Keystone 설치
페이지 정보
작성자 IaaSM 작성일 21-01-27 15:22 조회 7,319 댓글 0본문
Keystone은 OpenStack에서 인증 서비스를 구성하고 있습니다.
- 오픈스택의 서비스 및 자원을 사용하기 위해 필요한 인증 관리 서비스입니다.
구성방법
- 해당 구성은 테스트 서버에서 구성한 내용입니다
--------------------------------------------------------------------
- controler 설정
1. Keystone 유저와 DB를 생성합니다
# mysql -u root -p
MariaDB> create database keystone;
MariaDB> grant all privileges on keystone.* to keystone@'localhost' identified by '111111';
MariaDB> grant all privileges on keystone.* to keystone@'%' identified by '111111';
MariaDB> flush privileges;
MariaDB> exit;
2. Keystone을 설치합니다
# dnf --enablerepo=centos-openstack-ussuri,epel,powertools -y install openstack-keystone python3-openstackclient httpd mod_ssl python3-mod_wsgi python3-oauth2client
# keystone 및 관련 모듈을 설치합니다.
# vi /etc/keystone/keystone.conf
[cache]
memcache_servers = controller:11211
[database]
connection = mysql+pymysql://keystone:111111@controller/keystone
[token]
provider = fernet
# su -s /bin/bash keystone -c "keystone-manage db_sync"
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# Keystone DB를 임포트 시킵니다.
# keystone-manage bootstrap --bootstrap-password 111111 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
# setsebool -P httpd_use_openstack on
# setsebool -P httpd_can_network_connect on
# setsebool -P httpd_can_network_connect_db on
# vi keystone-httpd.te
module keystone-httpd 1.0;
require {
type httpd_t;
type keystone_log_t;
class file create;
class dir { add_name write };
}
#============= httpd_t ==============
allow httpd_t keystone_log_t:dir { add_name write };
allow httpd_t keystone_log_t:file create;
# checkmodule -m -M -o keystone-httpd.mod keystone-httpd.te
# semodule_package --outfile keystone-httpd.pp --module keystone-httpd.mod
# semodule -i keystone-httpd.pp
# firewall-cmd --add-port=5000/tcp --permanent
# firewall-cmd --reload
# 방화벽 및 SELinux를 설정합니다.
# vi /etc/httpd/conf/httpd.conf
ServerName controller:80
# ServerName을 추가합니다.
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# systemctl enable --now httpd
# httpd 서비스를 등록합니다.
3. Keystone Project 생성
# vi ~/admin_key
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=111111
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W~(keystone)]\$ '
# chmod 600 ~/admin_key
# source ~/admin_key
# echo "source ~/admin_key " >> ~/.bash_profile
# keystone 인증파일 생성 후 시작시 등록되게 등록시킵니다.
# openstack project create --domain default --description "Service Project" service
+-------------------+-----------------------------------+
| Field | Value |
+-------------------+-----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 08218a458b224d49b23f68befab3d325 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------------+-----------------------------------+
# openstack project list
+-------------------+-------------------------------------------------------------+
| ID | Name |
+-------------------+-------------------------------------------------------------+
| 08218a458b224d49b23f68befab3d325 | service |
| 81843a3aae824a5fbe0f6730ff229c11 | admin |
+-------------------+-------------------------------------------------------------+
- 오픈스택의 서비스 및 자원을 사용하기 위해 필요한 인증 관리 서비스입니다.
구성방법
- 해당 구성은 테스트 서버에서 구성한 내용입니다
--------------------------------------------------------------------
- controler 설정
1. Keystone 유저와 DB를 생성합니다
# mysql -u root -p
MariaDB> create database keystone;
MariaDB> grant all privileges on keystone.* to keystone@'localhost' identified by '111111';
MariaDB> grant all privileges on keystone.* to keystone@'%' identified by '111111';
MariaDB> flush privileges;
MariaDB> exit;
2. Keystone을 설치합니다
# dnf --enablerepo=centos-openstack-ussuri,epel,powertools -y install openstack-keystone python3-openstackclient httpd mod_ssl python3-mod_wsgi python3-oauth2client
# keystone 및 관련 모듈을 설치합니다.
# vi /etc/keystone/keystone.conf
[cache]
memcache_servers = controller:11211
[database]
connection = mysql+pymysql://keystone:111111@controller/keystone
[token]
provider = fernet
# su -s /bin/bash keystone -c "keystone-manage db_sync"
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# Keystone DB를 임포트 시킵니다.
# keystone-manage bootstrap --bootstrap-password 111111 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
# setsebool -P httpd_use_openstack on
# setsebool -P httpd_can_network_connect on
# setsebool -P httpd_can_network_connect_db on
# vi keystone-httpd.te
module keystone-httpd 1.0;
require {
type httpd_t;
type keystone_log_t;
class file create;
class dir { add_name write };
}
#============= httpd_t ==============
allow httpd_t keystone_log_t:dir { add_name write };
allow httpd_t keystone_log_t:file create;
# checkmodule -m -M -o keystone-httpd.mod keystone-httpd.te
# semodule_package --outfile keystone-httpd.pp --module keystone-httpd.mod
# semodule -i keystone-httpd.pp
# firewall-cmd --add-port=5000/tcp --permanent
# firewall-cmd --reload
# 방화벽 및 SELinux를 설정합니다.
# vi /etc/httpd/conf/httpd.conf
ServerName controller:80
# ServerName을 추가합니다.
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# systemctl enable --now httpd
# httpd 서비스를 등록합니다.
3. Keystone Project 생성
# vi ~/admin_key
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=111111
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W~(keystone)]\$ '
# chmod 600 ~/admin_key
# source ~/admin_key
# echo "source ~/admin_key " >> ~/.bash_profile
# keystone 인증파일 생성 후 시작시 등록되게 등록시킵니다.
# openstack project create --domain default --description "Service Project" service
+-------------------+-----------------------------------+
| Field | Value |
+-------------------+-----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 08218a458b224d49b23f68befab3d325 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------------+-----------------------------------+
# openstack project list
+-------------------+-------------------------------------------------------------+
| ID | Name |
+-------------------+-------------------------------------------------------------+
| 08218a458b224d49b23f68befab3d325 | service |
| 81843a3aae824a5fbe0f6730ff229c11 | admin |
+-------------------+-------------------------------------------------------------+
댓글목록 0
등록된 댓글이 없습니다.