반응형
설치 작업을 위하여 임시로 환경 변수를 설정한 작업을 진행한다.
- DB_USER="root"
- DB_PASSWD="root.123"
1) DB 생성
## DB 생성 전 확인
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} -e " show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
## DB 생성
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} -e "create database keystone;"
## DB생성 후 확인
[rootbcontroller ~]# mysql -u${DB_USER} -p${DB_PASSWD} -e " show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
2) DB 권한 설정
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone.123';"
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone.123';"
##권한 설정 후 확인
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} mysql -e "select Host,User,Password from user where User='keystone';"
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | keystone | *7EFEFF4FE203219F527165E70032E6F7E6 |
| % | keystone | *7EFEFF4FE203219F527165E70032E6F7E6 |
+-----------+----------+-------------------------------------------+
3) PKG 설치
[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi
4) config 설정
- 원본 파일을 백업한다.
필자의 경우 파일 명을 변경 후 주석된 부분을 제외하고 작업하기 위하여 파일을 변경하였다.
[root@controller ~]#mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.orig
- config를 수정한다.
####파일명 변경 후 주석된 부분을 제외하여 원래 파일명으로 리다이렉션 하는 명령이다.
[root@controller ~]# cat /etc/keystone/keystone.conf.orig | grep -Ev "^#|^$" | sed -e "s/^\[/\n\[/g" > /etc/keystone/keystone.conf
[root@controller ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:keystone.123@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
5) keystone DB내 table 생성
## Table 생성 전 확인
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} keystone -e "show tables;"
## Table 생성 : 생성 시 별도의 출력이 없다.
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
## 생성 후 확인
[root@controller ~]# mysql -u${DB_USER} -p${DB_PASSWD} keystone -e "show tables;"
+------------------------------------+
| Tables_in_keystone |
+------------------------------------+
| access_rule |
| access_token |
| application_credential |
| application_credential_access_rule |
| application_credential_role |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| limit |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| project_option |
| project_tag |
| region |
| registered_limit |
| request_token |
| revocation_event |
| role |
| role_option |
| sensitive_config |
| service |
| service_provider |
| system_assignment |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |
+------------------------------------+
[root@ibcontroller ~]#
6) fernet key 등록
### 아래 명령어 실행 후 별도의 출력은 없다.
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[rootbcontroller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
7) bootstrap 설정
[root@controller ~]# keystone-manage bootstrap --bootstrap-password admin.123 \
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
8) HTTP server config 수정 및 링크 설정
## http.conf 에 "ServerName" 필드가 있을 경우 수정을하고 없을 경우 추가 한다.
[root@controller ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
## 소프트 링크 설정
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
9) Daemon 실행
[root@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 금 2019-11-01 11:18:31 KST; 7s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 31218 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─31218 /usr/sbin/httpd -DFOREGROUND
├─31219 (wsgi:keystone- -DFOREGROUND
├─31220 (wsgi:keystone- -DFOREGROUND
├─31221 (wsgi:keystone- -DFOREGROUND
├─31222 (wsgi:keystone- -DFOREGROUND
├─31223 (wsgi:keystone- -DFOREGROUND
├─31224 /usr/sbin/httpd -DFOREGROUND
├─31225 /usr/sbin/httpd -DFOREGROUND
├─31226 /usr/sbin/httpd -DFOREGROUND
├─31227 /usr/sbin/httpd -DFOREGROUND
└─31228 /usr/sbin/httpd -DFOREGROUND
11월 01 11:18:31 controller systemd[1]: Starting The Apache HTTP Server...
11월 01 11:18:31 controller systemd[1]: Started The Apache HTTP Server.
[root@ibcontroller ~]#
10) openstack admin 환경파일 생성
## .bashrc 환경 파일에 프롬프트 옵션을 추가 한다.
[root@controller ~]# vi .bashrc
PS1='[\u@\h \W]\[\033[01;34m\]\[\033[00m\]\$ '
## openstack을 ClI로 사용하기 위해 환경변수 파일을 생성한다.
[root@ibcontroller ~]# cat admin-openrc
user_openrc="admin-openrc"
PS1='[\u@\h \W] (${user_openrc}):\[\033[01;34m\]\w\[\033[00m\]\$ ' ##프롬프트 부분은 제외해도 상관없다.
export OS_USERNAME=admin
export OS_PASSWORD=admin.123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
11) Domain list 확인
[root@ibcontroller ~] (admin-openrc):~# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
만약 Domain 없거나 다른 Domain으로 사용하고 싶을 경우 아래 명령어를 이용하여 생성한다.
