Deploying your own cloud API using Keystone Openstack

Just a quick one. There are a lot of things that aren’t complete, but this is mostly for my reference and to make writing an Ansible playbook massively easier of course!

For the full guide you will want the link at the bottom of the page.






# EPEL Not Needed for CENTOS 7 on RS Cloud, included for detail
yum install -y

# Install Openstack Liberty repo
yum install centos-release-openstack-liberty

# Upgrade dist packages
yum upgrade -y

# Install openstack client
yum install python-openstackclient -y

# Update selinux policies for Openstack
yum install openstack-selinux -y

# Configure SQL
yum install mariadb mariadb-server MySQL-python -y

# Configure and enable mariadb bind and utf8 settings etc
vi /etc/my.cnf.d/mariadb_openstack.cnf

systemctl enable mariadb.service
systemctl start mariadb.service

# Prepare database privileges ____________TODO_______
# mysql_secure_installation _____TODO______

# Prepare mongodb nosqli set controller address, set start and enabled

yum install mongodb-server mongodb -y
vi /etc/mongod.conf

systemctl enable mongod.service
systemctl start mongod.servicei

# Queuing Install , enable start rabbitmq, add user and set permissions for openstack user
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack somepasswordhere
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

# Generate admin_token
openssl rand -hex 15

# Install openstack keystone, httpd and memcached, set to start, enable
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service

# Complete Keystone [Default], [database] connection, [memcache] servers, [token] provider and driver = memcache [revoke] driver = sql [default] verbose = True
vi /etc/keystone/keystone.conf

# Populate the keystone database
su -s /bin/sh -c "keystone-manage db_sync" keystone

# (re)configure httpd
vi /etc/httpd/conf.d/wsgi-keystone.conf
systemctl enable httpd.service
systemctl start httpd.service

# Update environment variable exports for OS_TOKEN=admintoken, OS_URL=http://snetip:35357/v3 OS_IDENTITY_API_VERSION=3 and source it

vi .bash_profile
source .bash_profile

# Create Service entity and API endpoints
openstack service create   --name keystone --description "OpenStack Identity" identity

# API Endpoints
openstack endpoint create --region RegionOne identity public
openstack endpoint create --region RegionOne identity internal
openstack endpoint create --region RegionOne identity admin

# Create project; admin
openstack project create --domain default   --description "Admin Project" admin

# Create admin user for project
openstack user create --domain default   --password-prompt admin

# Create admin's role
openstack role create adminn

# Add admin role to admin project & it's admin user
openstack role add --project admin --user admin admin

# Create Service Project

openstack project create --domain default   --description "Service Project" service

# Create demo project
openstack project create --domain default   --description "Demo Project" demo

# Create the demo user
openstack user create --domain default   --password-prompt demo

# and user role for demo user
openstack role create user

# Add the user role to the demo project and user
openstack role add --project demo --user demo user

# SKIPPED remove keystone-dist-paste.ini

# Unset the OS_TOKEN and OS_URL environment variables

# Request token for admin user
openstack --os-auth-url  --os-project-domain-id default --os-user-domain-id default   --os-project-name demo --os-username demo --os-auth-type password   token issue

# Verify operation toadd check verification status function
cat /etc/keystone/keystone.conf | grep admin_token

# Test admin api credentials
opentack token issue

# Test demo api credentials
openstack token issue