먼저 오픈스택의 Identity service인 Keystone을 구축한다.
1. 데이터베이스 구축
# mysql
# MariaDB [(none)]> CREATE DATABASE keystone;
# MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '키스톤_DB_비밀번호';
# MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '키스톤_DB_비밀번호';2. Keystone 설치와 설정
# apt install keystone
# vim /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:키스톤_DB_비밀번호@localhost/keystone
...
[token]
# ...
provider = fernet
...
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-password 관리자_패스워드 \
--bootstrap-admin-url http://노드_IP_주소:5000/v3/ \
--bootstrap-internal-url http://노드_IP_주소:5000/v3/ \
--bootstrap-public-url http://노드_IP_주소:5000/v3/ \
--bootstrap-region-id RegionOne-
[database] 레이어 부분에서 controller가 아닌 localhost로 해줘야 한다.
앞으로 모든 설정파일에서 공식 문서와 다르게 localhost를 입력한다. -
엔드 포인트를 연결해주는 bootstrap 설정 부분에서는 해당 노드의 IP 주소를 사용한다.
앞으로 모든 설정파일에서 공식 문서와 다르게 노드 IP 주소를 입력한다.
3. HTTP 서버 설정
ServerName을 추가(변경) 한다.
# vim /etc/apache2/apache2.conf
ServerName 노드_IP_주소4. 설치 완료
# service apache2 restart
# vim admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=관리자패스워드
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://노드_IP주소:5000/v3
export OS_IDENTITY_API_VERSION=35. 도메인, 프로젝트, 사용자 및 역할 생성
#. admin-openrc
# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# openstack user create --domain default \
--password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
# openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | myrole |
+-----------+----------------------------------+
# openstack role add --project myproject --user myuser myrole6. 작동 확인
admin과 myuser(사용자)의 토큰을 요청하면서 keystone 서비스의 작동이 잘 되는지 확인한다.
# unset OS_AUTH_URL OS_PASSWORD
# openstack --os-auth-url http://노드_IP_주소:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+