运维-06-认证服务-keystone¶
常用命令¶
项目创建¶
usage: openstack project create [-h]
[--domain <domain>]
[--parent <project>]
[--description <description>]
[--enable | --disable]
[--property <key=value>] [--or-show]
<project-name>
[root@10e150e68e69 ops]# openstack project create --description "ops project" ops-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | ops project |
| domain_id | default |
| enabled | True |
| id | b9d76d72bb87432ca012e86b1428695b |
| is_domain | False |
| name | ops-project |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
项目编辑¶
usage: openstack project set [-h] [--name <name>] [--domain <domain>]
[--description <description>]
[--enable | --disable] [--property <key=value>]
<project>
[root@10e150e68e69 ops]# openstack project set --name ops-new --description ops-new f89b2e19071643d197ac69b104a5cecd
查看修改后的项目
[root@10e150e68e69 ops]# openstack project show f89b2e19071643d197ac69b104a5cecd
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | ops-new |
| domain_id | default |
| enabled | True |
| id | f89b2e19071643d197ac69b104a5cecd |
| is_domain | False |
| name | ops-new |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
项目查询¶
查看单个项目¶
usage: openstack project show [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--domain <domain>]
[--parents] [--children]
<project>
[root@10e150e68e69 ops]# openstack project show 2fc60fdb739f4cea83146cd7f7a3ed2f
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 2fc60fdb739f4cea83146cd7f7a3ed2f |
| is_domain | False |
| name | ops |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
查看所有项目¶
usage: openstack project list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--sort-column SORT_COLUMN] [--domain <domain>]
[--user <user>] [--my-projects] [--long]
[--sort <key>[:<direction>]]
[root@10e150e68e69 ops]# openstack project list
+----------------------------------+-----------------------------------------+
| ID | Name |
+----------------------------------+-----------------------------------------+
| 2633a4dc7d2e4074bd439225ba1a6cbf | pro2 |
| 2fc60fdb739f4cea83146cd7f7a3ed2f | ops |
| 5ba21c32f002417a9e2da0571143998a | os |
| 701c4df4560548f79c084c8a6660a9c3 | service |
| 72fc263931ec46529f18ed7450432fe7 | admin |
| a2f05ff3283043c3a4c9de92e4a00040 | yunwei |
| ac00a4bdf03741be9d4d1c809e855970 | demo |
| c46073b602cd42b48a786336f68fd524 | proj_bluce |
| c6d0cedce5374324a4d1df3336ec7df2 | ops_test |
| dd344c20f7fc4530b9e2b0be02a2fcc2 | test |
| e82f0281047548098dcdd70972bda4f4 | share_pro |
| f20bf9c4c138426586597b71aa75cbb8 | pro3 |
| f89b2e19071643d197ac69b104a5cecd | ops-new |
| f9783fe783344a7eac30082055e07590 | os_test01 |
+----------------------------------+-----------------------------------------+
项目删除¶
usage: openstack project delete [-h] [--domain <domain>]
<project> [<project> ...]