Example # openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
12)Project 생성
### Openstack admin환경변수 파일을 읽어 들인다.
[root@controller ~]# source admin-openrc
## Service project를 생성한다.
[root@controller ~] (admin-openrc):~# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 9e7038df87eb40ab9f7c2aa28742fd2c |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
13) Demo project 생성
: Admin계정이 아닌 서비스 용도의 프로젝트를 생성한다.
[root@controller ~] (admin-openrc):~# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 614b89cf18964ae9be9c313c22ec97b0 |
| is_domain | False |
| name | demo |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
14) demo계정으로 생성한다.
[root@controller ~] (admin-openrc):~# openstack user create --domain default --password demo.123 demo
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3b41622c813948368da3bc45cf9a620a |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
15) user용 role을 생성한다.
[root@controller ~] (admin-openrc):~# openstack role create demorole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 38f09d283b7e42a09d2d85d80a832cce |
| name | demorole |
| options | {} |
+-------------+----------------------------------+
## user라는 role 이 없을 경우 문제가 될 경우가 있어 사전에 만들어 준다. (꼭 생성할 필요는 없다)
[root@controller ~] (admin-openrc):~# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 3ebb2f627b2c4d1ea82740aeadf8f045 |
| name | user |
| options | {} |
+-------------+----------------------------------+
16) 생성한 계정에 role을 반영한다.
[root@controller ~] (admin-openrc):~# openstack role add --project demo --user demo demorole
## user role을 만들지 않았을 경우 생략해도 된다.
[root@controller ~] (admin-openrc):~# openstack role add --project demo --user demo user
설정 확인
[root@controller ~] (admin-openrc):~# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~] (admin-openrc):~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password: ADMIN_PW_입력
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-11-01T03:52:54+0000 |
| id | gAAAAABdu54GcBgp1M3h56b3G8KQ2B1-UHFuVX3SF7GjkdQusVMun8KhvvyxkyAKNQ9d87yz6CB3iryocfI8XGNNAoQuSh1jmuxPJuLOwLasjWkakrBKUrrfiWzV5XIgcy8WBex_RWJb1FEzf16dNFKna8GfhvcggwdrYGIoB3Mb86ZVMTL4gok |
| project_id | b299ad398d134dbc8e9436215e968e0a |
| user_id | 711f898b0a16432e87c07c6f66b510ea |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~] (admin-openrc):~# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password: DEMO_PW_입력
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-11-01T03:54:28+0000 |
| id | gAAAAABdu55kuPFlYNun_JpK9zrq-KJU7CZYbMX9kuAZAplh2-EHZzZZfaXT2npIDxvfEDSoA77Wi-xt60Ff2NZ-4Jph2JeiHrKvZtcB28veM21APSzqm255B-K_EgASJrJCFnql1-zUvcEX1I7JTYCgTmMB9wmT1w48SmtKtH92JASV4DGsRUw |
| project_id | 614b89cf18964ae9be9c313c22ec97b0 |
| user_id | 3b41622c813948368da3bc45cf9a620a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
반응형
'IT > Openstack' 카테고리의 다른 글
[Openstack - Train] Centos에 설치하기(4) - Placement (0) | 2019.11.04 |
---|---|
[Openstack - Train] Centos에 설치하기(3) - Glance (Image service) (0) | 2019.11.04 |
[Openstack - Train] Centos에 설치하기(1) - etcd설정 (0) | 2019.10.31 |
[Openstack - Train] Centos에 설치하기(1) - Memcached 설정 (0) | 2019.10.31 |
[Openstack - Train] Centos에 설치하기(1) - Rabbitmq 설정 (0) | 2019.10.31 |