openstack keystone运维基础命令

简介: 在OpenStack中,Keystone作为身份服务模块,负责用户认证、令牌管理、服务目录和基于角色的访问控制。通过设置环境变量进行授权,然后执行如创建用户alice并设置密码,修改密码,列出用户,显示用户详情等操作。此外,还涉及到创建项目yun2024,查看和删除项目,创建及分配角色yunjisuanmy给用户alice,以及列出和删除角色。最后展示了查询OpenStack端点地址信息和使用`openstack role --help`查看相关命令帮助。

Keystone (OpenStack ldentityService)是OpenStack中的一个独立的提供安全认证的模块,主要负责openstack用户的身份认证、令牌管理、提供访问资源的服务目录(指引路径)、以及基于用户角色的访问控制。
步骤:
执行环境变量脚本进行授权

[root@admin ~(keystone_admin)]# cat keystonerc_admin 
    unset OS_SERVICE_TOKEN
    export OS_USERNAME=admin
    export OS_PASSWORD='27141bb36b53462a'
    export OS_REGION_NAME=RegionOne
    export OS_AUTH_URL=http://192.168.200.146:5000/v3
    export PS1='[\u@\h \W(keystone_admin)]\$ '
    export OS_PROJECT_NAME=admin
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_IDENTITY_API_VERSION=3
[root@admin ~(keystone_admin)]#

创建alice用户 密码为123456


[root@admin ~(keystone_admin)]# openstack user create  --password 123456 alice
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9cb021aeebc84930a2317a41341172e3 |
| name                | alice                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@admin ~(keystone_admin)]#

修改用户密码


[root@admin ~(keystone_admin)]# openstack user set --password 12345 alice
[root@admin ~(keystone_admin)]#

查看openstack 中系统的用户列表

[root@admin ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 8dbf97f777ee4846878acb44e55f6cdf | admin      |
| c0449813c2c64646a04e3728e226a741 | demo       |
| aa1e1e5794bf4b18abf92917fc989399 | glance     |
| 60e8f499f760462a830e3737bff0a741 | cinder     |
| 8db00b68ea9440fbb6a2295960acf927 | nova       |
| 934b741e29844c498b0d93819170ea9b | placement  |
| 11976389447244f1821200826b21f714 | neutron    |
| cbc8969aff1944fa9cbe7af9e954da0a | swift      |
| 6b86d63f1dd44a6dbb8db04d0d672af5 | gnocchi    |
| 09234ece374149b782efb58c9a171a59 | ceilometer |
| 7ca386ae6bfc4b4fa60c80120f34b516 | aodh       |
| 9cb021aeebc84930a2317a41341172e3 | alice      |
+----------------------------------+------------+
[root@admin ~(keystone_admin)]#

查看当前openstack 系统中的某一个用户信息


[root@admin ~(keystone_admin)]# openstack user show alice
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9cb021aeebc84930a2317a41341172e3 |
| name                | alice                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@admin ~(keystone_admin)]#

创建一个新的项目

[root@admin ~(keystone_admin)]# openstack project create yun2024
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5b9554cf741a48dcb6ea1c3973254567 |
| is_domain   | False                            |
| name        | yun2024                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

查看当前openstack 系统中的所有项目信息

[root@admin ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 009a94428fb84a0db16aa4a1adab9a35 | admin    |
| 579764513c9748d9bb6bff9458f8be26 | demo     |
| 5b9554cf741a48dcb6ea1c3973254567 | yun2024  |
| a1b3c17e306e465db96b9afdb6bd4aae | services |
+----------------------------------+----------+
[root@admin ~(keystone_admin)]#

查看某个项目信息


[root@admin ~(keystone_admin)]# openstack project show yun2024
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5b9554cf741a48dcb6ea1c3973254567 |
| is_domain   | False                            |
| name        | yun2024                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

创建一个新的角色


root@admin ~(keystone_admin)]# openstack role create  yunjisuanmy
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | e1f442a3281c47fab6141bbf8b010be8 |
| name        | yunjisuanmy                      |
| options     | {}                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

根据创建的角色进行用户绑定


[root@admin ~(keystone_admin)]# openstack role add --user alice --project yun2024 yunjisuanmy
[root@admin ~(keystone_admin)]# openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 42fec268bbfe4a978b4f90e2e12a2585 | SwiftOperator |
| 5127777a534b4a788aae9c47310f7f10 | ResellerAdmin |
| 749151fa885d4c4398c4897e0bf36e39 | member        |
| b35dec44110e498095b97bd7ba694584 | reader        |
| c2201d74ab4740e98ccb9fc143ed9ca5 | _member_      |
| e0e1666efec04af6b9af07434206eb6c | admin         |
| e1f442a3281c47fab6141bbf8b010be8 | yunjisuanmy   |
+----------------------------------+---------------+

查看某一个角色列表的详细信息

[root@admin ~(keystone_admin)]# openstack role show yunjisuanmy
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | e1f442a3281c47fab6141bbf8b010be8 |
| name        | yunjisuanmy                      |
| options     | {}                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

