来源:蜘蛛抓取(WebSpider)
时间:2018-01-17 11:59
标签:
冒泡排序 Python
基于Ubuntu12.04下的Keystone源码安装
时间: 17:19:56
&&&& 阅读:619
&&&& 评论:
&&&& 收藏:0
标签:Keystone 概述:Keystone 作为Openstack最早期的核心项目独立发展,由于Openstack 采取的设计理念也是所有一切皆API,因此设计服务API的调用脱离不了Keystone。Keystone 作为Openstack 中身份认证服务,在Openstack起到非常关键的作用,并且实现了Identity API 供Openstack 其他组件间进行身份验证Keystone 两种认证方式:UUID认证的原理当用户拿着有效的用户名和密码去keystone认证后,keystone就会返回给他一个token,这个token就是一个uuid。以后用户进行其他操作时,都必须出示这个token。例如当nova接到一个请求后,就会用这个token去向keystone进行请求验证,keystone通过比对token,以及检查token的有效期,来判断token是否合法,然后返回给nova这一个请求是否合法。PKI认证的原理在keystone初始化时,keystone生成了CA的公钥CA.pem和私钥CA.key。同时,产生了keystone自己的公钥keystone.pub和keystone.key,然后将keystone.pub进行了CA的签名,生成了keystone.pem。当用户拿着有效的用户名和密码去keystone认证后,keystone就将用户的基本信息通过keystone.key进行了加密,将这一密文作为token返回给用户。当用户发出一个请求,例如nova拿到token后,首先需要拿到keystone的证书keystone.pem(这一过程只需要进行一次),然后通过keystone.pem来进行解密,获得用户的信息,就可以知道该用户是否合法。对于用户的token还需要对token的合法时间,以及token还是否存在进行判断。所以当nova每一次拿到token后还会先向keystone询问一次token的失效列表,来查看token是否失效。当然这一过程对于keystone的负载还是相当轻的,所以PKI还是有效的解决了keystone成为性能瓶颈的问题。安装相应的软件包:~$&sudo&apt-get&install&-y&git&python-dev&sqlite3&libxml2-dev&libxslt1-dev&libsasl2-dev&libsqlite3-dev&libssl-dev&libldap2-dev
:~$git&clone&/openstack/keystone.git
:~$git&clone&/openstack/python-keystoneclient.git&keystone/client安装mysql数据库:~$sudo&apt-get&install&mysql-server&mysql-client&python-mysqldb
:~$sudo&mysql&-u&root&-p
mysql&create&database&
mysql&grant&all&on&keystone.*&to&%‘&identified&by&‘redhat‘;安装keystone:~$python&setup.py&install在此过程可能会提示缺少setuptools&模块:~$sudo&apt-get&install&python-setuptools
:~$python&setup.py&install
:~$sudo&pip&install&-e&.修改配置文件::~$sudo&mkdir&-p&/etc/keystone
:~$sudo&cp&etc/*&/etc/keystone/
:~$sudo&mv&/etc/keystone/keystone.conf.sample&/etc/keystone/keystone.conf
:~$sudo&vim&/etc/keystone/keystone.conf
#admin&token=ADMIN
admin&token=ADMIN
#connection=&None&
connection=mysql://root:/keystone?charset=utf8
admin_endpoint
public_endpoilt配置日志存放路径:~$sudo&mkdir&-p&/var/log/keystone
:~$touch&/var/log/keystone/keystone.log
:~$sudo&touch&/var/log/keystone/keystone.log数据库同步,即创建keystone相关的数据库表:~$keystone-manage&db_sync
:~$echo&$?创建kestone账户及SSL证书:~$sudo&useradd&keystone
:~$sudo&chown&-R&keystone.keystone&/etc/keystone/
:~$sudo&keystone-manage&pki_setup&--keystone-user=keystone&--keystone-group=keyston启动keystone&服务:~$echo&$&keystone-all&-d&&
:~$echo&$ps&aux&|grep&keystone
junluobj&1&&4.0&68&pts/1&&&&S&&&&19:15&&&0:00&/usr/bin/python&/usr/local/bin/keystone-all&-d
junluobj&1&&0.0&&13588&&&936&pts/1&&&&S+&&&19:29&&&0:00&grep&--color=auto&keystone现在已经完成Keystone的安装,但现在还无法使用,因为没有租户、用户、密码、服务等。配置Keytone在这里先设置两个环境变量:~$&export&OS_SERVICE_TOKEN=ADMIN
