openstack keystone component deployment

1, Deployment sequence of openstack components

1. Keystone (apache) global security authentication
2. Grace provides image service
3. nova provides computing services
4. neutron provides network services

When deploying openstack components, you need to first install keystone, which is run by Apache. After installation, you can create and manage accounts, and then install glance, nova and neutron

Among them, computing service and network service are divided into management end and client end. Therefore, it is necessary to install the management end of computing service and network service on the management end of openstack, install the client end of computing service and network service on the node node creating virtual machine, and finally install dashboard service. The API s of various components of openstack are run through apache;

The management side of openstack is responsible for creating and managing the scheduling of virtual machine process

The relevant data of creating virtual machines through openstack management end will be recorded in mysql (mariadb) eventually; The node node has no permission to write data to the database, only the control end has permission, and the communication between the node node and the control end is indirect communication through rabbitmq. The node node will listen to rabbitmq, and the control end will also listen to rabbitmq. The control end sends the instruction to create the virtual machine to rabbitmq, and the node node that listens to the queue specified by rabbitmq will receive the message and create the virtual machine;

II. Component deployment

Creating databases and authorizing users

create database keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'yy2234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'yy2234';
flush privileges;

Configuring httpd apache mod_wsgi

mod_wsgi enables apache to proxy components of python programs

yum -y install openstack-keystone httpd mod_wsgi
cp -a /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_2234797257@ct/keystone accesses mysql through the pymysql module and specifies the user name, password, domain name and database name of the database
openstack-config --set /etc/keystone/keystone.conf token provider fernet appoint token The provider of the; The provider is keystone Oneself   Fernet: A secure messaging format

Initialize database

su -s /bin/sh -c "keystone-manage db_sync" keystone

Initialize the fernet key database

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
 use keystone User adoption fernet Encryption mode

Configure bootstrap authentication service

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://ct:5000/v3/ \
--bootstrap-internal-url http://ct:5000/v3/ \
--bootstrap-public-url http://ct:5000/v3/ \
--bootstrap-region-id RegionOne

When openstack is initialized, the information of the admin user of openstack will be written into the user table of mysql, and other information such as url will be written into the relevant tables of mysql;
#Admin URL is a management network (such as the openstack management network in the public cloud), which is used to manage the expansion or deletion of virtual machines; If the shared network and the management network are the same network, when the traffic is large, it will make it impossible to expand the virtual machine through the control end of openstack, so a management network is required;
#Internal URL is an internal network for data transmission, such as virtual machine access, storage and database, zookeeper and other middleware. This network can not be accessed by the external network, but can only be used for internal access of the enterprise
#Public URL is a shared network that can be accessed by users (such as public cloud) # but if there are no such networks in this environment, they share the same network
#Port 5000 is the port that keystone provides authentication
The following sections refer to the openstack multi node configuration
#You need to add a listen on the haproxy server
#The url of various networks needs to specify the domain name of the controller node, which is generally the domain name of the vip of haproxy (high availability mode)

echo "ServerName controller" >> /etc/httpd/conf/httpd.conf  to configure http The server

create profile

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/  Create a soft connection to apache Under the directory
systemctl enable httpd  Start from
systemctl start httpd   Open service

Configure administrator's environment variables

The environment variable is used to create roles and projects, but the creation of roles and projects requires authentication information. Therefore, the user name, password and other authentication information are declared through the environment variable to deceive openstack that it has logged in and passed the authentication, so that projects and roles can be created; That is to pass the authentication information of admin user to openstack for authentication by declaring environment variables, so as to realize the non interactive operation for openstack

cat >> ~/.bashrc << EOF
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_AUTH_URL=http://ct:5000/v3
source ~/.bashrc
 By configuring environment variables, you can use openstack Command to perform some operations
openstack user list  Checklist

Create openstack domain project user

openstack project create --domain default --description "Service Project" service 

Create user

openstack role create user   Create user
openstack role list  view list
openstack token issue  Check whether the list item was created successfully

report errors

View list display http500

Cause: database pointing error. The hosts file is mapped to a NET network card. The intranet network card should be mapped. First check the network configuration, and then check the environment configuration. Check whether the pointing is wrong

Keywords: Operation & Maintenance MariaDB OpenStack

Added by zsedc on Wed, 09 Feb 2022 13:18:23 +0200