看完keystone API文档后,接着就需要上阵操练啦!把自己的练习,放在这里,方便以后查看。
那就从最开始入手吧!创建一个service先。
keystone help service-create
Optional arguments:
--name <name> Name of new service (must be unique)
--type <type> Service type (one of: identity, compute, network,
image, or object-store)
--description <service-description>
Description of service
当然了,我需要先看下已有的service,keystone service-list
+----------------------------------+----------+----------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+---------------------------+
| 14fec8aedfe043b3af6ca11a5589e27c | nova | compute | Nova Compute Service |
| 15408ce0160a418e9e5991fe92504f5d | glance | image | Glance Image Service |
| 1a8138a86bf24393a25f2fa080f47b50 | keystone | identity | Keystone Identity Service |
| f20041db95c4464883bcecdb6ed73fe7 | ec2 | ec2 | EC2 Compatibility Layer |
+----------------------------------+----------+----------+---------------------------+
keystone --debug service-create --name nova --type network --description 'Nova Network Service'
curl -i http://10.120.34.51:35357/v2.0/OS-KSADM/services -X POST -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: c0cc90883bb147fe82066df2ca29b32a"
REQ BODY: {"OS-KSADM:service": {"type": "network", "name": "nova", "description": "Nova Network Service"}}
格式化输出结果:
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Network Service |
| id | 448a3a13f05e47ec8278c67b447d19fe |
| name | nova |
| type | network |
+-------------+----------------------------------+
service相关操作:
service-create Add service to Service Catalog
service-delete Delete service from Service Catalog
service-get Display service from Service Catalog
service-list List all services in Service Catalog
创建了一个新的service---network后,接着就添加到endpoint,相关命令:
endpoint-create Create a new endpoint associated with a service
endpoint-delete Delete a service endpoint
endpoint-get
endpoint-list List configured service endpoints
首先还是查看已有的endpoint信息:
keystone --debug endpoint-list
curl -i http://10.120.34.51:35357/v2.0/endpoints -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: ce6316e335aa4b829b489c114c0f210e"
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+----------------------------------+
| 3770102afa3b42eeb0937efac7a8a49e | RegionOne | http://10.120.34.51:$(compute_port)s/v2/$(tenant_id)s | http://10.120.34.51:$(compute_port)s/v2/$(tenant_id)s | http://10.120.34.51:$(compute_port)s/v2/$(tenant_id)s | 14fec8aedfe043b3af6ca11a5589e27c |
| 68e3b6105ae14829bbee65fd8d72e190 | RegionOne | http://10.120.34.51:9292 | http://10.120.34.51:9292 | http://10.120.34.51:9292 | 15408ce0160a418e9e5991fe92504f5d |
| 6e66aea94bac486a8331758e00b48c63 | RegionOne | http://10.120.34.51:$(public_port)s/v2.0 | http://10.120.34.51:$(public_port)s/v2.0 | http://10.120.34.51:$(admin_port)s/v2.0 | 1a8138a86bf24393a25f2fa080f47b50 |
| c1379aa288e04509bfaa94235a50b05d | RegionOne | http://10.120.34.51:8773/services/Cloud | http://10.120.34.51:8773/services/Cloud | http://10.120.34.51:8773/services/Admin | f20041db95c4464883bcecdb6ed73fe7 |
+----------------------------------+-----------+-------------------------------------------------------+-------------------------------------------------------+-------------------------------------------------------+----------------------------------+
把network添加到endpoint:
keystone endpoint-create --region RegionOne --service-id 448a3a13f05e47ec8278c67b447d19fe --publicurl 'http://10.120.34.51:8773/services/Cloud' --adminurl 'http://10.120.34.51:8773/services/Admin' --internalurl 'http://10.120.34.51:8773/services/Cloud'
+-------------+-----------------------------------------+
| Property | Value |
+-------------+-----------------------------------------+
| adminurl | http://10.120.34.51:8773/services/Admin |
| id | da2bfde6736a44ff89b1fc75c6d52032 |
| internalurl | http://10.120.34.51:8773/services/Cloud |
| publicurl | http://10.120.34.51:8773/services/Cloud |
