컨트롤러 노드에서 진행
# 1. Install and configure
$ mysql
> CREATE DATABASE keystone;
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'a';
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'a';
> quit
$ apt install keystone
$ cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.org
$ grep -E '^[^#].' /etc/keystone/keystone.conf.org > /etc/keystone/keystone.conf
$ vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:a@controller/keystone
[token]
provider = fernet
expiration = 10800 # 토큰 유효기간(초단위 설정), 설정하지 않으면 기본 1시간, 공식문서 설치 가이드라인에는 없어서 걍 넣어둠
$ su -s /bin/sh -c "keystone-manage db_sync" keystone
$ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
$ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
$ keystone-manage bootstrap --bootstrap-password a \\
--bootstrap-admin-url <http://controller:5000/v3/> \\
--bootstrap-internal-url <http://controller:5000/v3/> \\
--bootstrap-public-url <http://172.30.0.4:5000/v3/> \\
--bootstrap-region-id RegionOne
$ cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.org
$ grep -E '^[^#].' /etc/apache2/apache2.conf.org > /etc/apache2/apache2.conf
$ vi /etc/apache2/apache2.conf
ServerName controller # 없으면 추가
$ service apache2 restart
$ service apache2 status
# 테스트를 위한 환경변수 설정 #
$ export OS_USERNAME=admin
$ export OS_PASSWORD=a
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:5000/v3
$ export OS_IDENTITY_API_VERSION=3
# 비밀번호 요구 테스트
$ unset OS_AUTH_URL OS_PASSWORD # 위에서 설정한 환경변수 비밀번호 삭제
$ openstack --os-auth-url <http://controller:5000/v3> \\
--os-project-domain-name Default --os-user-domain-name Default \\
--os-project-name admin --os-username admin token issue
다음과 같이 나오면 성공
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-02-13T10:16:05+0000 |
| id | gAAAAABj6eO1jL-6VjpZJhSBgcQc1A8KQlBcX5KLftkITOg3ZoRdaHlOafDDNzCXpPFWZopvcO748mOu2wOdZ4X599qiVfnFKj_CbJkB-NjomeArNb2psxAtpTL5SXW9tBQBsmbc4Y23R_ktVbh67hc_xYMvduhYJjy_CpgMHPddoir4nuD91IQ |
| project_id | 56a7bd2910704c35b04c81e8c3882a58 |
| user_id | 3088c568bda1431c9f465c71e7bac396 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# admin-openrc 생성
$ cd /etc/keystone
$ vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=a
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ . /etc/keystone/admin-openrc
$ openstack token issue # 비밀번호 요구 없이 토큰이 바로 나오면 성공
# default 프로젝트 생성
$ openstack project create --domain default --description "Service Project" service
댓글