본문 바로가기

카테고리 없음

openstack UBT 16.04 구축 해보기_history [1장]


설치환경

Intel_32Core 

32G memory 

OS Ubuntu_16.04

의 환경에 서버 3대


openstack Version : ocata


network - ( 기본 문서에는 network 장치 2개를 이용해서 사용하는거 같은데 일단은 공인 IP만 eth0 장치로 설정하고 사용하고

추후 사설 IP가 필요하면 eth1을 추가해서 설정 하겠습니다.)


보안상의 이유로 공인 IP를 사용하였지만 192.168.5.0/24 대역을 사용한것 처럼 적었습니다. 

eth0 :    192.168.5.0/24

eth1 :    10.0.0.0/24         - 추 후 할당 예정


host

# /etc/hosts

192.168.5.209    controller     controller.test.com

192.168.5.206    compute       compute.test.com

192.168.5.207    network        network.test.com

* 본 문서는 Queens 가 나온 시점에서 작성 되었으며 작성자가 Queens를 구축하기에 앞서 

안정화 버전인 Ocata 버전을 설치 및 구축하면서 기록으로 남겨 놓기 위한 문서 입니다.


혹시나 최신버전으로 구축을 원하시는 분은 참고만 하시거나 다른 문서를 찾으시길 바랍니다.


즉 ocata 버전을 설치할 예정 임. 

UBT 16.04 -> ocata 설치 후

CentOS_7.3 or UBT 18.04 -> Queens 설치


=====================================================================================



#vi /etc/apt/sources.list     ->    daum.kakao 수정.


%s/kr.archive.ubuntu.com/ftp.daumkakao.com

apt-get update


=====================================================================================


#apt-get update && apt-get upgrade

#apt-get dist-upgrade                                    -> 패키지 최신버전으로 업그레이드


=====================================================================================


cp: cannot stat '/etc/iscsi/initiatorname.iscsi': No such file or directory


Errors were encountered while processing:

 open-iscsi

 ubuntu-server


중간에 위와 같은 error 가 걸려서 iscsi 데몬 삭제 해줬습니다.

데몬은 설치 되어 있는데 /etc/iscsi 디렉토리가 없어서 던진거 같은데 어차피 나머지 버전 업그레이드는 잘 설치 되었지만

아직 필요없는 데몬이고 이따가 ocata 릴리즈 apt 저장소 받아올때 문제가 있으니 삭제 해버렸습니다.


#apt-get remove open-iscsi


=========================================================================================

#apt-get install chrony -y        -> 타임서버 (NTP 데몬 설치)

#vi /etc/chrony/chrony.conf

#pool 2.debian.pool.ntp.org offline iburst        ->        주석처리



    server kr.pool.ntp.org            -> 3줄 추가

    server time.bora.net

    server time.kornet.net


systemctl restart chrony



echo "192.168.5.209    controller     controller.test.com

192.168.5.206    compute       compute.test.com

192.168.5.207    network        network.test.com"  >> /etc/hosts


여기까지 3대 공통 사항


각 host 마다 위 hosts 내용대로 hostname 수정.


ex) 

#echo controller > /etc/hostname

#echo compute > /etc/hostname

#echo network > /etc/hostname


#init 6


=====================================================================================


이하 Controller 에서 진행.


#1_MariaDB 10.0 설치

#apt install software-properties-common -y

#add-apt-repository cloud-archive:ocata

#apt update

#apt install mariadb-server python-pymysql 


Reading package lists... Done

Building dependency tree       

Reading state information... Done

The following packages were automatically installed and are no longer required:

  libllvm4.0 libqmi-glib1

Use 'apt autoremove' to remove them.

The following additional packages will be installed:

  libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient20 libterm-readkey-perl mariadb-client-10.0 mariadb-client-core-10.0 mariadb-common mariadb-server-10.0 mariadb-server-core-10.0

  mysql-common

Suggested packages:

  libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx mariadb-test tinyca python-pymysql-doc

The following NEW packages will be installed:

  libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient20 libterm-readkey-perl mariadb-client-10.0 mariadb-client-core-10.0 mariadb-common mariadb-server mariadb-server-10.0

  mariadb-server-core-10.0 mysql-common python-pymysql

0 upgraded, 14 newly installed, 0 to remove and 12 not upgraded.

