jalankan perintah dibawah pada node controller
sebelum install keystone kita harus menyiapkan database serta usernya dahulu, ganti KEYSTONE_DBPASS dengan password yang kalian inginkan, silahkan ikuti perintah dibawah ini
- mysql -u root -p
- mysql> CREATE DATABASE keystone;
- mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
- mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
install keystone dengan perintah dibawah
- apt install keystone
edit file /etc/keystone/keystone.conf
didalam [database] rubah parameter dibawah ini, ganti KEYSTONE_DBPASS dengan password yang kalian set diatas
connection = sqlite:////var/lib/keystone/keystone.db
dengan parameter dibawah ini
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
didalam [token] tambahkan parameter dibawah ini
provider = fernet
jika sudah jalankan perintah dibawah
- su -s /bin/sh -c “keystone-manage db_sync” keystone
- keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
- keystone-manage credential_setup –keystone-user keystone –keystone-group keystone
jalankan perintah dibawah, ganti ADMIN_PASS dengan password admin yang kalian inginkan
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:35357/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
edit file /etc/apache2/apache2.conf dan tambahkan parameter dibawah ini
ServerName controller
lalu jika sudah jalankan perintah dibawah
- service apache2 restart
- rm -f /var/lib/keystone/keystone.db
jika sudah jalankan perintah dibawah, ganti ADMIN_PASS dengan password yang admin yang kalian buat diatas
- export OS_USERNAME=admin
- export OS_PASSWORD=ADMIN_PASS
- export OS_PROJECT_NAME=admin
- export OS_USER_DOMAIN_NAME=default
- export OS_PROJECT_DOMAIN_NAME=default
- export OS_AUTH_URL=http://controller:35357/v3
- export OS_IDENTITY_API_VERSION=3
jalankan perintah dibawah ini untuk membuat domain, user dan project dan roles
- openstack project create –domain default –description “Service Project” service
- openstack project create –domain default –description “Demo Project” demo
selanjutnya perintah dibawah ini kita akan membuat user demo dan akan diminta membuat password, masukan password yang kalian inginkan
- openstack user create –domain default –password-prompt demo
jalankan perintah dibawah untuk membuat user roles
- openstack role create user
lalu jalankan perintah dibawah
- openstack role add –project demo –user demo user
edit file /etc/keystone/keystone-paste.ini dan hapus admin_token_auth dari [pipeline:public_api], [pipeline:admin_api], dan [pipeline:api_v3] sebelum admin_token_auth dihapus baris scriptnya seperti dibawah ini
[pipeline:public_api] # The last item in this pipeline must be public_service or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service [pipeline:admin_api] # The last item in this pipeline must be admin_service or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service [pipeline:api_v3] # The last item in this pipeline must be service_v3 or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
setelah admin_token_auth di hapus akan menjadi seperti dibawah ini
[pipeline:public_api] # The last item in this pipeline must be public_service or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service [pipeline:admin_api] # The last item in this pipeline must be admin_service or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service [pipeline:api_v3] # The last item in this pipeline must be service_v3 or an equivalent # application. It cannot be a filter. pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
jika sudah save, dan jalankan perintah dibawah ini, jika diminta password masukan password admin dan demo dibuat diatas
- unset OS_AUTH_URL OS_PASSWORD
- openstack –os-auth-url http://controller:35357/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name admin –os-username admin token issue
- openstack –os-auth-url http://controller:5000/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name demo –os-username demo token issue
buat file admin-openrc pada /root/
- vim /root/admin-openrc
lalu isikan dengan paramater dibawah ini, ganti ADMIN_PASS dengan password admin yg kalian buat
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
buat file demo-openrc pada /root/
- vim /root/demo-openrc
lalu isikan dengan paramater dibawah ini, ganti DEMO_PASS dengan password demo yg kalian buat
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
untuk meloadnya silahkan menggunakan perintah dibawah ini dari dalam direktori /root/
- . admin-openrc
- openstack token issue
file script diatas dibuat untuk masuk sebagai environment admin atau demo
untuk video tutorialnya bisa lihat dibawah
nice info, gan