[Openstack] - openstack 수동설정 사전 작업
openstack 수동설정 사전 작업
* ubuntu 20.04 2대 사용 controller ip 192.168.1.10 / dhcp ip 192.168.2.5 compute ip 192.168.1.11 / dhcp ip 192.168.2.6 chrony #controller apt install -y chrony systemctl enable --now chrony #compute apt install -y chrony nano /etc/chrony/chrony.conf 서
y7712.tistory.com
* 사전 작업을 먼저 할 것
keystone
#controller
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';mysql에서 keystone 계정을 등록해 준다
apt install -y keystone
nano /etc/keystone/keystone.conf
#keystone.conf
[database]
connection = mysql+pymysql://keystone:openstack@controller/keystone
[token]
provider = fernet
[cache]
memcache_servers = controller:11211
keystone을 설치하고 conf파일에 변수들을 수정해 준다
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystonedb를 재시작해주고 key 저장소를 초기화해 준다
keystone-manage bootstrap --bootstrap-password openstack \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
# /etc/apache2/apache2.conf
ServerName controller
service apache2 restart
bootstrap을 구동해 주고 apache2.conf파일에 Global configuration에 servername을 설정해 주고 apache를 재시작해준다
cat <<EOF>> /root/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
cat <<EOF>> /root/demo-openrc
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
. admin-openrc
openstack token issue
환경변수를 설정해 준 다음 token을 발행해 보면 잘 발행되는 걸 확인할 수 있다
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack project list
project를 만들어주고 확인한다
openstack user create --domain default --password-prompt demo # password openstack
openstack role create user
openstack role add --project demo --user demo userdemo 사용자를 demo 프로젝트에 user role으로 할당
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue위 명령어에 사용자를 지정해서 token을 발행할 수도 있다
참고
https://docs.openstack.org/keystone/latest/install/keystone-install-ubuntu.html
Install and configure — keystone 23.1.0.dev62 documentation
Install and configure This section describes how to install and configure the OpenStack Identity service, code-named keystone, on the controller node. For scalability purposes, this configuration deploys Fernet tokens and the Apache HTTP server to handle r
docs.openstack.org
'Openstack' 카테고리의 다른 글
| openstack 수동 설정 placement (0) | 2023.09.07 |
|---|---|
| openstack 수동설정 nova (0) | 2023.09.07 |
| openstack 수동설정 glance (0) | 2023.09.07 |
| openstack 수동설정 사전 작업 (0) | 2023.09.06 |
| devstack으로 openstack 실습 (0) | 2023.09.05 |