Need to get 16.3 MB of archives.

After this operation, 146 MB of additional disk space will be used.

Do you want to continue? [Y/n] y

...
...
...

Setting up libhtml-template-perl (2.95-2) ...

Setting up mariadb-server (10.0.38-0ubuntu0.16.04.1) ...

Setting up python-pymysql (0.7.9-2~cloud0) ...

Processing triggers for libc-bin (2.23-0ubuntu10) ...

Processing triggers for systemd (229-4ubuntu21.15) ...

Processing triggers for ureadahead (0.100.0-19) ...


#dpkg -l | grep mariad


ii  mariadb-client-10.0                   10.0.38-0ubuntu0.16.04.1                   amd64        MariaDB database client binaries

ii  mariadb-client-core-10.0              10.0.38-0ubuntu0.16.04.1                   amd64        MariaDB database core client binaries

ii  mariadb-common                        10.0.38-0ubuntu0.16.04.1                   all          MariaDB common metapackage

ii  mariadb-server                        10.0.38-0ubuntu0.16.04.1                   all          MariaDB database server (metapackage depending on the latest version)

ii  mariadb-server-10.0                   10.0.38-0ubuntu0.16.04.1                   amd64        MariaDB database server binaries

ii  mariadb-server-core-10.0              10.0.38-0ubuntu0.16.04.1                   amd64        MariaDB database core server files



#vi /etc/mysql/mariadb.conf.d/50-server.cnf

bind-address = 192.168.5.207 로 변경




#systemctl restart mysql

#systemctl enable mysql


#mysql_secure_installation      ->     mysql 초기 패스워드 변경


NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.


Enter current password for root (enter for none): 

OK, successfully used password, moving on...


Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.


You already have a root password set, so you can safely answer 'n'.


Change the root password? [Y/n] Y

New password: 

Re-enter new password: 

Password updated successfully!

Reloading privilege tables..

 ... Success!



#2_RabbitMQ 설치

apt install rabbitmq-server python-pymysql -y

 dpkg -l grep rabbitmq

ii  rabbitmq-server                                3.5.7-1ubuntu0.16.04.2       all                          AMQP server written in Erlang


#rabbitmqctl add_user openstack .password
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...

# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      26317/beam.smp  
tcp        0      0 xxxxxxxxxxx:3306       0.0.0.0:*               LISTEN      25210/mysqld    
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      26216/epmd      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      15354/sshd      
tcp6       0      0 :::5672                 :::*                    LISTEN      26317/beam.smp  
tcp6       0      0 :::4369                 :::*                    LISTEN      26216/epmd      
tcp6       0      0 :::22                   :::*                    LISTEN      15354/sshd


# systemctl restart rabbitmq-server
# systemctl enable rabbitmq-enable

#apt-get install lsof
# lsof -i tcp:5672
COMMAND    PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
beam.smp 28844 rabbitmq   22u  IPv6 2974229      0t0  TCP *:amqp (LISTEN)

- 추후 방화벽에 5672 port를 추가해 주자 (현재는 방화벽 off 상태



#3_Memcached 설치

# apt-get install memcached -y

Reading package lists... Done

      libcache-memcached-perl libmemcached libanyevent-perl libyaml-perl

...

...

Processing triggers for systemd (229-4ubuntu21.15) ...

Processing triggers for ureadahead (0.100.0-19) ...


#dpkg -l | grep memcached

ii  memcached                             1.4.25-2ubuntu1.4                          amd64        high-performance memory object caching system


vi /etc/memcached.conf    ->    35번째 line IP 변경
-l 127.0.0.1    -> -l 192.168.5.209 로 변경

#systemctl enable memcached
#systemctl restart memcached

#systemctl status memcached
● memcached.service - memcached daemon
       Loaded: loaded (/lib/systemd/system/memcached.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2019-02-14 00:18:58 EST; 11min ago
 Main PID: 1892 (memcached)
               Tasks: 6
               Memory: 2.6M
              CPU: 21ms
           CGroup: /system.slice/memcached.service
               └─1892 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 192.168.5.209
Feb 14 00:18:58 controller2 systemd[1]: Started memcached daemon.

