OpenStack安装(二)--Keystone

作者:CasonChan     分类:云技术     时间:2014-06-06     浏览:51     评论:0 来源:博客园

Keystone(OpenStack Identity Service)是OpenStack框架中负责身份验证、服务规则和服务令牌的功能, 它实现了OpenStack的Identity API。Keystone类似于一个服务总线, 或者说是整个Openstack框架的注册器, 其他服务通过Keystone来注册其服务的Endpoint(服务访问的URL),任何服务之间相互的调用,都需要经过Keystone的身份验证, 来获得目标服务的Endpoint来找到目标服务。

 

下面开始讨论下Keystone组件的安装过程,这里我继续是在CentOS 64位系统上安装的。具体过程如下:

1、在开始安装Keystone组件前,首先需要我们安装一些将会依赖到的 lib 库:

(openstack)[root@casonchan openstack]# yum install gcc gcc-c++ make libtool patch automake libxslt-devel openssl-devel kernel-devel libudev-devel wget

2、下载Keystone源码:

(openstack)[root@casonchan openstack]# git clone git://git.openstack.org/openstack/keystone keystone

   这里我们选择的是OpenStack Havana版,因此我们需要先切换到 stable/havana 分支:

(openstack)[root@casonchan openstack]# ll
total 4
drwxr-xr-x. 13 root root 4096 Feb 18 13:19 keystone
(openstack)[root@casonchan openstack]# cd keystone/
(openstack)[root@casonchan keystone]# git checkout -b stable/havana remotes/origin/stable/havana  

    确认如下:

(openstack)[root@casonchan keystone]# git status
# On branch stable/havana
nothing to commit (working directory clean)
(openstack)[root@casonchan keystone]# 

3、安装所有依赖(包括会自动下载安装python-keystoneclient组件):

(openstack)[root@casonchan keystone]# pip install -r requirements.txt

 这步我遇到了如下两个问题:

 1)CompressionError: bz2 module is not available
        原因:安装依赖包时,通过wget自动下载下来的有tar.bz2的压缩包,而Python无法解压tar.bz2压缩包,所以需要我们首先安装相应包
        解决:首先 CentOS系统 安装bzip2以及bzip2-devel库,然后重新编译安装Python,具体步骤请参考《OpenStack安装(一)--环境准备》。不过在编译时需要加上 --with-bz2, 具体命令如下所示:  ./configure --with-bz2

2)UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 64: ordinal not in range(128)
      解决:CentOS需要事先安装libxslt-devel和libudev-devel库。(这次在步骤1里已经补充上了,呵呵)

4、开始编译安装Keystone组件:

(openstack)[root@casonchan keystone]# python setup.py install

5、在 /etc 和 /var/log 目录下分别建立keystone目录来集中放置其配置文件和log日志文件

6、将keystone源码目录下etc目录下的所有配置文件拷贝到 /etc/keystone 下,同时将 *.sample 文件去掉 .sample:

(openstack)[root@casonchan keystone]# cp etc/* /etc/keystone/

最后如下所示:

(openstack)[root@casonchan keystone]# cd /etc/keystone/
(openstack)[root@casonchan keystone]# ll
total 44
-rw-r--r-- 1 root root  1539 Feb 18 14:21 default_catalog.templates
-rw-r--r-- 1 root root 15328 Feb 18 17:21 keystone.conf
-rw-r--r-- 1 root root  2880 Feb 18 13:30 keystone-paste.ini
-rw-r--r-- 1 root root  1046 Feb 18 13:30 logging.conf
-rw-r--r-- 1 root root  5203 Feb 18 13:30 policy.json
-rw-r--r-- 1 root root  5850 Feb 18 13:30 policy.v3cloudsample.json
(openstack)[root@casonchan keystone]# 

7、修改 /etc/keystone/default_catalog.templates 文件,将localhost改成您期许的主机ip地址,默认是localhost。我这里采用了默认的localhost,具体如下所示:

(openstack)[root@casonchan keystone]# cat default_catalog.templates 
# config for TemplatedCatalog, using camelCase because I don't want to do
# translations for keystone compat
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.name = Identity Service

# fake compute service for now to help novaclient tests work
catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service

catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service

catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
catalog.RegionOne.ec2.name = EC2 Service

catalog.RegionOne.image.publicURL = http://localhost:9292/v1
catalog.RegionOne.image.adminURL = http://localhost:9292/v1
catalog.RegionOne.image.internalURL = http://localhost:9292/v1
catalog.RegionOne.image.name = Image Service
(openstack)[root@casonchan keystone]# 

