhDtTSZ97CToKV6pWFPA1 | | tenantId | 73016aa2c9ca4aeba3736cf44cc8433b | +----------+-------------------------------------------------------------------------------------------------------------------------+ export GLANCE_USER_ID=90ee5ac051eb4d1eaa543243987968a6Dove <GLANCE_PASSWORD> è la password che si desidera associare all'utente del servizio Glance.
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $GLANCE_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_ID
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name nova --pass <NOVA_PASSWORD> --enabled true +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 9b2d55e2f8164be5a9805a39588f4659 | | name | nova | | password | $6$rounds=40000$jAXTAHvAnF4MBz7O$pr99MMc4gpfOOlYDO7dTTCy7Ai.XZ72P1GbMXHpj1ri7s9qIdnE67QPDkkfynEUyHXBNsrnsnHzmF9fvGo66r1 | | tenantId | 73016aa2c9ca4aeba3736cf44cc8433b | +----------+-------------------------------------------------------------------------------------------------------------------------+ export NOVA_USER_ID=9b2d55e2f8164be5a9805a39588f4659
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $NOVA_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_IDNota bene: non viene visualizzato nulla se il comando ha successo.
/etc/keystone/keystone.conf
contenga la seguente riga: [catalog] driver = keystone.catalog.backends.sql.Catalog
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=keystone --type=identity --description="Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | c2b7f0514dde412ea6c1fccac6437bb7 | | name | keystone | | type | identity | +-------------+----------------------------------+ export KEYSTONE_SERVICE_ID=c2b7f0514dde412ea6c1fccac6437bb7 export KEYSTONE5000=http://openstack-01.cnaf.infn.it:5000/v2.0
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$KEYSTONE_SERVICE_ID --publicurl=$KEYSTONE5000 --internalurl=$KEYSTONE5000 --adminurl=$ENDPOINT +-------------+----------------------------------------------+ | Property | Value | +-------------+----------------------------------------------+ | adminurl | http://openstack-01.cnaf.infn.it:35357/v2.0/ | | id | 93c84640b7384911afdd27dda19ea69c | | internalurl | http://openstack-01.cnaf.infn.it:5000/v2.0 | | publicurl | http://openstack-01.cnaf.infn.it:5000/v2.0 | | region | RegionOne | | service_id | c2b7f0514dde412ea6c1fccac6437bb7 | +-------------+----------------------------------------------+
%(tenant_id)s
ed i singoli apici che racchiudono i valori di publicurl
, internalurl
e adminurl
devono essere digitati esattamente come mostrato sia per l'endpoint compute che per l'endpoint volume e l'endpoint object storage (paragrafi successivi).
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=nova --type=compute --description="Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | id | 5bfe94c4ff80410ab60b635cc99e2476 | | name | nova | | type | compute | +-------------+----------------------------------+ export NOVA_COMPUTE_SERVICE_ID=5bfe94c4ff80410ab60b635cc99e2476
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$NOVA_SERVICE_ID --publicurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8774/v2/%(tenant_id)s' --internalurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8774/v2/%(tenant_id)s' --adminurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8774/v2/%(tenant_id)s' +-------------+--------------------------------------------------------+ | Property | Value | +-------------+--------------------------------------------------------+ | adminurl | http://openstack-01.cnaf.infn.it:8774/v2/%(tenant_id)s | | id | 6168989f6fd2429d8f15d62c940a2fc2 | | internalurl | http://openstack-01.cnaf.infn.it:8774/v2/%(tenant_id)s | | publicurl | http://openstack-01.cnaf.infn.it:8774/v2/%(tenant_id)s | | region | RegionOne | | service_id | 5bfe94c4ff80410ab60b635cc99e2476 | +-------------+--------------------------------------------------------+Dove <CLOUD_CONTROLLER_HOSTNAME> è l'hostname del Cloud Controller (Nova). Nel nostro caso è "openstack-01.cnaf.infn.it".
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=volume --type=volume --description="Nova Volume Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Volume Service | | id | f99ba2241e014295aa3ecfcda6633100 | | name | volume | | type | volume | +-------------+----------------------------------+ export NOVA_VOLUME_SERVICE_ID=f99ba2241e014295aa3ecfcda6633100
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$NOVA_VOLUME_SERVICE_ID --publicurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8776/v1/%(tenant_id)s' --internalurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8776/v1/%(tenant_id)s' --adminurl='http://<CLOUD_CONTROLLER_HOSTNAME>:8776/v1/%(tenant_id)s' +-------------+--------------------------------------------------------+ | Property | Value | +-------------+--------------------------------------------------------+ | adminurl | http://openstack-01.cnaf.infn.it:8776/v1/%(tenant_id)s | | id | 78b405450a5d432b8a4c61bc1abc52d9 | | internalurl | http://openstack-01.cnaf.infn.it:8776/v1/%(tenant_id)s | | publicurl | http://openstack-01.cnaf.infn.it:8776/v1/%(tenant_id)s | | region | RegionOne | | service_id | f99ba2241e014295aa3ecfcda6633100 | +-------------+--------------------------------------------------------+Dove <CLOUD_CONTROLLER_HOSTNAME> è l'hostname del Cloud Controller (Nova). Nel nostro caso è "openstack-01.cnaf.infn.it".