# ps -ef | grep memcached
memcache  1892     1  0 00:18 ?        00:00:00 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 192.168.5.209

- 추후 방화벽에 11211 port를 추가해 주자 (현재는 방화벽 off 상태



* Feb 13 23:56:09 controller2 systemd[1]: Started memcached daemon.

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Setting locale failed.

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Please check that your locale settings:

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]:         LANGUAGE = "ko_KR:ko",

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]:         LC_ALL = (unset),

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]:         LANG = "ko.KR.utf8"

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]:     are supported and installed on your system.

Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Falling back to the standard locale ("C").


systemctl  관련 명령어 사용중 위와 같은 오류를 내뱉을 때가 있는데 이럴때 언어셋 local을 변경 해주면 해결 된다.
기본적으로 "LANG=C" 를 이용해서 해결 했으나 계속 오류가 발생하여 짜증나서 그냥
/etc/default/locale 들어가서
cat /etc/default/locale 
#  File generated by update-locale
LANG="en_US.UTF-8"
#LANG="ko.KR.utf8"
#LANGUAGE="ko_KR:ko"
:wq

en_US.UTF-8 을 활성화 해주고 재부팅 해버렸다.

#4_keystone 서비스 설정
4-1 Database 설정
MariaDB [(none)]> create database keystone default character set utf8 default collate utf8_general_ci;
Query OK, 1 row affected (0.00 sec)    -> DB 생성

MariaDB [(none)]> grant all privileges on keystone.* to keystone@localhost identified by 'openstacktest';
Query OK, 0 rows affected (0.00 sec)      -> 사용자 권한 설정

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'openstacktest';
Query OK, 0 rows affected (0.00 sec)    -> 원격 접근 설정

MariaDB [(none)]> flush privileges;        -> DB 적용
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)

4-2 keystone 서비스 설치 및 설정

# apt-get install software-properties-common

Reading package lists... Done

Building dependency tree       

Reading state information... Done

software-properties-common is already the newest version (0.96.20.8).

The following packages were automatically installed and are no longer required:

  libllvm4.0 libqmi-glib1

Use 'apt autoremove' to remove them.

0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.    -> 이미 앞에서 설치가 되었음

# root@controller2:~# add-apt-repository cloud-archive:ocata

 Ubuntu Cloud Archive for OpenStack Ocata

 More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive

Press [ENTER] to continue or ctrl-c to cancel adding it


Reading package lists...

Building dependency tree...

Reading state information...

ubuntu-cloud-keyring is already the newest version (2012.08.14).

The following packages were automatically installed and are no longer required:

  libllvm4.0 libqmi-glib1

Use 'apt autoremove' to remove them.

0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.

root@controller2:~# apt update

Hit:1 http://mirror.kakao.com/ubuntu xenial InRelease

Get:2 http://mirror.kakao.com/ubuntu xenial-updates InRelease [109 kB]

Get:3 http://mirror.kakao.com/ubuntu xenial-backports InRelease [107 kB]                             

Get:4 http://mirror.kakao.com/ubuntu xenial-security InRelease [109 kB]                                    

Ign:5 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata InRelease                          

Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata Release [7,882 B]

Get:7 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata Release.gpg [543 B]

Fetched 334 kB in 4s (83.3 kB/s)    

Reading package lists... Done

Building dependency tree       

Reading state information... Done

12 packages can be upgraded. Run 'apt list --upgradable' to see them.    -> 역시 이미 앞에서 진행 했음



#root@controller2:~# apt-get install  -y keystone python-openstackclient apache2 libapache2-mod-wsgi python-oauth2client

#dpkg -l |  grep keystone

ii  keystone                              2:11.0.4-0ubuntu1~cloud0                   all          OpenStack identity service - Daemons

ii  python-keystone                       2:11.0.4-0ubuntu1~cloud0                   all          OpenStack identity service - Python library

ii  python-keystoneauth1                  2.18.0-0ubuntu2~cloud0                     all          authentication library for OpenStack Identity - Python 2.7

ii  python-keystoneclient                 1:3.10.0-0ubuntu1~cloud0                   all          client library for the OpenStack Keystone API - Python 2.x

ii  python-keystonemiddleware             4.14.0-0ubuntu1.2~cloud0                   all          Middleware for OpenStack Identity (Keystone) - Python 2.x


# vi /etc/keystone/keystone.conf
713 connection = mysql+pymsql://keystone:패스워드@192.168.5.209/keystone
1521 servers = 192.168.5.209:11211
2842 provider = fernet
2850 driver = memcache    -> 수정 혹은 주석 제거
:wq!

 su -s /bin/bash -c "keystone-manage db_sync" keystone    -> DB table 생성 ( keystoneDB 를 들어가보면 table 이 생성 되어 있다.)