删除单个项目¶
[root@10e150e68e69 ops]# openstack project delete b9d76d72bb87432ca012e86b1428695b
删除多个项目¶
[root@10e150e68e69 ops]# openstack project delete fe95a2a3fe924ee1b9cde753697621cd ff923484bbf34f0081d93ab2ed6f7316
用户创建¶
usage: openstack user create [-h]
[--domain <domain>] [--project <project>]
[--project-domain <project-domain>]
[--password <password>] [--password-prompt]
[--email <email-address>]
[--description <description>]
[--enable | --disable] [--or-show]
<name>
创建用户指定密码¶
[root@10e150e68e69 ops]# openstack user create --password 123 --email ops@126.com --description ops-user ops-user
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| description | ops-user |
| domain_id | default |
| email | ops@126.com |
| enabled | True |
| id | ba87721ed5fd4ba69b025871cc6fd5c8 |
| name | ops-user |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建用户指定项目¶
[root@10e150e68e69 ops]# openstack user create --project f89b2e19071643d197ac69b104a5cecd --password 123 ops-user2
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | f89b2e19071643d197ac69b104a5cecd |
| domain_id | default |
| enabled | True |
| id | 715e84af0e3d41a191ca4119c0ea0687 |
| name | ops-user2 |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
用户编辑¶
usage: openstack user set [-h] [--name <name>] [--domain <domain>]
[--project <project>]
[--project-domain <project-domain>]
[--password <password>] [--password-prompt]
[--email <email-address>]
[--description <description>] [--enable | --disable]
<user>
修改用户名和密码
[root@10e150e68e69 ops]# openstack user set --name ops-new --password new-pass 88f85b58c5a849e4b22d9d04f63ee4ca
查看修改后的用户
[root@10e150e68e69 ops]# openstack user show 88f85b58c5a849e4b22d9d04f63ee4ca
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| description | ops-user |
| domain_id | default |
| email | ops@126.com |
| enabled | True |
| id | 88f85b58c5a849e4b22d9d04f63ee4ca |
| name | ops-new |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
用户查询¶
查看单个用户¶
usage: openstack user show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
[--domain <domain>]
<user>
[root@10e150e68e69 ops]# openstack user show 88f85b58c5a849e4b22d9d04f63ee4ca
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| description | ops-user |
| domain_id | default |
| email | ops@126.com |
| enabled | True |
| id | 88f85b58c5a849e4b22d9d04f63ee4ca |
| name | ops-new |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
查看所有用户¶
usage: openstack user list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
[--sort-column SORT_COLUMN] [--domain <domain>]
[--group <group> | --project <project>] [--long]
[root@10e150e68e69 ops]# openstack user list|grep -v ct|grep -v yunwei|grep -v test
+----------------------------------+-----------------------------------------+
| ID | Name |
+----------------------------------+-----------------------------------------+
| 0087cb53a40c4d84acd55393b4470599 | cinder |
| 05afccc00a424f4090c2bb82ebd1bc6c | placement |
| 3b46e70afdc245e699803191498bfe79 | admin |
| 4185851f8f0b4dd38d4a584d255809ec | nova |
| 6a4d9222207c47ae958713919a1815aa | share_pro |
| 6ea8c8e5f749447b99cfdfcfc7836a22 | demo |
| 705ddd23c3c440e8af68e1feb227e7c5 | ops |
| 88f85b58c5a849e4b22d9d04f63ee4ca | ops-new |
| 9144483ff41e49ed82975b0081ffa50d | glance |
| 960cab2fd1e24004b41a86b35ec4eaf2 | user111 |
| a330a5685eb24c3293952c7ed03def69 | pro2 |
| b0e321a6ed534566b2f86d138ee72487 | os |
| c7b554da30fb4b2fa7a36fa2b5e60ebb | neutron |
| d06af69f4ad24ab5b884651b95692fde | pro3 |
+----------------------------------+-----------------------------------------+
用户删除¶
usage: openstack user delete [-h] [--domain <domain>] <user> [<user> ...]
删除单个用户¶
[root@10e150e68e69 ops]# openstack user delete 715e84af0e3d41a191ca4119c0ea0687
删除多个用户¶
[root@10e150e68e69 ops]# openstack user delete 715e84af0e3d41a191ca4119c0ea0687 ba87721ed5fd4ba69b025871cc6fd5c8
角色创建¶
usage: openstack role create [-h]
[--domain <domain>] [--or-show]
<role-name>
[root@10e150e68e69 ops]# openstack role create ops-role
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | dfc131d007ca492cb627434fa31438a3 |
| name | ops-role |
+-----------+----------------------------------+
角色编辑¶
usage: openstack role set [-h] [--domain <domain>] [--name <name>] <role>
[root@10e150e68e69 ops]# openstack role set --name ops-new-role 16223cad95254272ad5a9368602be518
查看修改后的角色
[root@10e150e68e69 ops]# openstack role show 16223cad95254272ad5a9368602be518
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 16223cad95254272ad5a9368602be518 |
| name | ops-new-role |
+-----------+----------------------------------+
角色查询¶
查看单个角色¶
usage: openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
[--domain <domain>]
<role>
[root@10e150e68e69 ops]# openstack role show 16223cad95254272ad5a9368602be518
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 16223cad95254272ad5a9368602be518 |
| name | ops-new-role |
+-----------+----------------------------------+
查看所有角色¶
usage: openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
[--sort-column SORT_COLUMN]
[--domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>] [--inherited]
[root@10e150e68e69 ops]# openstack role list
+----------------------------------+--------------+
| ID | Name |
+----------------------------------+--------------+
| 16223cad95254272ad5a9368602be518 | ops-new-role |
| 5bf184932ffa412fad7a3f4d0fa657b4 | user |
| 96af347303ad48a192430d6ecfd26d1b | admin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+--------------+
角色删除¶
usage: openstack role delete [-h] [--domain <domain>] <role> [<role> ...]
