03 龙芯平台openstack部署搭建-keystone部署

#!/bin/bash
#创建keystone数据库并授权，可通过mysql -ukeystone -ploongson验证授权登录
mysql -uroot -e “set password for root@localhost = password(‘loongson’);”
mysql -uroot -ploongson -e ‘CREATE DATABASE keystone;’
#本地登录
mysql -uroot -ploongson -e “GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘loongson’;”
#远程登录
mysql -uroot -ploongson -e “GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘%’ IDENTIFIED BY ‘loongson’;”

#安装openstack-keystone相关软件
#yum install -y openstack-keystone httpd mod_wsgi
yum install -y openstack-keystone httpd python3-mod_wsgi

cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bac

#配置keystone
openstack-config --set /etc/keystone/keystone.conf DEFAULT log_file keystone.log
openstack-config --set /etc/keystone/keystone.conf DEFAULT log_dir /var/log/keystone
openstack-config --set /etc/keystone/keystone.conf catalog template_file /etc/keystone/default_catalog.templates
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:loongson@controller:3306/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

egrep -v “^#|$” /etc/keystone/keystone.conf
#tee /etc/keystone/keystone.conf <<-‘EOF’
#[DEFAULT]
#log_file = keystone.log
#log_dir = /var/log/keystone
#[catalog]
#template_file = /etc/keystone/default_catalog.templates
#[database]
#connection = mysql+pymysql://keystone:loongson@controller:3306/keystone
#[token]
#provider = fernet
#EOF

#初始化同步keystone数据库
su -s /bin/sh -c “keystone-manage db_sync” keystone

#4.同步完成进行连接测试
#注释：默认有49个table，wc -l为50（标题栏占一行）
mysql -ukeystone -ploongson -e “use keystone;show tables;”
mysql -hcontroller -ukeystone -ploongson -e “use keystone;show tables;”|wc -l

#初始化 Fernet 密钥库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#配置 Apache HTTP 服务器
#修改httpd主配置文件
sed -i ‘/#ServerName/a\ServerName controller’ /etc/httpd/conf/httpd.conf
#配置虚拟主机，建立软链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#启动httpd并配置开机自启动
systemctl enable httpd.service
systemctl start httpd.service
systemctl status httpd.service

#引导身份服务
#（1）创建 keystone 用户,初始化的服务实体和API端点
#创建用户：需要创建一个密码ADMIN_PASS，作为登陆openstack的admin管理员用户，这里密码也创建为loongson。
#创建keystone服务实体和身份认证服务，以下三种类型分别为公共的、内部的、管理的。

#在endpoint表增加3个服务实体的API端点
#在local_user表中创建admin用户
#在project表中创建admin和Default项目（默认域）
#在role表创建3种角色，admin，member和reader，即公共的、内部的、管理的。
#在service表中创建identity服务

keystone-manage bootstrap --bootstrap-password loongson
–bootstrap-admin-url http://controller:5000/v3/
–bootstrap-internal-url http://controller:5000/v3/
–bootstrap-public-url http://controller:5000/v3/
–bootstrap-region-id RegionOne

#临时配置管理员账户的相关变量进行管理
tee openstack-rc <<-‘EOF’
export OS_USERNAME=admin
export OS_PASSWORD=loongson
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF

source openstack-rc

#keystone验证
#【非必须】 创建一个名为example的域
openstack domain create --description “An Example Domain” example
#创建名为service的项目，在default域中
openstack project create --domain default --description “Service Project” service
#创建名为myproject项目，在default域中
openstack project create --domain default --description “Demo Project” myproject

#创建myuser用户，在default域中
#注意以下命令需要输入密码
openstack user create --domain default --password-prompt myuser

#创建myrole角色，在role表中
openstack role create myrole
#将myrole角色添加到myproject项目和myuser用户
openstack role add --project myproject --user myuser myrole