AI 助理
备案控制台
开发者社区 安全 文章 正文

openstack keystone运维基础命令

2024-04-15 75
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: 在OpenStack中,Keystone作为身份服务模块,负责用户认证、令牌管理、服务目录和基于角色的访问控制。通过设置环境变量进行授权,然后执行如创建用户alice并设置密码,修改密码,列出用户,显示用户详情等操作。此外,还涉及到创建项目yun2024,查看和删除项目,创建及分配角色yunjisuanmy给用户alice,以及列出和删除角色。最后展示了查询OpenStack端点地址信息和使用`openstack role --help`查看相关命令帮助。

Keystone (OpenStack ldentityService)是OpenStack中的一个独立的提供安全认证的模块,主要负责openstack用户的身份认证、令牌管理、提供访问资源的服务目录(指引路径)、以及基于用户角色的访问控制。
步骤:
执行环境变量脚本进行授权

[root@admin ~(keystone_admin)]# cat keystonerc_admin 
    unset OS_SERVICE_TOKEN
    export OS_USERNAME=admin
    export OS_PASSWORD='27141bb36b53462a'
    export OS_REGION_NAME=RegionOne
    export OS_AUTH_URL=http://192.168.200.146:5000/v3
    export PS1='[\u@\h \W(keystone_admin)]\$ '
    export OS_PROJECT_NAME=admin
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_IDENTITY_API_VERSION=3
[root@admin ~(keystone_admin)]#

创建alice用户 密码为123456


[root@admin ~(keystone_admin)]# openstack user create  --password 123456 alice
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9cb021aeebc84930a2317a41341172e3 |
| name                | alice                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@admin ~(keystone_admin)]#

修改用户密码


[root@admin ~(keystone_admin)]# openstack user set --password 12345 alice
[root@admin ~(keystone_admin)]#

查看openstack 中系统的用户列表

[root@admin ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 8dbf97f777ee4846878acb44e55f6cdf | admin      |
| c0449813c2c64646a04e3728e226a741 | demo       |
| aa1e1e5794bf4b18abf92917fc989399 | glance     |
| 60e8f499f760462a830e3737bff0a741 | cinder     |
| 8db00b68ea9440fbb6a2295960acf927 | nova       |
| 934b741e29844c498b0d93819170ea9b | placement  |
| 11976389447244f1821200826b21f714 | neutron    |
| cbc8969aff1944fa9cbe7af9e954da0a | swift      |
| 6b86d63f1dd44a6dbb8db04d0d672af5 | gnocchi    |
| 09234ece374149b782efb58c9a171a59 | ceilometer |
| 7ca386ae6bfc4b4fa60c80120f34b516 | aodh       |
| 9cb021aeebc84930a2317a41341172e3 | alice      |
+----------------------------------+------------+
[root@admin ~(keystone_admin)]#

查看当前openstack 系统中的某一个用户信息


[root@admin ~(keystone_admin)]# openstack user show alice
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9cb021aeebc84930a2317a41341172e3 |
| name                | alice                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@admin ~(keystone_admin)]#

创建一个新的项目

[root@admin ~(keystone_admin)]# openstack project create yun2024
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5b9554cf741a48dcb6ea1c3973254567 |
| is_domain   | False                            |
| name        | yun2024                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

查看当前openstack 系统中的所有项目信息

[root@admin ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 009a94428fb84a0db16aa4a1adab9a35 | admin    |
| 579764513c9748d9bb6bff9458f8be26 | demo     |
| 5b9554cf741a48dcb6ea1c3973254567 | yun2024  |
| a1b3c17e306e465db96b9afdb6bd4aae | services |
+----------------------------------+----------+
[root@admin ~(keystone_admin)]#

查看某个项目信息


[root@admin ~(keystone_admin)]# openstack project show yun2024
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5b9554cf741a48dcb6ea1c3973254567 |
| is_domain   | False                            |
| name        | yun2024                          |
| options     | {}                               |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

创建一个新的角色


root@admin ~(keystone_admin)]# openstack role create  yunjisuanmy
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | e1f442a3281c47fab6141bbf8b010be8 |
| name        | yunjisuanmy                      |
| options     | {}                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

