OpenStack:Keystone常用运维命令
域(Region)管理
source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain2 | | enabled | True | | id | 513453be056c4a6aaf55c104ee8f0bed | | name | default2 | +-------------+----------------------------------+
从上面的操作可以看出,创建用户需要用户名称、密码和邮件等信息。具体格式如下:
$openstack user create[--domain <domain>] [--password <password>] [--email <email-address>][--enable | --disable]<name>
其中,参数<name>代表新建用户名。
用户(User)管理
查看用户列表
source admin-openrc.sh
openstack user list
[root@controller ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 15fa09b4d9f246c1b5cd159d68449930 | admin | | b1a5f56f873f4e31a878d8c470b2df08 | demo +----------------------------------+-------+|
创建用户
Mitaka版本:
openstack user create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--print-empty] [--noindent] [--prefix PREFIX] [--domain <domain>] [--project <project>] [--project-domain <project-domain>] [--password <password>] [--password-prompt] [--email <email-address>] [--description <description>] [--enable | --disable] [--or-show] <name>
!!!!!一般使用中只要写出自己需要的参数就好
[root@controller ~]# openstack user create --domain default --password 000000 ma +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | b39f90915f0a4956b6f643d4354abafe | | enabled | True | | id | 7d8423eaf36b4d0283615c2ddc5a312a | | name | ma | +-----------+----------------------------------+
显示用户详细信息
Mitaka版本:
openstack user show <user-id> <用户名或者用户id都可以,以下也是一样,为了简单下面只使用user-id>
[root@controller ~]# openstack user show 89449322264c443c94cbe858a6467da4 +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | 89449322264c443c94cbe858a6467da4 | | name | ma | +-----------+----------------------------------+
更新用户的信息
openstack user set [-h] [--name <name>] [--domain <domain>][--project <project>][--project-domain <project-domain>] [--password <password>] [--password-prompt][--email <email-address>][--description <description>] [--enable | --disable] <user>
将用户名由ma改为maxin:
[root@controller ~]# openstack user set ma --name maxin [root@controller ~]# openstack user show ma +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | 89449322264c443c94cbe858a6467da4 | | name | maxin | +-----------+----------------------------------+
</nowiki>
赋予用户一个角色
openstack role add --project demo(项目名) --user demo(用户名) user(角色名)
openstack role add --project demo --user maxin demo(此命令没有输出)
查看用户与角色的对应关系---显示的表格是id
openstack role assignment list
[root@controller ~]# openstack role assignment list +---------------+---------------+-------+-----------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +---------------+---------------+-------+-----------------+--------+-----------+ | 3bfade8570434 | 89449322264c4 | | 2463f9c0d2f342c | | False | | b5cb9a56708ae | 43c94cbe858a6 | | 0ba78871dc147ef | | | | 7f03b6 | 467da4 | | b8 | | | | 851f00f2336f4 | a3f28f0c743d4 | | d851ecb7679f4b1 | | False | | e28bf5c8752d4 | 7ffb57f002a91 | | 0b22a1619d6df7f | | | | 6cf346 | 0dee63 | | e8 | | | | 36cea15cd23a4 | d3e55803dde64 | | 2463f9c0d2f342c | | False | | df190630a1e8c | 53abceca477f9 | | 0ba78871dc147ef | | | | 50647d | fb326b | | b8 | | | +---------------+---------------+-------+-----------------+--------+-----------+
[root@controller ~]#
删除用户的一个角色
[root@controller ~]# openstack role remove --user maxin demo --project demo
</nowiki>
删除用户
openstack user delete <user-id>
角色(Role)
创建角色
[root@controller ~]# openstack role create demo <nowiki>+-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 3bfade8570434b5cb9a56708ae7f03b6 | | name | demo | +-----------+----------------------------------+
显示角色列表
openstack role list
+ [root@controller ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 36cea15cd23a4df190630a1e8c50647d | user | | 3bfade8570434b5cb9a56708ae7f03b6 | demo | | 851f00f2336f4e28bf5c8752d46cf346 | admin | +----------------------------------+-------+
删除角色
openstack role delete <role-id>
显示角色详细信息
openstack role show <role-id>
[root@controller ~]# openstack role show 3bfade8570434b5cb9a56708ae7f03b6 +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 3bfade8570434b5cb9a56708ae7f03b6 | | name | demo | +-----------+----------------------------------+
项目(project)管理
显示工程列表
openstack project list
[root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 021a6c77448f45b899502ab99a6d74e2 | admin | | 10092084d56046baa1fda067dcb38e48 | service | | 5a5f220240504928b92c0547b2a39bd8 | demo |
创建工程
openstack project create name
[root@controller ~]# openstack project create --domain default demo2 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | 718f6ae2850e42fdaa17597814d4483a | | is_domain | False | | name | demo2 | | parent_id | 028cc75ea0294daca751e9eefc26c0e0 | +---------
更新工程信息
openstack project set
[--name <name>] [--domain <domain>] [--description <description>] [--enable | --disable] [--property <key=value>] <project>
[root@controller ~]# openstack project set --name demo3 demo2 [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 2463f9c0d2f342c0ba78871dc147efb8 | demo | | 718f6ae2850e42fdaa17597814d4483a | demo3 | | d851ecb7679f4b10b22a1619d6df7fe8 | admin | | e1d64bfbfa114b77b953ed312dacb7cd | service | +----------------------------------+---------+
显示工程详细信息
openstack project show<project-id>
[root@controller ~]# openstack project show 718f6ae2850e42fdaa17597814d4483a +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | domain_id | 028cc75ea0294daca751e9eefc26c0e0 | | enabled | True | | id | 718f6ae2850e42fdaa17597814d4483a | | is_domain | False | | name | demo3 | | parent_id | 028cc75ea0294daca751e9eefc26c0e0 | +-------------+----------------------------------+
删除工程
openstack project delete <project-id>
+----------------------------------+
</nowiki>
服务(Service)管理
显示服务列表
openstack service list
