Openstack part-8 installasi & konfigurasi keystone

1
691

jalankan perintah dibawah pada node controller
sebelum install keystone kita harus menyiapkan database serta usernya dahulu, ganti KEYSTONE_DBPASS dengan password yang kalian inginkan, silahkan ikuti perintah dibawah ini

  • mysql -u root -p
  • mysql> CREATE DATABASE keystone;
  • mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
  • mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;

install keystone dengan perintah dibawah

  • apt install keystone

edit file /etc/keystone/keystone.conf
didalam [database] rubah parameter dibawah ini, ganti KEYSTONE_DBPASS dengan password yang kalian set diatas

connection = sqlite:////var/lib/keystone/keystone.db

dengan parameter dibawah ini

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

didalam [token] tambahkan parameter dibawah ini

provider = fernet

jika sudah jalankan perintah dibawah

  • su -s /bin/sh -c “keystone-manage db_sync” keystone
  • keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
  • keystone-manage credential_setup –keystone-user keystone –keystone-group keystone

jalankan perintah dibawah, ganti ADMIN_PASS dengan password admin yang kalian inginkan

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:35357/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

edit file /etc/apache2/apache2.conf dan tambahkan parameter dibawah ini

ServerName controller

lalu jika sudah jalankan perintah dibawah

  • service apache2 restart
  • rm -f /var/lib/keystone/keystone.db

jika sudah jalankan perintah dibawah, ganti ADMIN_PASS dengan password yang admin yang kalian buat diatas

  • export OS_USERNAME=admin
  • export OS_PASSWORD=ADMIN_PASS
  • export OS_PROJECT_NAME=admin
  • export OS_USER_DOMAIN_NAME=default
  • export OS_PROJECT_DOMAIN_NAME=default
  • export OS_AUTH_URL=http://controller:35357/v3
  • export OS_IDENTITY_API_VERSION=3

jalankan perintah dibawah ini untuk membuat domain, user dan project dan roles

  • openstack project create –domain default –description “Service Project” service
  • openstack project create –domain default –description “Demo Project” demo

selanjutnya perintah dibawah ini kita akan membuat user demo dan akan diminta membuat password, masukan password yang kalian inginkan

  • openstack user create –domain default –password-prompt demo

jalankan perintah dibawah untuk membuat user roles

  • openstack role create user

lalu jalankan perintah dibawah

  • openstack role add –project demo –user demo user

edit file /etc/keystone/keystone-paste.ini dan hapus admin_token_auth dari [pipeline:public_api], [pipeline:admin_api], dan [pipeline:api_v3] sebelum admin_token_auth dihapus baris scriptnya seperti dibawah ini

[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service

[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service

[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

setelah admin_token_auth di hapus akan menjadi seperti dibawah ini

[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service

[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service

[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

jika sudah save, dan jalankan perintah dibawah ini, jika diminta password masukan password admin dan demo dibuat diatas

  • unset OS_AUTH_URL OS_PASSWORD
  • openstack –os-auth-url http://controller:35357/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name admin –os-username admin token issue
  • openstack –os-auth-url http://controller:5000/v3 –os-project-domain-name default –os-user-domain-name default –os-project-name demo –os-username demo token issue

buat file admin-openrc pada /root/

  • vim /root/admin-openrc

lalu isikan dengan paramater dibawah ini, ganti ADMIN_PASS dengan password admin yg kalian buat

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

buat file demo-openrc pada /root/

  • vim /root/demo-openrc

lalu isikan dengan paramater dibawah ini, ganti DEMO_PASS dengan password demo yg kalian buat

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

untuk meloadnya silahkan menggunakan perintah dibawah ini dari dalam direktori /root/

  • . admin-openrc
  • openstack token issue

file script diatas dibuat untuk masuk sebagai environment admin atau demo

untuk video tutorialnya bisa lihat dibawah

1 COMMENT