今天主要教導的是 Keystone Service 的安裝

這裡以 ALL IN ONE的模式 來作系統安裝。

建議可使用Ubuntu 14.04 ，來作安裝。

其上頭repository 搭載的就是 一路介紹來的版本: icehouse

此次練習並不像實際部屬於多台主機的中，會切割離 Compute Network Storage的部分。

但實際維運的時候，

強烈建議將服務切開來做分流。

讓系統的管理與使用來說的更加純粹，

且問題比較好除錯。

先前安裝完的系統後，

auto lo

iface lo inet loopback

auto

eth1

iface eth1 inet dhcp

auto br0

iface br0 inet static

address 192.168.2.1

netmask 255.255.255.0

bridge_ports eth0

這邊假設其eth0 Private IP為 192.168.2.1

而對外的網路為使用的ＤＨＣＰ Protocol

下面的安裝手冊要依照您的實際網路Ip設定來更改

（將Controller IP 更改成你的環境 所使用的對外網路IP

Step 1. 每台電腦IP不同，安裝前先將手冊裡全部[Controller_IP]、[Controller_Hostname]替換成正確IP及名稱。

Step 2. 使用root身分

sudo su

Step 3. Configuring the SQL Database (MySQL) on the Cloud Controller

apt-get install -y python-mysqldb mysql-server

nano /etc/mysql/my.cnf (modify&add)

[mysqld]

bind-address = [Controller_IP]

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8

service mysql restart

mysql_install_db

mysql_secure_installation

Enter current password for root (輸入MySQL root密碼)

Change the root password? [Y/n] n

Remove anonymous users? [Y/n] Y

Disallow root login remotely? [Y/n] Y

Remove test database and access to it? [Y/n] Y

Reload privilege tables now? [Y/n] Y

Step 4. 安裝phpMyAdmin管理資料庫

apt-get install -y phpmyadmin

Web server to reconfigure automatically:(選 ”apache2”)

Configure database for phpmyadmin with dbconfig-common? (選 “否”)

Go to http://[Controller_IP]/phpmyadmin/

Step 5. Installing the messaging queue server on the Cloud Controller

apt-get install -y rabbitmq-server

rabbitmqctl change_password guest RABBIT_PASS

Step 6. Installing and Configuring Identity Service on Controller node

apt-get install -y keystone python-keystoneclient

rm /var/lib/keystone/keystone.db

openssl rand -hex 10 (得到[ADMIN_TOKEN]填入下方有2處)

nano /etc/keystone/keystone.conf (modify)

[DEFAULT]

admin_token = [ADMIN_TOKEN]

log_dir = /var/log/keystone

[database]

connection = mysql://keystone:KEYSTONE_DBPASS@[Controller_IP]/keystone

mysql -u root -p

CREATE DATABASE keystone;

GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

su -s /bin/sh -c "keystone-manage db_sync" keystone

service keystone restart

(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/crontabs/keystone (這是一整長串指令)

Step 7. Define users, tenants, and roles in keystone and Define keystone service and API endpoints

nano /root/keystone.sh

#!/bin/bash

export OS_SERVICE_TOKEN=[ADMIN_TOKEN]

export OS_SERVICE_ENDPOINT=http://[Controller_IP]:35357/v2.0

keystone tenant-create --name=admin --description="Admin Tenant"

keystone tenant-create --name=service --description="Service Tenant"

keystone tenant-create --name=demo --description="Demo Tenant"

keystone role-create --name=admin

keystone user-create --name=admin --pass=ADMIN_PASS --email=admin@example.com

keystone user-role-add --user=admin --role=admin --tenant=admin

keystone user-role-add --user=admin --role=_member_ --tenant=admin

keystone user-create --name=demo --pass=DEMO_PASS --email=DEMO_EMAIL

keystone user-role-add --user=demo --role=_member_ --tenant=demo

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://[Controller_IP]:5000/v2.0 --internalurl=http://[Controller_IP]:5000/v2.0 --adminurl=http://[Controller_IP]:35357/v2.0

chmod +x /root/keystone.sh

/root/keystone.sh

Step 8. Verifying the Identity Service Installation

nano ~/stackrc (連結 keystone，必先設定環境變數)

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_TENANT_NAME=admin

export OS_AUTH_URL=http://[Controller_IP]:35357/v2.0/

source ~/stackrc

keystone token-get

keystone user-list

Day 26 Ending