OpenStack Havana - Keystone 設定#12013/11/22 |
OpenStack Identity Service (Keystone) をインストールします。
|
|
[1] | Keystone インストール |
# 事前にOpenStack Havana 用リポジトリを登録しておく root@dlp:~# aptitude -y install keystone python-mysqldb
|
[2] | Keystone 用のユーザーとデータベースを MySQL に登録しておく |
root@dlp:~# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 37 Server version: 5.5.34-0ubuntu0.12.04.1 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. # 「keystone」データベース作成 ( 'password'の箇所は設定するパスワードを入力 )
mysql>
create database keystone character set utf8; Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) exit Bye |
[3] | Keystone の基本設定 |
root@dlp:~#
vi /etc/keystone/keystone.conf # 3行目:コメント解除して適当な管理者用 Token に変更 admin_token = admintoken
# 6行目:コメント解除 bind_host = 0.0.0.0 # 9行目:コメント解除 public_port = 5000 # 12行目:コメント解除 admin_port = 35357 # 20行目:コメント解除 compute_port = 8774 # 143行目:変更 ( MySQL に登録したもの ) connection = mysql://keystone:password@10.0.0.30/keystone
# 311行目:コメント解除して追記 token_format = PKI
# 312行目:全てコメント解除して地域情報等を変更 certfile = /etc/keystone/pki/certs/signing_cert.pem keyfile = /etc/keystone/pki/private/signing_key.pem ca_certs = /etc/keystone/pki/certs/cacert.pem ca_key = /etc/keystone/pki/private/cakey.pem key_size = 2048 valid_days = 3650 cert_subject = /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 2013-11-21 15:56:59.857 6100 INFO keystone.common.openssl [-] openssl req -key /etc/keystone/pki/private/signing_key.pem -new -out /etc/keystone/pki/certs/req.pem -config /etc/keystone/pki/certs/openssl.conf -subj /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world 2013-11-21 15:56:59.867 6100 INFO keystone.common.openssl [-] openssl ca -batch -out /etc/keystone/pki/certs/signing_cert.pem -config /etc/keystone/pki/certs/openssl.conf -days 3650d -cert /etc/keystone/pki/certs/cacert.pem -keyfile /etc/keystone/pki/private/cakey.pem -infiles /etc/keystone/pki/certs/req.pem Using configuration from /etc/keystone/pki/certs/openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :ASN.1 12:'Hiroshima' localityName :ASN.1 12:'Hiroshima' organizationName :ASN.1 12:'Server_World' commonName :ASN.1 12:'dlp.srv.world' Certificate is to be certified until Nov 19 06:56:59 2023 GMT (3650 days) Write out database with 1 new entries Data Base Updatedroot@dlp:~# keystone-manage db_sync root@dlp:~# service keystone restart keystone stop/waiting keystone start/running, process 1567 |
Sponsored Link |
|