2019-02-14 21:00:13.847 24542 INFO migrate.versioning.api [-] 66 -> 67... 
2019-02-14 21:00:15.035 24542 INFO migrate.versioning.api [-] done
2019-02-14 21:00:15.035 24542 INFO migrate.versioning.api [-] 67 -> 68... 
...
...
2019-02-14 21:00:18.894 24542 INFO migrate.versioning.api [-] 15 -> 16... 
2019-02-14 21:00:18.903 24542 INFO migrate.versioning.api [-] done


# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone    -> fernet 토큰 암호화
2019-02-14 21:30:04.028 24915 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2019-02-14 21:30:04.028 24915 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2019-02-14 21:30:04.029 24915 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/0
2019-02-14 21:30:04.029 24915 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
2019-02-14 21:30:04.029 24915 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/fernet-keys/0.tmp
2019-02-14 21:30:04.029 24915 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2019-02-14 21:30:04.030 24915 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2019-02-14 21:30:04.030 24915 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2019-02-14 21:30:04.030 24915 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-key 


# ls -lsh /etc/keystone/fernet-keys/        -> key 생성됨
4.0K -rw------- 1 keystone keystone 44 Feb 14 21:30 0     (staged_key)
4.0K -rw------- 1 keystone keystone 44 Feb 14 21:30 1     (primary_key)


# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone  
  -> keystoneDB userTABLE 사용자정보를 암호화 하기 위한 key
2019-02-14 22:00:04.288 25287 INFO keystone.common.fernet_utils [-] key_repository does not appear to exist; attempting to create it
2019-02-14 22:00:04.289 25287 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2019-02-14 22:00:04.289 25287 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
2019-02-14 22:00:04.289 25287 INFO keystone.common.fernet_utils [-] Starting key rotation with 1 key files: ['/etc/keystone/credential-keys/0']
2019-02-14 22:00:04.289 25287 INFO keystone.common.fernet_utils [-] Created a new temporary key: /etc/keystone/credential-keys/0.tmp
2019-02-14 22:00:04.289 25287 INFO keystone.common.fernet_utils [-] Current primary key is: 0
2019-02-14 22:00:04.290 25287 INFO keystone.common.fernet_utils [-] Next primary key will be: 1
2019-02-14 22:00:04.290 25287 INFO keystone.common.fernet_utils [-] Promoted key 0 to be the primary: 1
2019-02-14 22:00:04.290 25287 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/credential-keys/0
# ls -lsh /etc/keystone/credential-keys/    ->key 생성 됨.
4.0K -rw------- 1 keystone keystone 44 Feb 14 22:00 0
4.0K -rw------- 1 keystone keystone 44 Feb 14 22:00 1

# keystone-manage bootstrap \
> --bootstrap-password openstacktest \
> --bootstrap-admin-url http://192.168.5.209:35357/v3/ \
> --bootstrap-internal-url http://192.168.5.209:35357/v3/ \
> --bootstrap-public-url http://192.168.5.209:5000/v3/ \
> --bootstrap-region-id RegionOne
2019-02-15 00:36:40.963 27271 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/pycadf/identifier.py:60: UserWarning: Invalid uuid. To ensure interoperability, identifiers should be a valid uuid.
  warnings.warn('Invalid uuid. To ensure interoperability, identifiers '

2019-02-15 00:36:41.010 27271 INFO keystone.cmd.cli [-] Created domain default
2019-02-15 00:36:41.046 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created project admin
2019-02-15 00:36:41.103 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created user admin
2019-02-15 00:36:41.113 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created role admin
2019-02-15 00:36:41.132 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Granted admin on admin to user admin.
2019-02-15 00:36:41.146 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created region RegionOne
2019-02-15 00:36:41.176 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created admin endpoint http://49.247.5.209:35357/v3/
2019-02-15 00:36:41.195 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created internal endpoint http://49.247.5.209:35357/v3/
2019-02-15 00:36:41.210 27271 INFO keystone.cmd.cli [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Created public endpoint http://49.247.5.209:5000/v3/
2019-02-15 00:36:41.213 27271 INFO keystone.assignment.core [req-f3b81d7d-1aaa-47b9-8ef4-ff6b6e6aeece - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.