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=glance --type=image --description="Glance Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Glance Image Service | | id | 6c02494e7a534c91a7a01228a4093e63 | | name | glance | | type | image | +-------------+----------------------------------+ export GLANCE_IMAGE_SERVICE_ID=6c02494e7a534c91a7a01228a4093e63
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$GLANCE_IMAGE_SERVICE_ID --publicurl=http://<GLANCE_SERVER_HOSTNAME>:9292/v1 --internalurl=http://<GLANCE_SERVER_HOSTNAME>:9292/v1 --adminurl=http://<GLANCE_SERVER_HOSTNAME>:9292/v1 +-------------+------------------------------------------+ | Property | Value | +-------------+------------------------------------------+ | adminurl | http://openstack-01.cnaf.infn.it:9292/v1 | | id | 2251cae28faf450a8f86292a237e4fcf | | internalurl | http://openstack-01.cnaf.infn.it:9292/v1 | | publicurl | http://openstack-01.cnaf.infn.it:9292/v1 | | region | RegionOne | | service_id | 6c02494e7a534c91a7a01228a4093e63 | +-------------+------------------------------------------+ Dove <GLANCE_SERVER_HOSTNAME> è l'hostname del server sui è installato il servizio Glance. Nel nostro caso è "openstack-01.cnaf.infn.it".
yum
e lanciare il seguente comando per listare le informazioni inserite in Keystone: [root@clstr-09 ~]# keystone tenant-list +----------------------------------+-------------+---------+ | id | name | enabled | +----------------------------------+-------------+---------+ | 8f74bb88623e41619a4c020baed3caa0 | adminTenant | True | | d6e9133d43b5440eae0db744c00bbca7 | service | True | +----------------------------------+-------------+---------+ [root@clstr-09 ~]# keystone user-list +----------------------------------+-----------+---------+-------+ | id | name | enabled | email | +----------------------------------+-----------+---------+-------+ | 30fc09b098b0451f8ec3861cf96f3422 | nova | True | | | 71228944d88b477188528c47942bcdb8 | adminUser | True | | | 7f3e370e94b54d8fa6ddbb02d5903f43 | glance | True | | +----------------------------------+-----------+---------+-------+ [root@clstr-09 ~]# keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | 11279e60f5054500a1a0a4ea99016721 | glance | image | Glance Image Service | | 25197e8149da4bc199fc3e8476f4c5ba | volume | volume | Nova Volume Service | | 990589efda944f379888edc97f17cb75 | keystone | identity | Keystone Identity Service | | dbe9d50403c541f9b277e1c26b6e7946 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ [root@clstr-09 ~]# keystone endpoint-list +----------------------------------+-----------+----------------------------------------------------+----------------------------------------------------+----------------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+----------------------------------------------------+----------------------------------------------------+----------------------------------------------------+----------------------------------+ | 20fef2ceae314842aade705eb6c3ed17 | RegionOne | http://clstr-09.cnaf.infn.it:8774/v2/%(tenant_id)s | http://clstr-09.cnaf.infn.it:8774/v2/%(tenant_id)s | http://clstr-09.cnaf.infn.it:8774/v2/%(tenant_id)s | dbe9d50403c541f9b277e1c26b6e7946 | | 8868e9748ad4481cac64ab0e3d33e614 | RegionOne | http://clstr-09.cnaf.infn.it:8776/v1/%(tenant_id)s | http://clstr-09.cnaf.infn.it:8776/v1/%(tenant_id)s | http://clstr-09.cnaf.infn.it:8776/v1/%(tenant_id)s | 25197e8149da4bc199fc3e8476f4c5ba | | 8953d51657d8482a9037671db111f718 | RegionOne | http://clstr-09.cnaf.infn.it:5000/v2.0 | http://clstr-09.cnaf.infn.it:5000/v2.0 | http://clstr-09.cnaf.infn.it:35357/v2.0/ | 990589efda944f379888edc97f17cb75 | +----------------------------------+-----------+----------------------------------------------------+----------------------------------------------------+----------------------------------------------------+----------------------------------+ [root@clstr-09 ~]# keystone catalog Service: volume +-------------+-----------------------------------------------------------------------+ | Property | Value | +-------------+-----------------------------------------------------------------------+ | adminURL | http://clstr-09.cnaf.infn.it:8776/v1/8f74bb88623e41619a4c020baed3caa0 | | id | 8868e9748ad4481cac64ab0e3d33e614 | | internalURL | http://clstr-09.cnaf.infn.it:8776/v1/8f74bb88623e41619a4c020baed3caa0 | | publicURL | http://clstr-09.cnaf.infn.it:8776/v1/8f74bb88623e41619a4c020baed3caa0 | | region | RegionOne | +-------------+-----------------------------------------------------------------------+ Service: compute +-------------+-----------------------------------------------------------------------+ | Property | Value | +-------------+-----------------------------------------------------------------------+ | adminURL | http://clstr-09.cnaf.infn.it:8774/v2/8f74bb88623e41619a4c020baed3caa0 | | id | 20fef2ceae314842aade705eb6c3ed17 | | internalURL | http://clstr-09.cnaf.infn.it:8774/v2/8f74bb88623e41619a4c020baed3caa0 | | publicURL | http://clstr-09.cnaf.infn.it:8774/v2/8f74bb88623e41619a4c020baed3caa0 | | region | RegionOne | +-------------+-----------------------------------------------------------------------+ Service: identity +-------------+------------------------------------------+ | Property | Value | +-------------+------------------------------------------+ | adminURL | http://clstr-09.cnaf.infn.it:35357/v2.0/ | | id | 8953d51657d8482a9037671db111f718 | | internalURL | http://clstr-09.cnaf.infn.it:5000/v2.0 | | publicURL | http://clstr-09.cnaf.infn.it:5000/v2.0 | | region | RegionOne | +-------------+------------------------------------------+
![]() |
![]() |
|
![]() |
|
![]() |