8、修改 /etc/keystone/keystone.conf 配置文件,具体修改脚本如下:

    sed -i 's/# admin_token = ADMIN/admin_token = ADMIN/g' /etc/keystone/keystone.conf
    sed -i 's/# bind_host = 0.0.0.0/bind_host = 0.0.0.0/g' /etc/keystone/keystone.conf
    sed -i 's/# public_port = 5000/public_port = 5000/g' /etc/keystone/keystone.conf
    sed -i 's/# admin_port = 35357/admin_port = 35357/g' /etc/keystone/keystone.conf
    sed -i 's/# compute_port = 8774/compute_port = 8774/g' /etc/keystone/keystone.conf
    sed -i 's/# verbose = False/verbose = True/g' /etc/keystone/keystone.conf
    sed -i 's/# debug = False/debug = True/g' /etc/keystone/keystone.conf
    sed -i 's/# log_file = keystone.log/log_file = keystone.log/g' /etc/keystone/keystone.conf
    sed -i 's/# log_dir = \/var\/log\/keystone/log_dir = \/var\/log\/keystone/g' /etc/keystone/keystone.conf
    sed -i 's/# use_syslog = False/use_syslog = False/g' /etc/keystone/keystone.conf
    sed -i 's/# connection = sqlite:\/\/\/keystone.db/connection = mysql:\/\/root:123456@127.0.0.1\/keystone/g' /etc/keystone/keystone.conf
    sed -i 's/# driver = keystone.identity.backends.sql.Identity/driver = keystone.identity.backends.sql.Identity/g' /etc/keystone/keystone.conf
    sed -i 's/# driver = keystone.catalog.backends.templated.TemplatedCatalog/driver = keystone.catalog.backends.templated.TemplatedCatalog/g' /etc/keystone/keystone.conf
    sed -i 's/# template_file = default_catalog.templates/template_file = \/etc\/keystone\/default_catalog.templates/g' /etc/keystone/keystone.conf
    sed -i 's/# driver = keystone.token.backends.sql.Token/driver = keystone.token.backends.sql.Token/g' /etc/keystone/keystone.conf
    sed -i 's/# expiration = 86400/expiration = 86400/g' /etc/keystone/keystone.conf
    sed -i 's/# driver = keystone.policy.backends.sql.Policy/driver = keystone.policy.backends.sql.Policy/g' /etc/keystone/keystone.conf
    sed -i 's/# driver = keystone.contrib.ec2.backends.kvs.Ec2/driver = keystone.contrib.ec2.backends.kvs.Ec2/g' /etc/keystone/keystone.conf

9、初始化Keystone数据库:

(openstack)[root@casonchan keystone]# mysql -h127.0.0.1 -uroot -p123456 -e 'create database `keystone`'
(openstack)[root@casonchan keystone]# keystone-manage db_sync

初始化成功后,数据库表结构大致如下:

这步我同样遇到了一些问题,具体如下:

1)ImportError: No module named repoze.lru
      解决:pip install repoze.lru

10、截至到这里,Keystone组件已经成功安装了,此时可以启动Keystone组件,命令如下:

(openstack)[root@casonchan keystone]# keystone-all --config-file=/etc/keystone/keystone.conf --log-config=/etc/keystone/logging.conf &

Keystone组件成功起来后,其监听了两个端口,分别是 5000 和 35357。

11、测试下Keystone:

(openstack)[root@casonchan keystone]# curl http://localhost:5000/v2.0 | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
102   612  102   612    0     0  65314      0 --:--:-- --:--:-- --:--:--  119k
{
    "version": {
        "id": "v2.0",
        "links": [
            {
                "href": "http://localhost:5000/v2.0/",
                "rel": "self"
            },
            {
                "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/",
                "rel": "describedby",
                "type": "text/html"
            },
            {
                "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf",
                "rel": "describedby",
                "type": "application/pdf"
            }
        ],
        "media-types": [
            {
                "base": "application/json",
                "type": "application/vnd.openstack.identity-v2.0+json"
            },
            {
                "base": "application/xml",
                "type": "application/vnd.openstack.identity-v2.0+xml"
            }
        ],
        "status": "stable",
        "updated": "2013-03-06T00:00:00Z"
    }
}
(openstack)[root@casonchan keystone]# 

 

     

本文转载自:http://www.cnblogs.com/CasonChan/p/3561625.html

上一篇:Java从控制台接受输入字符

下一篇:继续寻找app开发的技术方案


0 评论

查看所有评论

给个评论吧