:~$&export&SERVICE_ENDPOINT=http://192.168.0.103:3查看用户列表::~$&keystone&user-list创建租户:~$&keystone&tenant-create&--name&adminTenant&--description&"Admin&Tenant"&--enabled&true创建用户需要记录&tenant&id,在创建用户时需要关联,即将用户关联到哪个租户。&:~$keystone&user-create&--tenant_id&bf0df88bda896bde015cb0&--name&admin&--pass&redhat&--enabled&true
&:~$keystone&user-create&--tenant_id&bf0df88bda896bde015cb0&--name&user1&--pass&redhat&--enabled&true通过keystone命令创建一个新的role,并将此role赋给第一步中的一个admin用户创建一个角色名称为adminRole。请记住该命令生成的Role&id:~$&keystone&role-create&--name&adminRole截止到目前,已经分别创建&Tenant、User、Role,分别是:Tenant&ID:&bf0df88bda896bde015cb0User&ID:&0a0ebca6e0faafb41174(admin)Role&ID:&87a6bdafd:~$&keystone&user-role-add&--user-id&0a0ebca6e0faafb41174&\&
&&--tenant-id&bf0df88bda896bde015cb0&&&--role-id&87a6bdafd通过以下两个命令简单测试::~$&keystone&user-role-list&--user&admin&--tenant&adminTenant&
:~$&keystone&user-list今儿先写到这儿了,待后续...本文出自 “” 博客,请务必保留此出处标签:原文:http://lj119./9464
教程昨日排行
&&国之画&&&& &&&&&&
&& &&&&&&&&&&&&&&
鲁ICP备号-4
打开技术之扣,分享程序人生!Ubuntu 12.04升级到Ubuntu 14.04导致Apache2从2.2升级到2.4.10版本PHP服务器的重新修正 – 默默的点滴
2017年六月
131415161718
19202122232425
2627282930
服务器已经根据设置成了
Worker模式,但是当系统从
Ubuntu 12.04升级到
Ubuntu 14.04导致
2.4.10版本后,而
MPM模块被还原为
prefork模式,导致大量的
Apache2进程被创建出来,时间稍微一长,系统出现大量的
OOM记录,直到系统最后宕机。
Ubuntu 14.04下查看所有可用的
MPM模块,命令如下:
$ ls /etc/apache2/mods-available/mpm*
/etc/apache2/mods-available/mpm_event.conf
/etc/apache2/mods-available/mpm_event.load
/etc/apache2/mods-available/mpm_prefork.conf
/etc/apache2/mods-available/mpm_prefork.load
/etc/apache2/mods-available/mpm_worker.conf
/etc/apache2/mods-available/mpm_worker.load
$ ls /etc/apache2/mods-available/mpm*/etc/apache2/mods-available/mpm_event.conf/etc/apache2/mods-available/mpm_event.load/etc/apache2/mods-available/mpm_prefork.conf/etc/apache2/mods-available/mpm_prefork.load/etc/apache2/mods-available/mpm_worker.conf/etc/apache2/mods-available/mpm_worker.load
查看当前正在使用的
MPM模块,命令如下:
/etc/apache2/mods-enabled/mpm*
/etc/apache2/mods-enabled/mpm_prefork.conf
/etc/apache2/mods-enabled/mpm_prefork.load
$ ls&&/etc/apache2/mods-enabled/mpm*/etc/apache2/mods-enabled/mpm_prefork.conf/etc/apache2/mods-enabled/mpm_prefork.load
可以看到,目前正在使用的模块就是
prefork模块。
apachectl -V | grep -i mpm可以更加清晰的打印出当前使用的模块
$ apachectl -V | grep -i mpm
Server MPM:
$ apachectl -V | grep -i mpmServer MPM:&&&& prefork
Ubuntu 14.04下执行
apache2 -l命令与
Ubuntu 12.04下面的输出结果是不同的,
Ubuntu 14.04下如果使用
prefork模块输出的信息如下:
$ apache2 -l
Compiled in modules:
mod_watchdog.c
http_core.c
mod_log_config.c
mod_logio.c
mod_version.c
mod_unixd.c
12345678910
$ apache2 -lCompiled in modules:&&core.c&&mod_so.c&&mod_watchdog.c&&http_core.c&&mod_log_config.c&&mod_logio.c&&mod_version.c&&mod_unixd.c
默认情况下
Ubuntu 14.04中的
PHP默认是没有线程安全支持,如果使用
mpm_event支持的话,会提示如下信息:
Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.