查看当前openstack系统中所有的端点地址信息查询

[root@admin ~(keystone_admin)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                               |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| 00d1260e12284301b76586a7a315a058 | RegionOne | glance       | image        | True    | admin     | http://192.168.200.146:9292                       |
| 0ed25ade002a4f80ade862a65e2224ea | RegionOne | cinderv3     | volumev3     | True    | internal  | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 0f9f0ebbe8de48078306c77409860ea8 | RegionOne | neutron      | network      | True    | admin     | http://192.168.200.146:9696                       |
| 121c5b86ed5f43f48e07b37ab77dae95 | RegionOne | swift        | object-store | True    | public    | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
| 1bf99c2e6d3847e0bb28282db96755e4 | RegionOne | cinderv3     | volumev3     | True    | public    | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 1c9790a3233045b79f2348961ad25254 | RegionOne | glance       | image        | True    | public    | http://192.168.200.146:9292                       |
| 25cf05586c93425fb442dddfcb13f703 | RegionOne | neutron      | network      | True    | public    | http://192.168.200.146:9696                       |
| 2a3780fcc24946eb9d99bacf89d03dbd | RegionOne | placement    | placement    | True    | public    | http://192.168.200.146:8778/placement             |
| 3938bbc0be84430586d87651bad137d1 | RegionOne | aodh         | alarming     | True    | public    | http://192.168.200.146:8042                       |
| 3ee47197d7ab4155ad91b0843ddf1043 | RegionOne | nova         | compute      | True    | admin     | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| 4591061b829e4a569dd391a188bbe7bc | RegionOne | keystone     | identity     | True    | public    | http://192.168.200.146:5000/v3                    |
| 4a57b6e4dce34b7c997f8690ed4287c8 | RegionOne | aodh         | alarming     | True    | admin     | http://192.168.200.146:8042                       |
| 4f5e17ea7d5a43a5bd9386328799f0a7 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.200.146:5000/v3                    |
| 5cb06809572440c3915454b0556b12b5 | RegionOne | cinderv3     | volumev3     | True    | admin     | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 6183896fe301468d83143adacba07bb4 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.200.146:5000/v3                    |
| 6b90720d03ab424fa8b911aa01ea57df | RegionOne | ceilometer   | metering     | True    | admin     | http://192.168.200.146:8777                       |
| 6d904dbdbabb4a389ec24605039ad6d5 | RegionOne | glance       | image        | True    | internal  | http://192.168.200.146:9292                       |
| 6e6cae9e8e9144939395dae72fa52ced | RegionOne | placement    | placement    | True    | admin     | http://192.168.200.146:8778/placement             |
| 70d362c995e84124840f5337386caf8b | RegionOne | cinderv2     | volumev2     | True    | internal  | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| 752273473a6c44f18aa6aec7ad411581 | RegionOne | ceilometer   | metering     | True    | public    | http://192.168.200.146:8777                       |
| 76294330990b432c8890b215355e276d | RegionOne | nova         | compute      | True    | internal  | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| 7737d4f577d2441e8e4582ae6d330930 | RegionOne | cinderv2     | volumev2     | True    | public    | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| 8581d032c73c455bad447e9a8af4f128 | RegionOne | gnocchi      | metric       | True    | admin     | http://192.168.200.146:8041                       |
| bd0431dfcd3c4630bd2117db689f43bb | RegionOne | aodh         | alarming     | True    | internal  | http://192.168.200.146:8042                       |
| c2f72bfe91674550a52ea6841dcbced1 | RegionOne | cinderv2     | volumev2     | True    | admin     | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| c711e71a8ab14d9cbf8c630f0d21e403 | RegionOne | neutron      | network      | True    | internal  | http://192.168.200.146:9696                       |
| cce94bdfa07b424e87779e23c9ffd65f | RegionOne | ceilometer   | metering     | True    | internal  | http://192.168.200.146:8777                       |
| d7b267b1f36c43ccbe54b1331b98f5ce | RegionOne | gnocchi      | metric       | True    | public    | http://192.168.200.146:8041                       |
| df899a0429024787bfea8b11568ac1b9 | RegionOne | swift        | object-store | True    | internal  | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
| e0962fa6be3d47a3bf47d9d6a7b854a0 | RegionOne | nova         | compute      | True    | public    | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| e1414759b9244e0d8ddbd40f862bb539 | RegionOne | gnocchi      | metric       | True    | internal  | http://192.168.200.146:8041                       |
| e93363ab128e488687085ba5185c941e | RegionOne | placement    | placement    | True    | internal  | http://192.168.200.146:8778/placement             |
| e958b5bc2c7848c893670ef8c798b72b | RegionOne | swift        | object-store | True    | admin     | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
[root@admin ~(keystone_admin)]#