[root@controller ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | cd4e3238f1814cde8d97b95127ee3a4c | keystone | identity | +----------------------------------+----------+----------+
创建服务
openstack service create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--print-empty] [--noindent] [--prefix PREFIX] [--name <name>] [--description <description>] [--enable | --disable] <type>
[root@controller ~]# openstack service create \ > --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 947adb40229b4b3da00a4651124209ea | | name | keystone | | type | identity | +-------------+----------------------------------+
删除服务
openstack service delete <service-id>
[root@controller ~]# openstack service delete 947adb40229b4b3da00a4651124209ea
显示服务详细信息
openstack service show <service-id>
[root@controller ~]# openstack service show 45373d5cae0342c49fb1e7c8b8867b76 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 45373d5cae0342c49fb1e7c8b8867b76 | | name | keystone | | type | identity | +-------------+----------------------------------+
显示Endpoint列表
openstack endpoint list
[root@controller ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+ | 7961b02c57c14625bf71f463eab518e5 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 | | 80e60f17db0c4fdca2b9ffb5073c3af2 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 | | 9c188a9a356c4697b49cb4ce721135c0 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
创建Endpoint
openstack endpoint create
--publicurl <url> [--adminurl <url>] [--internalurl <url>] [--region <region-id>] <service>
[root@controller ~]# openstack endpoint create --region RegionOne identity publi c http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 9377c5d1fc104ecf89965e722b6dfdec | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 45373d5cae0342c49fb1e7c8b8867b76 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+
删除Endpoint
openstack endpoint delete <endpoint-id>
显示Endpoint详细信息
openstack endpoint show <service-id>
[root@controller ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+ | 9377c5d1fc104ecf89965e722b6dfdec | RegionOne | keystone | identity | True | public | http://controller:5000/v3 | | 9522bd08de834021871ba6b188aae426 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 | | cac9fe5e8f8949b5b55e7de1fc33c166 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 | +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+ [root@controller ~]#
列出服务和端点列表
openstack catalog list
[root@controller ~]# openstack catalog list +----------+----------+---------------------------------------+ | Name | Type | Endpoints | +----------+----------+---------------------------------------+ | keystone | identity | RegionOne | | | | public: http://controller:5000/v3 | | | | RegionOne | | | | internal: http://controller:5000/v3 | | | | RegionOne | | | | admin: http://controller:35357/v3 | | | | | +----------+----------+---------------------------------------+
参考文档:
https://www.cnblogs.com/52why/p/8080893.html
https://www.jianshu.com/p/c50450042d63
操作步骤
查看用户
[root@controller xiandian]# source /etc/keystone/admin-openrc.sh
[root@controller xiandian]# openstack user list
+----------------------------------+-------------------+ | ID | Name | +----------------------------------+-------------------+ | 08e8c7f2ae044cda95935cf78d0e679c | demo | | 0befa70f767848e39df8224107b71858 | admin | | 0f980d5fefa6448a9c52f5c0ae5813a5 | ceilometer | | 1bd5ab1614274bf4bf62bd8bdfac32f2 | nova | | 25e931e21026434bb73f5ebd92646671 | heat_domain_admin | | 461e8dbbbada466b8d6fe7998c28f7fd | glance | | 4c6eaa79772b4964abd69972531255a9 | neutron | | 6b7634fa0b9242599d1f349722f103bf | heat | | c701f9c0e49c4a5ab485328afff0ae1a | aodh | | c9670cb3d60349e69fc019360a61aef4 | cinder | | e57fa54fe8724ab89e619df0ee46153d | swift | +----------------------------------+-------------------+
[root@controller xiandian]# openstack project create --domain default \
> --description "Admin Project" admin
No domain with a name or ID of 'default' exists.
创建域
[root@controller xiandian]# openstack domain create --description "Default Domain2" default2
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | a01f4541a7364233b23adc8975be9ea6 | | name | default | +-------------+----------------------------------+
创建项目(project)
创建 admin 项目:
[root@controller xiandian]# openstack project create --domain default --description "Admin Project2" admin2
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | a01f4541a7364233b23adc8975be9ea6 | | enabled | True | | id | 08e54643dbe94df4a0e56aec721af7a9 | | is_domain | False | | name | admin | | parent_id | a01f4541a7364233b23adc8975be9ea6 | +-------------+----------------------------------+
创建用户
创建admin2用户:
[root@controller xiandian]# openstack user create --domain default2 \ > --password-prompt admin2
User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | a01f4541a7364233b23adc8975be9ea6 | | enabled | True | | id | 19b84f62172a4fd2833b57f10d00a8e3 | | name | admin | +-----------+----------------------------------+
创建角色:
[root@controller xiandian]# openstack role create admin2
Conflict occurred attempting to store role - Duplicate Entry (HTTP 409) (Request-ID: req-4045a0cd-0943-4b92-9540-6748c359630c)
[root@controller xiandian]# openstack role list
+----------------------------------+------------------+ | ID | Name | +----------------------------------+------------------+ | 398b127b3ac040c58b6629c58b776196 | heat_stack_user | | 4217695f42ba45e59434a3285cab5c07 | heat_stack_owner | | 5a9eac70b43a42f9ad55dfe44c455e9a | admin | | 6280f11c992f4b94a9d04e349150a14f | user | | 7c31824d545e491f9514b67cc85812ab | ResellerAdmin | +----------------------------------+------------------+
添加``admin2`` 角色到 admin2 项目和用户上::
[root@controller xiandian]# openstack role add --project admin2 --user admin2 admin2