You need to recompile PHP
Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP
1.重新安装系统升级过程中可能会被移除的
PHP-FPM模块
$ sudo apt-get install libapache2-mod-fastcgi php5-fpm
$ sudo apt-get install libapache2-mod-fastcgi php5-fpm
Apache2内建的
PHP支持,开启Apache2的
PHP5-FPM支持
$ a2dismod php5
$ a2enmod actions fastcgi alias
$ a2enconf php5-fpm
$ a2dismod php5$ a2enmod actions fastcgi alias$ a2enconf php5-fpm
PHP5-FPM的配置文件
$ sudo vim /etc/php5/fpm/pool.d/www.conf
$ sudo vim /etc/php5/fpm/pool.d/www.conf
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
'ip.add.re.ss:port'
- to listen on a TCP socket to a specific address on
- to listen on a TCP socket to all addresses on a
'/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = -1
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
mode is set to 0666
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0666
12345678910111213141516171819202122
; The address on which to accept FastCGI requests.; Valid syntaxes are:;&& 'ip.add.re.ss:port'&&&&- to listen on a TCP socket to a specific address on;&&&&&&&&&&&&&&&&&&&&&&&&&&&&a specific port;;&& 'port'&&&&&&&&&&&&&&&& - to listen on a TCP socket to all addresses on a;&&&&&&&&&&&&&&&&&&&&&&&&&&&&specific port;;&& '/path/to/unix/socket' - to listen on a unix socket.; Note: This value is mandatory.listen = 127.0.0.1:9000&; Set listen(2) backlog. A value of '-1' means unlimited.; Default Value: 128 (-1 on FreeBSD and OpenBSD);listen.backlog = -1&; Set permissions for unix socket, if one is used. In Linux, read/write; permissions must be set in order to allow connections from a web server. Many; BSD-derived systems allow connections regardless of permissions.; Default Values: user and group are set as the running user;&&&&&&&&&&&&&&&& mode is set to 0666;listen.owner = www-data;listen.group = www-data;listen.mode = 0666
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
'ip.add.re.ss:port'
- to listen on a TCP socket to a specific address on
- to listen on a TCP socket to all addresses on a
'/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = -1
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
mode is set to 0666
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
1234567891011121314151617181920212223
; The address on which to accept FastCGI requests.; Valid syntaxes are:;&& 'ip.add.re.ss:port'&&&&- to listen on a TCP socket to a specific address on;&&&&&&&&&&&&&&&&&&&&&&&&&&&&a specific port;;&& 'port'&&&&&&&&&&&&&&&& - to listen on a TCP socket to all addresses on a;&&&&&&&&&&&&&&&&&&&&&&&&&&&&specific port;;&& '/path/to/unix/socket' - to listen on a unix socket.; Note: This value is mandatory.;listen = 127.0.0.1:9000listen = /var/run/php5-fpm.sock&; Set listen(2) backlog. A value of '-1' means unlimited.; Default Value: 128 (-1 on FreeBSD and OpenBSD);listen.backlog = -1&; Set permissions for unix socket, if one is used. In Linux, read/write; permissions must be set in order to allow connections from a web server. Many; BSD-derived systems allow connections regardless of permissions.; Default Values: user and group are set as the running user;&&&&&&&&&&&&&&&& mode is set to 0666listen.owner = www-datalisten.group = www-datalisten.mode = 0666
注意,上面修改了四处地方,
listen.owner,
listen.group,
