YUMSERV
Published 2020. 9. 17. 21:04
[Victoria] Keystone 설치 OpenStack
반응형

* Keystone을 설치하기 전, 사전 설치 작업을 먼저 진행 후, 아래내용을 진행해야 합니다.

 

[Openstack 설치 글]

[CLOUD/OpenStack] - Openstack-Victoria설치(사전작업)

[CLOUD/OpenStack] - [Victoria] Keystone 설치

[CLOUD/OpenStack] - [Victoria] Glance 설치

[CLOUD/OpenStack] - [Victoria] Nova 설치

[CLOUD/OpenStack] - [Victoria] Horizon 설치

[CLOUD/OpenStack] - [Victoria] Neutron 설치             

[CLOUD/OpenStack] - [Victoria] Cinder 설치

 

 

* keystone 설치는 Controller 노드에서 진행합니다.

 

1. 데이터 베이스 생성

root@controller:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.
Commands end with ; or \g.
Your MariaDB connection id is 64 Server version: 10.3.25-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)

 

 

2. 패키지 설치 및 설정

root@controller:~# apt-get -y install keystone python3-openstackclient apache2 libapache2-mod-wsgi-py3 python3-oauth2client 

root@controller:~# vi /etc/keystone/keystone.conf
[DEFAULT]
log_dir = /var/log/keystone

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]
provider = fernet

 

 

keystone DB데이터들을 넣어줍니다.

root@controller:~# su -s /bin/bash keystone -c "keystone-manage db_sync"

 

 

keystone-manage를 이용하여 Fernet 키 저장소를 초기화합니다

root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone root@controller:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

keystone-manage bootstrap을 사용해, 사용자, 프로젝트, 역할을 생성하고, 새로 생성된 프로젝트 사용자에게 부여합니다.

root@controller:~# keystone-manage bootstrap --bootstrap-password ADMIN_PASS\
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id Region01

Keystone 에서 사용하는 포트 : tcp/5000 tcp/35357 포트를 방화벽에서 열어주어야 합니다.

 

 

 

3. Apache 웹 서버 설정

root@controller:~# vi /etc/apache2/apache2.conf
ServerName controller

root@controller:~# systemctl restart apache2

 

 

4. 관리 계정을 구성합니다. (환경변수)

root@controller:~# vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_AUTH_TYPE=password


root@controller:~# source admin-openrc

 

테스트를 위해 admin 환경에서 token을 발행하면 생성된다.

root@controller:~# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-04-29T13:33:24+0000 |
| id | gAAAAABgiqeU92VGxc5lbJf_hJAvonXfOUMs4AKYscaVi7cW0VUMeA7MQPM33Fnb_SzM97zC15OI9kEtbqWTKBSf3IaQ150QIaothJx2SsTY6JFLhiK0wCFm_zRcKZCIItiK8CXBf-0tSmkpdi2BZnfOSwpsIEBivGJZV4Xokp6MtMSRYSSLbUs |
| project_id | 21c9897cb20047b8a781baeccf08f67b |
| user_id | 5d1318ba0484483a809ffc02f2808bff |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

만약 생성되지 않는다면, /var/log/keystone/keystone.log 를 확인해보자.

 

 

 

5. 프로젝트, 사용자, 역할 생성하기

root@controller:~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 403d041d31534b329c8dfc73a0c2584b |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+


root@controller:~# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 21c9897cb20047b8a781baeccf08f67b | admin |
| 403d041d31534b329c8dfc73a0c2584b | service |
+----------------------------------+---------+

 

 

반응형
저작자표시

'OpenStack' 카테고리의 다른 글

[Victoria] Glance 설치  (0) 2020.09.20
[정리] Glance 이론  (0) 2020.09.20
[정리] KeyStone 이론  (0) 2020.09.15
Openstack-Victoria설치(사전작업)  (0) 2020.09.14
OpenStack 개요  (0) 2020.08.30
profile

YUMSERV

@lena04301

포스팅이 좋았다면 "좋아요❤️" 또는 "구독👍🏻" 해주세요!

검색 태그

check_nrpe
원격접속
uptimekuma
datadog private endpoints
python-rados
telegram
Slack
싱글모드
ceph-crash
GitHub
윈도우
kubernetes
리눅스
jenkins
Grafana
docker
prometheus
linux
cross-account
ceph
centOS7
nagios
centOS
ubuntu
OS설치
패스워드변경
MySQL
Apache
zabbix
ceph-ansible

티스토리툴바