本文介绍了keystone的常用命令,您可以参考以下教程完成Openstack Train版本再Centos7的安装。
【Openstack Train安装】三、openstack安装
【Openstack Train安装】四、MariaDB/RabbitMQ 安装
【Openstack Train安装】五、Memcached/Etcd安装
【Openstack Train安装】六、Keystone安装
【Openstack Train安装】八、placement安装
【Openstack Train安装】十、Neutron安装
【Openstack Train安装】十一、Dashboard 安装
【Openstack Train安装】十二、Cinder安装
一、基础命令
1、project相关命令
查看project列表:
openstack project list
创建project(新建的project名字是new-project):
openstack project create --description 'my new project' new-project --domain default
disable一个project(PROJECT_ID可以通过openstack show list查看):
openstack project set PROJECT_ID --disable
使能一个处于disabled状态的project(PROJECT_ID可以通过openstack show list查看):
openstack project set PROJECT_ID --enable
更新project的名字为project-new,PROJECT_ID可以通过openstack show list查看,project-new是新的名字):
openstack project set PROJECT_ID --name project-new
查看project详细信息(PROJECT_ID可以通过openstack show list查看):
openstack project show PROJECT_ID
删除某个project(PROJECT_ID可以通过openstack show list查看):
openstack project delete PROJECT_ID
2、user相关命令
查看user列表:
openstack user list
创建一个新用户new-user(--project指向project的名字,此处的project是new-project,--password是用户密码,new-user是新创建的用户名):
openstack user create --project new-project --password PASSWORD new-user
disable一个用户:
openstack user set USER_NAME --disable
使能一个处于disable状态的账号:
openstack user set USER_NAME --enable
改变用户名和邮箱地址,用户名改为user-new:
openstack user set USER_NAME --name user-new --email new-user@example.com
删除用户:
openstack user delete USER_NAME
3、role相关命令
查看role列表:
openstack role list
创建新role:
openstack role create new-role
user和project属于多对多的关系,为了将user和project关联,需要使用role(使用new-role将demo用户和project:test-project关联起来):
openstack role add --user demo --project test-project new-role
查看project和user对应的role分配信息(可通过该命令查看role分配是否成功):
openstack role assignment list --user USER_NAME --project PROJECT_NAME --names
查看role详细信息:
openstack role show ROLE_NAME
删除role:
openstack role remove --user USER_NAME --project PROJECT_NAME ROLE_NAME
查看role是否删除成功:
openstack role assignment list --user USER_NAME --project PROJECT_NAME --names
4、隐含role
创建隐含角色(使用如下命令后,用户被分配到admin角色时,也成为member角色,但是被分配到member角色时,不会成为admini角色):
openstack implied role create admin --implied-role member
查看隐含角色:
openstack implied role list
删除隐含角色:
openstack implied role delete admin --implied-role member
二、创建管理服务
1、创建服务
查看服务列表:
openstack service list
创建服务(SERVICE_NAME是服务的名字,SERVICE_DESCRIPTION是服务的描述,SERVICE_TYPE是服务的类型,服务类型的常用取值identity
, compute
, network
, image
, object-store等
):
openstack service create --name SERVICE_NAME --description SERVICE_DESCRIPTION SERVICE_TYPE
查看服务详细信息:
openstack service show SERVICE_TYPE|SERVICE_NAME|SERVICE_ID
创建服务端点(下面的命令创建了nova的端点):
openstack endpoint create nova public http://example.com/compute/v2.1
删除服务:
openstack service delete SERVICE_TYPE|SERVICE_NAME|SERVICE_ID
2、创建服务用户
创建服务用户前,先创建project(这里在域default创建了名字为service的project):
openstack project create service --domain default
创建用户(创建nova用户,密码Sekr3tPass):
openstack user create nova --password Sekr3tPass
将service和nova用户关联,并设置管理角色:
openstack role add --project service --user nova admin
三、Python SDK
本文介绍得Python SDK仅适用于本教程,和官网得有些区别,本文使用keystone v3,请根据自己得情况调整。
1、获取token
确保环境变量有以下几项,具体得取值可以不同,我这里获取admin得token:
编写如下代码:
from os import environ as env
import keystoneclient.v3.client as ksclient
keystone = ksclient.Client(auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
project_name=env['OS_PROJECT_NAME'],
user_domain_name=env['OS_PROJECT_DOMAIN_NAME'],
project_domain_name=env['OS_PROJECT_DOMAIN_NAME'])
print keystone.auth_token
print env['OS_USERNAME']
print env['OS_PROJECT_NAME']
运行后,结果如下:
2、glance
from os import environ as env
import keystoneclient.v3.client as ksclient
import glanceclient.v2.client as glclient
keystone = ksclient.Client(auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
project_name=env['OS_PROJECT_NAME'],
user_domain_name=env['OS_PROJECT_DOMAIN_NAME'],
project_domain_name=env['OS_PROJECT_DOMAIN_NAME'])
glance_endpoint = keystone.service_catalog.url_for(service_type='image')
print(glance_endpoint)
glance = glclient.Client(glance_endpoint, token=keystone.auth_token)
如下图:
3、nova
代码如下:
from os import environ as env
import novaclient.client
nova = novaclient.client.Client("2.1", auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
project_name=env['OS_PROJECT_NAME'],
user_domain_name=env['OS_PROJECT_DOMAIN_NAME'],
project_domain_name=env['OS_PROJECT_DOMAIN_NAME'])
4、neutron对象
代码如下:
from os import environ as env
from neutronclient.v2_0 import client as neutronclient
neutron = neutronclient.Client(auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
project_name=env['OS_PROJECT_NAME'],
user_domain_name=env['OS_PROJECT_DOMAIN_NAME'],
project_domain_name=env['OS_PROJECT_DOMAIN_NAME'])