Keystone基本实验操作
执行环境变量
1.创建角色“RoleCli_02Gyq”并查看自己创建的角色
#openstack role create RoleCli_02Gyq #创建角色
#openstack role list #查看角色列表
#openstack role RoleCli_02Gyq #查看具体的角色数据
[root@controller ~(keystone_admin)]# openstack role list
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 1263bae03bfe4021a7436aef8cf36744 | SwiftOperator |
| 2b7a586c67644e03a965f2ca9d8d35ad | ResellerAdmin |
| 46977f48b32b45f886bdf1f267c61417 | member |
| 788e8b4ad00f4186bd8027d57636a2e8 | RoleCli_02Gyq |
| 9528a0cd165b4814bef12358950650dd | _member_ |
| af272f1836cf47098cc04c3abd9af691 | reader |
| f239f20b7f084e73a35b43554310b577 | admin |
+----------------------------------+---------------+
[root@controller ~(keystone_admin)]# openstack role show RoleCli_02Gyq
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 788e8b4ad00f4186bd8027d57636a2e8 |
| name | RoleCli_02Gyq |
| options | {} |
+-------------+----------------------------------+
2.创建用户UserCli_02指定域指定项目; UserCli_Gyq指定邮箱和密码,并查看自己创建的用户
#openstack user create
\--domain default
\--project admin
\--password-prompt UserCli_02
#绑定域,项目并以以交互的形式输入密码
#openstack user create
\--password Huawei@123
\--email 1554789023@qq.com UserCli_Gyq
#绑定邮箱并以Cli形式直接设置密码
#openstack user list #查看创建的密码
[root@controller ~(keystone_admin)]# openstack user list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 08d1d5b648874cf49af85b3a6cf814e5 | admin |
| 8ae0ab5fc01f4a159bfedd8f18dbcdb1 | demo |
| 757e4b5a37974ec7a390608d00a1caa6 | glance |
| ce1b5cce0cb6480a95a687d3092b2396 | cinder |
| fff01b4ec7654c2ba171de22187bbb65 | nova |
| 7d569c8ba88248e498c47c586c5aea61 | placement |
| 8f066844aa24464f8f5988364022ac13 | neutron |
| fb90a8f5acf84481b9dbf2bd1788c5c9 | swift |
| 8ef6a63d42c2457f9e800fd954065a50 | gnocchi |
| cc5f02f515d04bfc9b2994566b66d46d | ceilometer |
| 5c10452a85ca4c2bb11cbe8ebd15714d | aodh |
| 8d1c6a177db14406bd56047c64dee6f8 | UserCli_02 |
| f846e5833df54a7bbfa18c9e75f3e903 | UserCli_Gyq |
+----------------------------------+-------------+
3.创建用户组GroupCli_02Gyq并查看自己创建的用户
openstack group create GroupCli_02Gyq #创建用户组
openstack group add user GroupCli_02Gyq UserCli_02 UserCli_Gyq #将两个用户加入创建的用户组中
openstack group contains user GroupCli_02Gyq UserCli_02 #查看用户所在用户组的位置
openstack group contains user GroupCli_02Gyq UserCli_Gyq
[root@controller ~(keystone_admin)]# openstack group contains user GroupCli_02Gyq UserCli_02
UserCli_02 in group GroupCli_02Gyq
[root@controller ~(keystone_admin)]#
4.创建项目
openstack project create --domain default ProjectCli_02Gyq #在domain域创建ProjectCli_02Gyq
openstack project list #查看创建的项目
openstack role add --project ProjectCli_02Gyq --user UserCli_Gyq RoleCli_02Gyq #给创建的用户绑定角色和项目
[root@controller ~(keystone_admin)]# openstack project list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 0d898a4a0e7443b7b0f22c47b59f7a70 | services |
| 9e981961d14a44048a8284a8498ed40e | ProjectCli_02Gyq |
| c5ee00930cef47b9874d8c5dea42adcf | demo |
| ecdad7e4e5d14e628a68dffd7b1dd503 | admin |
+----------------------------------+------------------+
5.查看角色分配情况
openstack role assignment list --names | grep UserCli_Gyq #使用用户名的关键字来查看角色分配情况
openstack role assignment list --names | grep RoleCli_02Gyq #使用角色名的关键字来查看角色分配情况
openstack role assignment list --names | grep ProjectCli_02Gyq #使用项目名的关键字来查看角色分配情况
[root@controller ~(keystone_admin)]# openstack role assignment list --names | grep UserCli_Gyq
| RoleCli_02Gyq | UserCli_Gyq@Default | | ProjectCli_02Gyq@Default | | | False |
[root@controller ~(keystone_admin)]# openstack role assignment list --names | grep RoleCli_02Gyq
| RoleCli_02Gyq | UserCli_Gyq@Default | | ProjectCli_02Gyq@Default | | | False |
[root@controller ~(keystone_admin)]# openstack role assignment list --names | grep ProjectCli_02Gyq
| RoleCli_02Gyq | UserCli_Gyq@Default | | ProjectCli_02Gyq@Default | | | False |
6.修改项目配额
openstack quota show ProjectCli_02Gyq | grep 'instances\|volumes\|networks' #查看指定的项目配额
openstack quota set --instances 5 --volumes 5 --networks 10 ProjectCli_02Gyq #修改指定的项目配额
[root@controller ~(keystone_admin)]# openstack quota show ProjectCli_02Gyq | grep 'instances\|volumes\|networks'
| instances | 10 |
| networks | 100 |
| volumes | 10 |
| volumes___DEFAULT__ | -1 |
| volumes_iscsi | -1 |
[root@controller ~(keystone_admin)]# openstack quota set --instances 5 --volumes 5 --networks 10 ProjectCli_02Gyq
[root@controller ~(keystone_admin)]# openstack quota show ProjectCli_02Gyq | grep 'instances\|volumes\|networks'
| instances | 5 |
| networks | 10 |
| volumes | 5 |
| volumes___DEFAULT__ | -1 |
| volumes_iscsi | -1 |