Thursday, May 26, 2016

Keystone (Kilo) Installation from Source Code

keystonesource

Keystone kilo installation by source code

Thanks for this Blog,

https://developer.rackspace.com/blog/install-openstack-from-source/

But, as usual, the procedure is not simple like that since it always failure if we just follow the steps. So we modify the procedure and post it on my Blog.

installation

apt-get install -y mysql-server
sed -i "s/127.0.0.1/$MY_PRIVATE_IP\nskip-name-resolve\ncharacter-set-server = utf8\ncollation-server = utf8_general_ci\ninit-connect = 'SET NAMES utf8'/g" /etc/mysql/my.cnf

restart mysql
mysql  -u root -pmysql -e "create database keystone;"
mysql  -u root -pmysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql  -u root -pmysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
apt-get install -y python-dev libmysqlclient-dev libffi-dev libssl-dev
pip install python-glanceclient python-keystoneclient python-openstackclient
pip install repoze.lru pbr mysql-python
useradd --home-dir "/var/lib/keystone" \
    --create-home \
    --system \
    --shell /bin/false \
    keystone

#Create essential dirs

mkdir -p /var/log/keystone
mkdir -p /etc/keystone

#Set ownership of the dirs

chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /var/lib/keystone
chown keystone:keystone /etc/keystone
git clone https://github.com/openstack/keystone.git -b stable/kilo
cp -R keystone/etc/* /etc/keystone/
cd keystone
python setup.py install
pip install -r requirements.txt
cp /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf
sed -i "s|database]|database]\nconnection = mysql://keystone:keystone@$MY_IP/keystone|g" /etc/keystone/keystone.conf
sed -i 's/#admin_token = ADMIN/admin_token = SuperSecreteKeystoneToken/g' /etc/keystone/keystone.conf

edit token section as followed.

[token]

provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token

apt-get install python-mysqldb keystone-manage db_sync

Excute the folloing script, the keystone then started. ``` cat > /etc/init/keystone.conf << EOF description "Keystone API server" author "Soren Hansen soren@linux2go.dk"

start on runlevel [2345] stop on runlevel [!2345]

respawn

exec start-stop-daemon --start --chuid keystone --chdir /var/lib/keystone --name keystone --exec /usr/local/bin/keystone-all -- --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log EOF

start keystone ```

Now you can use the following CLI to start/stop keystone.

service keystone start
service keystone stop

check keystone daemon

root@keystonesource:~# ps aux|grep keystone
keystone  17495  2.3  6.1 171316 62004 ?        Ss   18:24   0:07 /usr/bin/python /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log
keystone  17625  0.0  6.8 275796 68964 ?        S    18:24   0:00 /usr/bin/python /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log
keystone  17626  0.0  6.8 276024 68956 ?        S    18:24   0:00 /usr/bin/python /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log
keystone  17627  0.0  5.8 171316 58228 ?        S    18:24   0:00 /usr/bin/python /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log
keystone  17628  0.0  5.8 171316 58228 ?        S    18:24   0:00 /usr/bin/python /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log
root      17721  0.0  0.2  10468  2136 pts/0    S+   18:30   0:00 grep --color=auto keystone

access keystone

before we start to access keystone we might setup linux enviroment.

install keystone client

apt-get install python-keystoneclient

edit openrc_admin

export OS_SERVICE_TOKEN=tokentoken
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0

execute the environment

source openrc_admin

Then you can start to use keystone by CLI. If you are familar with restful api, you don't need to set up linux environment.

keystone --debug tenant-create --name admin --description "Admin Tenant"

keystone --debug tenant-list

adding Endpoint

root@keystonesource:~# keystone service-create --name service1 --type service1
/usr/local/lib/python2.7/dist-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | 0204f666bfc24c9aa9f5922ce6c349b1 |
|     name    |             service1             |
|     type    |             service1             |
+-------------+----------------------------------+
root@keystonesource:~# keystone endpoint-create --region RegionTwo --service-id 0204f666bfc24c9aa9f5922ce6c349b1 --publicurl http://haha/v2 --adminurl http://lala/v2 --internalurl http://sasa/v2
/usr/local/lib/python2.7/dist-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |          http://lala/v2          |
|      id     | b7885c5ee730459aa464ef0cf8965794 |
| internalurl |          http://sasa/v2          |
|  publicurl  |          http://haha/v2          |
|    region   |            RegionTwo             |
|  service_id | 0204f666bfc24c9aa9f5922ce6c349b1 |
+-------------+----------------------------------+

some error

/usr/local/lib/python2.7/dist-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)

show region endpoint


root@keystonesource:~# keystone --debug endpoint-list
/usr/local/lib/python2.7/dist-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://localhost:35357/v2.0/endpoints -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}c6af3a86ea7fe57895754929accbf9869643da36"
INFO:urllib3.connectionpool:Starting new HTTP connection (1): localhost
DEBUG:urllib3.connectionpool:Setting read timeout to 600.0
DEBUG:urllib3.connectionpool:"GET /v2.0/endpoints HTTP/1.1" 200 243
DEBUG:keystoneclient.session:RESP: [200] date: Thu, 12 May 2016 10:29:01 GMT content-type: application/json content-length: 243 vary: X-Auth-Token x-openstack-request-id: req-1b0a5879-242f-4f49-b002-9558e04e1d2b
RESP BODY: {"endpoints": [{"internalurl": "http://sasa/v2", "adminurl": "http://lala/v2", "service_id": "0204f666bfc24c9aa9f5922ce6c349b1", "region": "RegionTwo", "enabled": true, "id": "b7885c5ee730459aa464ef0cf8965794", "publicurl": "http://haha/v2"}]}

+----------------------------------+-----------+----------------+----------------+----------------+----------------------------------+
|                id                |   region  |   publicurl    |  internalurl   |    adminurl    |            service_id            |
+----------------------------------+-----------+----------------+----------------+----------------+----------------------------------+
| b7885c5ee730459aa464ef0cf8965794 | RegionTwo | http://haha/v2 | http://sasa/v2 | http://lala/v2 | 0204f666bfc24c9aa9f5922ce6c349b1 |
+----------------------------------+-----------+----------------+----------------+----------------+----------------------------------+

--debug mode的情況下會顯示restapi的使用方式,但上述的token是假的,token可由自己設定的admin token去執行。

show endpoint curl -g -i -X GET http://localhost:35357/v2.0/endpoints -H "Accept: application/json" -H "X-Auth-Token: tokentoken"

show tenant list

keystone --debug tenant-list

curl -g -i -X GET http://localhost:35357/v2.0/tenants -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}c6af3a86ea7fe57895754929accbf9869643da36"

create tenant

keystone --debug tenant-create --name=demo

curl -g -i -X POST http://localhost:35357/v2.0/tenants -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}c6af3a86ea7fe57895754929accbf9869643da36" -d '{"tenant": {"enabled": true, "name": "demo", "description": null}}'

No comments:

Post a Comment