# vim /etc/apache2/apache2.conf
70 ServerName controller2.test.com
:wq
아파치 에서 웹서버 이름을 추가해주고 사용자들이 원하는 또는 사용하던 방식으로 방화벽에 아파치 port를 추가해준다.
저는 일단 방화벽을 내려서 Test 중이고 추 후 iptables를 이용하여 사용할 예정입니다.                  


# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstacktest
export OS_AUTH_URL=http://49.247.5.209:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMEAGE_API_VERSION=2
:wq
#chmod 600 ./keystonerc
# source ~/keystonerc
# echo "source ~/keystonerc" >> ~/.bash_profile
# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2019-02-15T07:30:27+0000                                                                                                                                                                |
| id         | gAAAAABcZlyDjseVOjVCt7kTb0qgSO--_ldVQIgtpPmQOiV4ZJi0i6hnwYowHpcIuu5Uhk-icfQJ-DXFirlFhH8KKOCMceojjgJ_d8zQygtynEBQCekLFt_O1f27PMLGsQ4RuBMYvyz54hupKXYHoQvthB90LPlkWt3oJSos2UzPKWaKOCNZIOM |
| project_id | 9c6cec981893411b90c991adda41350e                                                                                                                                                        |
| user_id    | f10bf42001ec4c4d9870031ab3a92c71                                                                                                                                                        |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



4-2 keystone_project-user-role 생성

# openstack project create --domain default \

> --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 56bf82ae35a24f579020d3e857c0fbb5 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

+-------------+----------------------------------+

root@controller2:~# 

root@controller2:~# 

root@controller2:~# openstack project list

+----------------------------------+---------+

| ID                               | Name    |

+----------------------------------+---------+

| 56bf82ae35a24f579020d3e857c0fbb5 | service |

| 9c6cec981893411b90c991adda41350e | admin   |

+----------------------------------+---------+

root@controller2:~# openstack domain list

+---------+---------+---------+--------------------+

| ID      | Name    | Enabled | Description        |

+---------+---------+---------+--------------------+

| default | Default | True    | The default domain |

+---------+---------+---------+--------------------+

root@controller2:~# openstack user create --domain default \

> --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | becd01785dff4c2d9ed91e83cc9ef5a5 |

| name                | demo                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

root@controller2:~# openstack user list

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| becd01785dff4c2d9ed91e83cc9ef5a5 | demo  |

| f10bf42001ec4c4d9870031ab3a92c71 | admin |

+----------------------------------+-------+

root@controller2:~# 

root@controller2:~# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | 71aa8df8c3154c8ba1ff56204ff6ea74 |

| name      | user                             |

+-----------+----------------------------------+

root@controller2:~# openstack role list

+----------------------------------+----------+

| ID                               | Name     |

+----------------------------------+----------+

| 0fe19fb2f54d41f08c764bf3c798b656 | admin    |

| 71aa8df8c3154c8ba1ff56204ff6ea74 | user     |

| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |

+----------------------------------+----------+


# openstack role add --project service --user demo user

# openstack role list --user demo --project service

Listing assignments using role list is deprecated. Use role assignment list --user <user-name> --project <project-name> --names instead.

+----------------------------------+------+---------+------+

| ID                               | Name | Project | User |

+----------------------------------+------+---------+------+

| 71aa8df8c3154c8ba1ff56204ff6ea74 | user | service | demo |

+----------------------------------+------+---------+------+

# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 5abf29e01f994fe3862c7a705d5322fb | RegionOne | keystone     | identity     | True    | public    | http://192.168.5.209:5000/v3/  |
| a2cf037275bd4666af8ec63ffc760b3a | RegionOne | keystone     | identity     | True    | internal  | http://192.168.5.209:35357/v3/ |
| a53c66c824e34e65a7bd04d0472089ee | RegionOne | keystone     | identity     | True    | admin     | http://192.168.5.209:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+


controller 서버에서 keystone 구성까지를 1장으로 마무리 하고 

2장을 만들어서 glance  부터 다시 이어 가겠습니다.


아 빡세네 ...