openstack controller ha测试环境搭建记录（六）——配置keystone

标签：

在所有节点的hosts文件添加：
10.0.0.10 myvip


在所有节点安装
# yum install -y openstack-keystone python-keystoneclient
# yum install -y openstack-utils


在所有节点设置keystone.conf文件使用mysql集群地址：
# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123456@myvip/keystone


在mysql中创建keystone用户：
# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘123456‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘123456‘;
MariaDB [(none)]> exit


为keystone创建一系列表：
# su -s /bin/sh -c "keystone-manage db_sync" keystone


在所有节点设置keystone.conf文件中的token：
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
de0ae6fc7397dd76dfb5
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token de0ae6fc7397dd76dfb5


在节点1创建keystone密钥：
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl


在节点1拷贝至其它节点并解压：
# cd /etc/keystone
# tar -cf keystonessl.tar ssl
# scp keystonessl.tar root@controller2:/etc/keystone
# scp keystonessl.tar root@controller3:/etc/keystone
# rm -f keystonessl.tar

在其它节点解压：
# cd /etc/keystone
# tar -xf keystonessl.tar
# rm -f keystonessl.tar


在所有节点设置keystone服务开机启动：
# systemctl enable openstack-keystone.service
# systemctl start openstack-keystone.service


在所有节点设置token两小时自动过期：
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo ‘@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1‘ >> /var/spool/cron/keystone


在节点1设置环境变量：
# export OS_SERVICE_TOKEN=de0ae6fc7397dd76dfb5
# export OS_SERVICE_ENDPOINT=http://controller1:35357/v2.0


在节点1创建相关用户、角色、租户、服务等：
# keystone user-create --name=admin --pass=123456
# keystone role-create --name=admin
# keystone role-create --name=_member_
# keystone tenant-create --name=admin --description="Admin Tenant"
# keystone user-role-add --user=admin --tenant=admin --role=admin
# keystone user-role-add --user=admin --role=_member_ --tenant=admin
# keystone user-create --name=demo --pass=123456
# keystone tenant-create --name=demo --description="Demo Tenant"
# keystone user-role-add --user=demo --role=_member_ --tenant=demo
# keystone tenant-create --name=service --description="Service Tenant"
# keystone service-create --name=keystone --type=identity --description="OpenStack Identity"


endpoint设置成VIP：
# keystone endpoint-create \
  --service-id=$(keystone service-list | awk ‘/ identity / {print $2}‘) \
  --publicurl=http://myvip:5000/v2.0 \
  --internalurl=http://myvip:5000/v2.0 \
  --adminurl=http://myvip:35357/v2.0


为防止keystone绑定地址与haproxy冲突，为各节点设置绑定地址：
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_bind_host controller1
# openstack-config --set /etc/keystone/keystone.conf DEFAULT public_bind_host controller1
# systemctl restart openstack-keystone.service


在所有节点编辑haproxy.cfg添加以下内容：
# vi /etc/haproxy/haproxy.cfg
listen keystone_admin_cluster
  bind 10.0.0.10:35357
  balance  source
  option  tcpka
  option  httpchk
  option  tcplog
  server controller1 10.0.0.14:35357 check inter 2000 rise 2 fall 5
  server controller2 10.0.0.12:35357 check inter 2000 rise 2 fall 5
  server controller3 10.0.0.13:35357 check inter 2000 rise 2 fall 5

listen keystone_public_internal_cluster
  bind 10.0.0.10:5000
  balance  source
  option  tcpka
  option  httpchk
  option  tcplog
  server controller1 10.0.0.14:5000 check inter 2000 rise 2 fall 5
  server controller2 10.0.0.12:5000 check inter 2000 rise 2 fall 5
  server controller3 10.0.0.13:5000 check inter 2000 rise 2 fall 5



查看haproxy资源当前在哪个节点：
# crm_mon


重启资源所在节点的haproxy服务：
# systemctl restart haproxy.service
# systemctl status -l haproxy.service


在所有节点，下载ocf资源定义：
# mkdir -p /usr/lib/ocf/resource.d/openstack
# cd /usr/lib/ocf/resource.d/openstack
# wget https://git.openstack.org/cgit/openstack/openstack-resource-agents/plain/ocf/keystone
# chmod a+rx *


在任意节点，使用“crm configure”命令添加keystone资源：
# crm configure primitive p_keystone ocf:openstack:keystone params config="/etc/keystone/keystone.conf" os_password="123456" os_username="admin" os_tenant_name="admin" os_auth_url="http://myvip:5000/v2.0/" op monitor interval="30s" timeout="30s"

openstack controller ha测试环境搭建记录（六）——配置keystone

标签：

原文地址：http://www.cnblogs.com/endoresu/p/5043491.html