listen.mode。
注意,如果提示如下错误:
[Fri May 09 09:13:06.4] [fastcgi:error] [pid 18537:tid 648] (13)Permission denied: [client 192.168.33.101:35036] FastCGI: failed to connect to server "/usr/lib/cgi-bin/php5-fcgi": connect() failed
[Fri May 09 09:13:06.4] [fastcgi:error] [pid 18537:tid 648] [client 192.168.33.101:35036] FastCGI: incomplete headers (0 bytes) received from server "/usr/lib/cgi-bin/php5-fcgi"
[Fri May 09 09:13:06.149292 2014] [fastcgi:error] [pid 18537:tid 648] (13)Permission denied: [client 192.168.33.101:35036] FastCGI: failed to connect to server "/usr/lib/cgi-bin/php5-fcgi": connect() failed[Fri May 09 09:13:06.255308 2014] [fastcgi:error] [pid 18537:tid 648] [client 192.168.33.101:35036] FastCGI: incomplete headers (0 bytes) received from server "/usr/lib/cgi-bin/php5-fcgi"
listen.owner,
listen.group,
listen.mode这三行没有打开。
PHP5-FPM服务
$ sudo /etc/init.d/php5-fpm restart
$ sudo /etc/init.d/php5-fpm restart
Event-MPM模式
$ sudo a2dismod mpm_prefork
$ sudo a2dismod mpm_worker
$ sudo a2dismod mpm_itk
$ sudo a2enmod mpm_event
$ sudo a2dismod mpm_prefork$ sudo a2dismod mpm_worker$ sudo a2dismod mpm_itk$ sudo a2enmod mpm_event
gzip模块,加强服务器性能
$ sudo a2enmod cache
$ sudo a2enmod expires
$ sudo a2enmod deflate
$ sudo a2enmod cache$ sudo a2enmod expires$ sudo a2enmod deflate
libapache2-mod-php5,否则每次这个模块更新之后,都会导致
apache2被自动切换到
mpm_prefork模式
$sudo apt-get remove libapache2-mod-php5
$sudo apt-get remove libapache2-mod-php5
8.调整配置文件
Apache 2.4.10的配置文件如果按照
Apache 2.2的配置文件的话,是没办法启用
PHP-FPM的,
Apache 2.4.10版本使用
SetHandler的方式支持
PHP-FPM是改动最少的一种方式了。
$ sudo vim /etc/apache2/sites-enabled/000-default.conf
$ sudo vim /etc/apache2/sites-enabled/000-default.conf
&Directory /var/www/wordpress&
#Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
AllowOverride All
FCGIWrapper /usr/bin/php5-cgi .php
AddHandler fcgid-script .php
Options ExecCGI SymLinksIfOwnerMatch
Order allow,deny
allow from all
&/Directory&
12345678910
&Directory /var/www/wordpress&
#Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
AllowOverride All
FCGIWrapper /usr/bin/php5-cgi .php
AddHandler fcgid-script .php
Options ExecCGI SymLinksIfOwnerMatch
Order allow,deny
allow from all&/Directory&
调整为如下:
&Directory /var/www/wordpress&
#Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
AllowOverride All
Apache 2.2/2.4.9
FCGIWrapper /usr/bin/php5-cgi .php
AddHandler fcgid-script .php
Options ExecCGI SymLinksIfOwnerMatch
Apache 2.4.10
&FilesMatch \.php$&
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
&/FilesMatch&
Order allow,deny
allow from all
&/Directory&
123456789101112131415
&Directory /var/www/wordpress&
#Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
AllowOverride All#
Apache 2.2/2.4.9#
FCGIWrapper /usr/bin/php5-cgi .php#
AddHandler fcgid-script .php#
Options ExecCGI SymLinksIfOwnerMatch#
Apache 2.4.10
&FilesMatch \.php$&
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
&/FilesMatch&
Order allow,deny
allow from all&/Directory&
同理,调整
HTTPS的配置文件。
Apache2服务
$ sudo service apache2 restart
$ sudo service apache2 restartUbuntu12.04下对apache的操作(最详细)_百度文库
两大类热门资源免费畅读
续费一年阅读会员,立省24元!
Ubuntu12.04下对apache的操作(最详细)
上传于|0|0|文档简介
&&自己总结的最新Ubuntu版本12.04下对apache的详细操作
阅读已结束,如果下载本文需要使用0下载券
想免费下载更多文档?
定制HR最喜欢的简历
你可能喜欢