删除用户


[root@admin ~(keystone_admin)]# openstack  user delete alice
[root@admin ~(keystone_admin)]# openstack  user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 8dbf97f777ee4846878acb44e55f6cdf | admin      |
| c0449813c2c64646a04e3728e226a741 | demo       |
| aa1e1e5794bf4b18abf92917fc989399 | glance     |
| 60e8f499f760462a830e3737bff0a741 | cinder     |
| 8db00b68ea9440fbb6a2295960acf927 | nova       |
| 934b741e29844c498b0d93819170ea9b | placement  |
| 11976389447244f1821200826b21f714 | neutron    |
| cbc8969aff1944fa9cbe7af9e954da0a | swift      |
| 6b86d63f1dd44a6dbb8db04d0d672af5 | gnocchi    |
| 09234ece374149b782efb58c9a171a59 | ceilometer |
| 7ca386ae6bfc4b4fa60c80120f34b516 | aodh       |
+----------------------------------+------------+
[root@admin ~(keystone_admin)]#

删除项目

[root@admin ~(keystone_admin)]# openstack project delete yun2024
[root@admin ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 009a94428fb84a0db16aa4a1adab9a35 | admin    |
| 579764513c9748d9bb6bff9458f8be26 | demo     |
| a1b3c17e306e465db96b9afdb6bd4aae | services |
+----------------------------------+----------+
[root@admin ~(keystone_admin)]#

删除角色

[root@admin ~(keystone_admin)]# openstack role delete yunjisuanmy
[root@admin ~(keystone_admin)]# openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 42fec268bbfe4a978b4f90e2e12a2585 | SwiftOperator |
| 5127777a534b4a788aae9c47310f7f10 | ResellerAdmin |
| 749151fa885d4c4398c4897e0bf36e39 | member        |
| b35dec44110e498095b97bd7ba694584 | reader        |
| c2201d74ab4740e98ccb9fc143ed9ca5 | _member_      |
| e0e1666efec04af6b9af07434206eb6c | admin         |
+----------------------------------+---------------+
[root@admin ~(keystone_admin)]#

最后利用--help查看文档


[root@admin ~]# openstack role --help
Command "role" matches:
  role add
  role assignment list
  role create
  role delete
  role list
  role remove
  role set
  role show
[root@admin ~]#
目录
相关文章
|
19天前
|
运维 监控 网络协议
运维工程师日常工作中最常用的20个Linux命令,涵盖文件操作、目录管理、权限设置、系统监控等方面
本文介绍了运维工程师日常工作中最常用的20个Linux命令,涵盖文件操作、目录管理、权限设置、系统监控等方面,旨在帮助读者提高工作效率。从基本的文件查看与编辑,到高级的网络配置与安全管理,这些命令是运维工作中的必备工具。
59 3
|
2月前
|
运维 监控 网络协议
|
28天前
|
缓存 运维 监控
【运维必备知识】Linux系统平均负载与top、uptime命令详解
系统平均负载是衡量Linux服务器性能的关键指标之一。通过使用 `top`和 `uptime`命令,可以实时监控系统的负载情况,帮助运维人员及时发现并解决潜在问题。理解这些工具的输出和意义是确保系统稳定运行的基础。希望本文对Linux系统平均负载及相关命令的详细解析能帮助您更好地进行系统运维和性能优化。
50 3
|
4月前
|
图形学 开发者 存储
超越基础教程:深度拆解Unity地形编辑器的每一个隐藏角落,让你的游戏世界既浩瀚无垠又细节满满——从新手到高手的全面技巧升级秘籍
【8月更文挑战第31天】Unity地形编辑器是游戏开发中的重要工具,可快速创建复杂多变的游戏环境。本文通过比较不同地形编辑技术,详细介绍如何利用其功能构建广阔且精细的游戏世界,并提供具体示例代码,展示从基础地形绘制到植被与纹理添加的全过程。通过学习这些技巧,开发者能显著提升游戏画面质量和玩家体验。
169 3
|
4月前
|
SQL 运维 监控
DM日常运维高频命令总结
DM日常运维高频命令总结
106 3
|
4月前
|
运维 Oracle 前端开发
Oracle 11g RAC集群日常运维命令总结
Oracle 11g RAC集群日常运维命令总结
105 2
|
4月前
|
SQL 运维 调度
DM8日常运维命令总结(二)
DM8日常运维命令总结(二)
106 2
|
4月前
|
SQL 运维 Oracle
入门级Oracle 11g日常运维命令总结
入门级Oracle 11g日常运维命令总结
153 1
|
4月前
|
SQL 运维 数据库
DM8日常运维必须要懂的几个命令
DM8日常运维必须要懂的几个命令
78 1
|
4月前
|
运维 Rust 监控
Linux高效运维必备:fd命令深度解析,文件描述符管理从此得心应手!
【8月更文挑战第23天】本文介绍了一款名为fd的命令行工具,该工具基于Rust语言开发,旨在以更直观的语法和更快的速度替代传统的`find`命令。通过本文,您可以了解到如何安装fd以及一些基本用法示例,比如使用正则表达式匹配文件名、排除特定目录等。此外,文章还展示了如何结合`ps`和`lsof`命令来查找特定文件并显示其文件描述符,从而帮助您更好地管理和监控Linux系统中的文件与进程。
149 0