| region | RegionOne |
| service_id | 448a3a13f05e47ec8278c67b447d19fe |
+-------------+-----------------------------------------+
1. keystone --debug user-create --name ppt --tenant-id 5dd12337fcaf45a99269053caa8549f2 --pass ppt --email ppt@.com --enabled true
curl -i http://10.120.34.51:35357/v2.0/OS-KSADM/roles -X POST -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 9c65a8d9fb0c49359b2cfcde76df5b33"
REQ BODY: {"user": {"email": "ppt@.com", "password": "ppt", "enabled": true, "name": "ppt", "tenantId": "5dd12337fcaf45a99269053caa8549f2"}}
2. keystone --debug role-create --name ppt
curl -i http://10.120.34.51:35357/v2.0/OS-KSADM/roles -X POST -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 9c65a8d9fb0c49359b2cfcde76df5b33"
REQ BODY: {"role": {"name": "ppt"}}
3.keystone --debug tenant-create --name ppt --description 'for ppt to test' --enabled true
curl -i http://10.120.34.51:35357/v2.0/tenants -X POST -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ba015d9fb3b44a7290ca3a603f60a0d5"
REQ BODY: {"tenant": {"enabled": true, "name": "ppt", "description": "for ppt to test"}}
4.keystone --debug user-get 19145390e75e427992b768fc565f8c0b-----------ppt
curl -i http://10.120.34.51:35357/v2.0/users/19145390e75e427992b768fc565f8c0b -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: 88068af9524d4a8da5a7a67c6c26cc34"
5. keystone --debug user-role-add --user-id 19145390e75e427992b768fc565f8c0b --role-id e872b9ed4dfe4d6f827c7f1b37d66e34 --tenant-id 984eaf687e944a5fae43a77bd551c8fe
curl -i http://10.120.34.51:35357/v2.0/tenants/984eaf687e944a5fae43a77bd551c8fe/users/19145390e75e427992b768fc565f8c0b/roles/OS-KSADM/e872b9ed4dfe4d6f827c7f1b37d66e34 PUT -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: f3c02d50984c402183881f4ca7abc840"
把user关联到某个tenant:
keystone user-role-add --user-id 346b8f13e037474989a91c562abdcfff --role-id 0ea7efdc0b204fcbab3b4bff2f9c014b --tenant-id 5dd12337fcaf45a99269053caa8549f2
keystone user-role-add --user-id 346b8f13e037474989a91c562abdcfff --role-id 0ea7efdc0b204fcbab3b4bff2f9c014b --tenant-id 984eaf687e944a5fae43a77bd551c8fe
在这里我关联到两个tenant。
下面查看关联后结果:
keystone user-role-list --user-id 346b8f13e037474989a91c562abdcfff --tenant-id 984eaf687e944a5fae43a77bd551c8fe
+----------------------------------+---------------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+---------------+----------------------------------+----------------------------------+
| 0ea7efdc0b204fcbab3b4bff2f9c014b | KeystoneAdmin | 346b8f13e037474989a91c562abdcfff | 984eaf687e944a5fae43a77bd551c8fe |
+----------------------------------+---------------+----------------------------------+----------------------------------+
keystone user-role-list --user-id 346b8f13e037474989a91c562abdcfff --tenant-id 5dd12337fcaf45a99269053caa8549f2
+----------------------------------+---------------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+---------------+----------------------------------+----------------------------------+
| 0ea7efdc0b204fcbab3b4bff2f9c014b | KeystoneAdmin | 346b8f13e037474989a91c562abdcfff | 5dd12337fcaf45a99269053caa8549f2 |
+----------------------------------+---------------+----------------------------------+----------------------------------+
说明:我们创建user时有个可选项,是否指定tenantid。若开始创建的user没有指定--tenant-id,那么我们通过keystone use-get xxxx :
keystone user-get 0e08fcb9b05f4d84beab287dcc2610e4
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | admin@example.com |
| enabled | True |
| id | 0e08fcb9b05f4d84beab287dcc2610e4 |
| name | admin |
| tenantId | |
+----------+----------------------------------+
看到tenantId为空。此时我们通过keystone user-role-add命令把这个user关联到一个tenant后,必须要通过keystone user-role-list 命令加上参数才能查看关联后的user信息。
原因分析:1,设计的需要,或者说满足user更方便去操作,可以现创建一个“裸”的user,之后再关联到tenant。这样通过增加接口,就满足用户随时随地的创建user,关联user啦!
keystone 命令参数
最新推荐文章于 2021-05-31 09:30:03 发布