1、数据库初始化

1.1、安装数据库

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y

[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 192.168.1.8

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

修改密码

[root@controller ~]# mysql_secure_installation

1.2、创建数据库

所有数据库用户名都是对应数据库名，密码都是123456，可以根据需要自定义，自己要牢记。

使用数据库访问客户端以root用户身份连接到数据库服务器：

[root@controller ~]# mysql -u root -p

CREATE DATABASE keystone;

CREATE DATABASE glance;

CREATE DATABASE placement;

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';

2、安装Keystone身份服务

2.1、安装软件包和配置

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

[root@controller ~]# vi /etc/keystone/keystone.conf

[DEFAULT]

[application_credential]

[assignment]

[auth]

[cache]

[catalog]

[cors]

[credential]

[database]

connection = mysql+pymysql://keystone:123456@controller/keystone

[domain_config]

[endpoint_filter]

[endpoint_policy]

[eventlet_server]

[federation]

[fernet_receipts]

[fernet_tokens]

[healthcheck]

[identity]

[identity_mapping]

[jwt_tokens]

[ldap]

[memcache]

[oauth1]

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_middleware]

[oslo_policy]

[policy]

[profiler]

[receipt]

[resource]

[revoke]

[role]

[saml]

[security_compliance]

[shadow_users]

[token]

provider = fernet

[tokenless_auth]

[totp]

[trust]

[unified_limit]

[wsgi]

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

创建管理用户，123456为密码

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

修改httpd配置文件

[root@controller ~]# vi /etc/httpd/conf/httpd.conf

...

ServerName controller

检查/etc/httpd/conf.d/wsgi-keystone.conf文件是否存在，如果不存在

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

开启httpd服务并设置开机自启

[root@controller ~]# systemctl enable httpd.service

[root@controller ~]# systemctl start httpd.service

配置环境变量

[root@controller ~]# export OS_USERNAME=admin

[root@controller ~]# export OS_PASSWORD=123456

[root@controller ~]# export OS_PROJECT_NAME=admin

[root@controller ~]# export OS_USER_DOMAIN_NAME=Default

[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default

[root@controller ~]# export OS_AUTH_URL=http://controller:5000/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

创建服务、用户、角色等

[root@controller ~]# openstack domain create --description "An Example Domain" example

[root@controller ~]# openstack project create --domain default --description "Service Project" service

[root@controller ~]# openstack project create --domain default --description "Demo Project" myproject

下面这步会让输入和确认密码，记住密码，本次密码使用123456

[root@controller ~]# openstack user create --domain default --password-prompt myuser

[root@controller ~]# openstack role create myrole

[root@controller ~]# openstack role add --project myproject --user myuser myrole

2.2、验证

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

2.3、添加环境变量脚本

[root@controller ~]# vi admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123456

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@controller ~]# vi demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

#添加用户设置的密码

export OS_PASSWORD=123456

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

验证

[root@controller ~]# . admin-openrc

[root@controller ~]# openstack token issue

输出正常不报错即可