删除单个角色¶
[root@10e150e68e69 ops]# openstack role delete dfc131d007ca492cb627434fa31438a3
删除多个角色¶
[root@10e150e68e69 ops]# openstack role delete dfc131d007ca492cb627434fa31438a3 bf2dbd37f64147228a09861533063a3f
角色分配¶
usage: openstack role add [-h] [--domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>] [--inherited]
[--role-domain <role-domain>]
<role>
分配角色给用户和项目
[root@10e150e68e69 ops]# openstack role add --project d73caeaac28c48daafbbfab7099636fb --user 98c325e68e5f466e8da57b3e68164bf3 5bf184932ffa412fad7a3f4d0fa657b4
查看角色分配
[root@10e150e68e69 ops]# openstack role assignment list |grep d73caeaac28c48daafbbfab7099636fb
| 5bf184932ffa412fad7a3f4d0fa657b4 | 98c325e68e5f466e8da57b3e68164bf3 |
角色分配移除¶
usage: openstack role remove [-h] [--domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>] [--inherited]
[--role-domain <role-domain>]
<role>
[root@10e150e68e69 ops]# openstack role remove --project d73caeaac28c48daafbbfab7099636fb --user 98c325e68e5f466e8da57b3e68164bf3 5bf184932ffa412fad7a3f4d0fa657b4
角色分配查看¶
usage: openstack role assignment list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--sort-column SORT_COLUMN]
[--effective] [--role <role>]
[--role-domain <role-domain>] [--names]
[--user <user>]
[--user-domain <user-domain>]
[--group <group>]
[--group-domain <group-domain>]
[--domain <domain> | --project <project>]
[--project-domain <project-domain>]
[--inherited] [--auth-user]
[--auth-project]
查看所有分配¶
[root@10e150e68e69 ops]# openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| 96af347303ad48a192430d6ecfd26d1b | 0087cb53a40c4d84acd55393b4470599 | | 701c4df4560548f79c084c8a6660a9c3 | | False |
| 5bf184932ffa412fad7a3f4d0fa657b4 | 00f90551ed2b4c9499c537fd9bc1570f | | 8608b50d94ae45da96bb16ebd379ecba | | False |
| 5bf184932ffa412fad7a3f4d0fa657b4 | 030659bc363b4b1d8ea21467331f2222 | | 36a13cd77316463297bd3ccefc37ede9 | | False |
| 9fe2ff9ee4384b1894a90878d3e92bab | ffd32e81936848c8bcebc6a7f07dce76 | | d6dee3a0917c447eb2a204804e97c43f | | False |
| 5bf184932ffa412fad7a3f4d0fa657b4 | | 679a6ed2ff874961b5ff595eddb90457 | | 1d9f2a63598c4ddb9dd5473945ea4654 | False |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+----------------------------------+-----------+
显示项目、用户和角色名称
[root@10e150e68e69 ops]# openstack role assignment list --names
+----------+-------------------------------------------------+---------------+-------------------------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------+-------------------------------------------------+---------------+-------------------------------------------------+--------+-----------+
| admin | cinder@Default | | service@Default | | False |
| user | os_yunwei_sdk_test01_50650@Default | | os_yunwei_sdk_test01_50650@Default | | False |
| user | ct_bac_90c81310dcab46bf8d7d358f81589154@Default | | ct_bac_a707c7a247364510b71dd36747c01594@Default | | False |
| user | ct_2d99a4aebe804b22bd8043d6c2eb68e0@Default | | ct_510f4fede8484210a9fb0fb83dd6e2c3@Default | | False |
| _member_ | ct_2d99a4aebe804b22bd8043d6c2eb68e0@Default | | ct_510f4fede8484210a9fb0fb83dd6e2c3@Default | | False |
+----------+-------------------------------------------------+---------------+-------------------------------------------------+--------+-----------+
故障处理¶
待补充