{"id":341,"date":"2016-01-06T19:51:02","date_gmt":"2016-01-06T19:51:02","guid":{"rendered":"http:\/\/www.haxed.me.uk\/?p=341"},"modified":"2016-01-06T19:55:00","modified_gmt":"2016-01-06T19:55:00","slug":"deploying-cloud-api-using-keystone-openstack","status":"publish","type":"post","link":"https:\/\/haxed.me.uk\/index.php\/2016\/01\/06\/deploying-cloud-api-using-keystone-openstack\/","title":{"rendered":"Deploying your own cloud API using Keystone Openstack"},"content":{"rendered":"

Just a quick one. There are a lot of things that aren’t complete, but this is mostly for my reference and to make writing an Ansible playbook massively easier of course!<\/p>\n

For the full guide you will want the link at the bottom of the page.<\/p>\n

Outlay<\/h2>\n

\"openstack-101-update-25-638\"<\/a><\/p>\n

Operation<\/h2>\n

\"SCH_5002_V00_NUAC-Keystone\"<\/a><\/p>\n

Deployment <\/h2>\n
\r\n# EPEL Not Needed for CENTOS 7 on RS Cloud, included for detail\r\nyum install http:\/\/dl.fedoraproject.org\/pub\/epel\/7\/x86_64\/e\/epel-release-7-5.noarch.rpm -y\r\n\r\n# Install Openstack Liberty repo\r\nyum install centos-release-openstack-liberty\r\n\r\n# Upgrade dist packages\r\nyum upgrade -y\r\n\r\n# Install openstack client\r\nyum install python-openstackclient -y\r\n\r\n# Update selinux policies for Openstack\r\nyum install openstack-selinux -y\r\n\r\n# Configure SQL\r\nyum install mariadb mariadb-server MySQL-python -y\r\n\r\n# Configure and enable mariadb bind and utf8 settings etc\r\nvi \/etc\/my.cnf.d\/mariadb_openstack.cnf\r\n\r\nsystemctl enable mariadb.service\r\nsystemctl start mariadb.service\r\n\r\n# Prepare database privileges ____________TODO_______\r\n# mysql_secure_installation _____TODO______\r\n\r\n\r\n# Prepare mongodb nosqli set controller address, set start and enabled\r\n\r\nyum install mongodb-server mongodb -y\r\nvi \/etc\/mongod.conf\r\n\r\n\r\nsystemctl enable mongod.service\r\nsystemctl start mongod.servicei\r\n\r\n# Queuing Install , enable start rabbitmq, add user and set permissions for openstack user\r\nyum install rabbitmq-server -y\r\nsystemctl enable rabbitmq-server.service\r\nsystemctl start rabbitmq-server.service\r\nrabbitmqctl add_user openstack somepasswordhere\r\nrabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"\r\n\r\n# Generate admin_token\r\nopenssl rand -hex 15\r\n\r\n# Install openstack keystone, httpd and memcached, set to start, enable\r\nyum install openstack-keystone httpd mod_wsgi memcached python-memcached -y\r\nsystemctl enable memcached.service\r\nsystemctl start memcached.service\r\n\r\n# Complete Keystone [Default], [database] connection, [memcache] servers, [token] provider and driver = memcache [revoke] driver = sql [default] verbose = True\r\nvi \/etc\/keystone\/keystone.conf\r\n\r\n# Populate the keystone database\r\nsu -s \/bin\/sh -c \"keystone-manage db_sync\" keystone\r\n\r\n# (re)configure httpd\r\nvi \/etc\/httpd\/conf.d\/wsgi-keystone.conf\r\nsystemctl enable httpd.service\r\nsystemctl start httpd.service\r\n\r\n# Update environment variable exports for OS_TOKEN=admintoken, OS_URL=http:\/\/snetip:35357\/v3 OS_IDENTITY_API_VERSION=3 and source it\r\n\r\nvi .bash_profile\r\nsource .bash_profile\r\n\r\n# Create Service entity and API endpoints\r\nopenstack service create   --name keystone --description \"OpenStack Identity\" identity\r\n\r\n\r\n\r\n# API Endpoints\r\nopenstack endpoint create --region RegionOne identity public http:\/\/10.179.1.188:5000\/v2.0\r\nopenstack endpoint create --region RegionOne identity internal http:\/\/10.179.1.188:5000\/v2.0\r\nopenstack endpoint create --region RegionOne identity admin http:\/\/10.179.1.188:35357\/v2.0\r\n\r\n# Create project; admin\r\nopenstack project create --domain default   --description \"Admin Project\" admin\r\n\r\n# Create admin user for project\r\nopenstack user create --domain default   --password-prompt admin\r\n\r\n\r\n# Create admin's role\r\nopenstack role create adminn\r\n\r\n# Add admin role to admin project & it's admin user\r\nopenstack role add --project admin --user admin admin\r\n\r\n# Create Service Project\r\n\r\nopenstack project create --domain default   --description \"Service Project\" service\r\n\r\n# Create demo project\r\nopenstack project create --domain default   --description \"Demo Project\" demo\r\n\r\n# Create the demo user\r\nopenstack user create --domain default   --password-prompt demo\r\n\r\n# and user role for demo user\r\nopenstack role create user\r\n\r\n# Add the user role to the demo project and user\r\nopenstack role add --project demo --user demo user\r\n\r\n# SKIPPED remove keystone-dist-paste.ini\r\n\r\n# Unset the OS_TOKEN and OS_URL environment variables\r\nunset OS_TOKEN OS_URL\r\n\r\n# Request token for admin user\r\nopenstack --os-auth-url http:\/\/10.179.1.188:35357\/v3  --os-project-domain-id default --os-user-domain-id default   --os-project-name demo --os-username demo --os-auth-type password   token issue\r\n\r\n# Verify operation toadd check verification status function\r\ntouch demo-openrc.sh\r\ntouch admin-openrc.sh\r\ncat \/etc\/keystone\/keystone.conf | grep admin_token\r\n\r\n# Test admin api credentials\r\nsource admin-openrc.sh\r\nopentack token issue\r\n\r\n# Test demo api credentials\r\nsource demo-openrc.sh\r\nopenstack token issue\r\n<\/pre>\n http:\/\/docs.openstack.org\/liberty\/install-guide-rdo\/environment.html<\/link>\n","protected":false},"excerpt":{"rendered":"
Just a quick one. There are a lot of things that aren’t complete, but this is mostly for my reference and to make writing an Ansible playbook massively easier of course! For the full guide you will want the link … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-341","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/comments?post=341"}],"version-history":[{"count":6,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/341\/revisions"}],"predecessor-version":[{"id":349,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/posts\/341\/revisions\/349"}],"wp:attachment":[{"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/media?parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/categories?post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haxed.me.uk\/index.php\/wp-json\/wp\/v2\/tags?post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}