根据创建的角色进行用户绑定


[root@admin ~(keystone_admin)]# openstack role add --user alice --project yun2024 yunjisuanmy
[root@admin ~(keystone_admin)]# openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 42fec268bbfe4a978b4f90e2e12a2585 | SwiftOperator |
| 5127777a534b4a788aae9c47310f7f10 | ResellerAdmin |
| 749151fa885d4c4398c4897e0bf36e39 | member        |
| b35dec44110e498095b97bd7ba694584 | reader        |
| c2201d74ab4740e98ccb9fc143ed9ca5 | _member_      |
| e0e1666efec04af6b9af07434206eb6c | admin         |
| e1f442a3281c47fab6141bbf8b010be8 | yunjisuanmy   |
+----------------------------------+---------------+

查看某一个角色列表的详细信息

[root@admin ~(keystone_admin)]# openstack role show yunjisuanmy
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | e1f442a3281c47fab6141bbf8b010be8 |
| name        | yunjisuanmy                      |
| options     | {}                               |
+-------------+----------------------------------+
[root@admin ~(keystone_admin)]#

查看当前openstack系统中所有的端点地址信息查询

[root@admin ~(keystone_admin)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                               |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| 00d1260e12284301b76586a7a315a058 | RegionOne | glance       | image        | True    | admin     | http://192.168.200.146:9292                       |
| 0ed25ade002a4f80ade862a65e2224ea | RegionOne | cinderv3     | volumev3     | True    | internal  | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 0f9f0ebbe8de48078306c77409860ea8 | RegionOne | neutron      | network      | True    | admin     | http://192.168.200.146:9696                       |
| 121c5b86ed5f43f48e07b37ab77dae95 | RegionOne | swift        | object-store | True    | public    | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
| 1bf99c2e6d3847e0bb28282db96755e4 | RegionOne | cinderv3     | volumev3     | True    | public    | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 1c9790a3233045b79f2348961ad25254 | RegionOne | glance       | image        | True    | public    | http://192.168.200.146:9292                       |
| 25cf05586c93425fb442dddfcb13f703 | RegionOne | neutron      | network      | True    | public    | http://192.168.200.146:9696                       |
| 2a3780fcc24946eb9d99bacf89d03dbd | RegionOne | placement    | placement    | True    | public    | http://192.168.200.146:8778/placement             |
| 3938bbc0be84430586d87651bad137d1 | RegionOne | aodh         | alarming     | True    | public    | http://192.168.200.146:8042                       |
| 3ee47197d7ab4155ad91b0843ddf1043 | RegionOne | nova         | compute      | True    | admin     | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| 4591061b829e4a569dd391a188bbe7bc | RegionOne | keystone     | identity     | True    | public    | http://192.168.200.146:5000/v3                    |
| 4a57b6e4dce34b7c997f8690ed4287c8 | RegionOne | aodh         | alarming     | True    | admin     | http://192.168.200.146:8042                       |
| 4f5e17ea7d5a43a5bd9386328799f0a7 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.200.146:5000/v3                    |
| 5cb06809572440c3915454b0556b12b5 | RegionOne | cinderv3     | volumev3     | True    | admin     | http://192.168.200.146:8776/v3/%(tenant_id)s      |
| 6183896fe301468d83143adacba07bb4 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.200.146:5000/v3                    |
| 6b90720d03ab424fa8b911aa01ea57df | RegionOne | ceilometer   | metering     | True    | admin     | http://192.168.200.146:8777                       |
| 6d904dbdbabb4a389ec24605039ad6d5 | RegionOne | glance       | image        | True    | internal  | http://192.168.200.146:9292                       |
| 6e6cae9e8e9144939395dae72fa52ced | RegionOne | placement    | placement    | True    | admin     | http://192.168.200.146:8778/placement             |
| 70d362c995e84124840f5337386caf8b | RegionOne | cinderv2     | volumev2     | True    | internal  | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| 752273473a6c44f18aa6aec7ad411581 | RegionOne | ceilometer   | metering     | True    | public    | http://192.168.200.146:8777                       |
| 76294330990b432c8890b215355e276d | RegionOne | nova         | compute      | True    | internal  | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| 7737d4f577d2441e8e4582ae6d330930 | RegionOne | cinderv2     | volumev2     | True    | public    | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| 8581d032c73c455bad447e9a8af4f128 | RegionOne | gnocchi      | metric       | True    | admin     | http://192.168.200.146:8041                       |
| bd0431dfcd3c4630bd2117db689f43bb | RegionOne | aodh         | alarming     | True    | internal  | http://192.168.200.146:8042                       |
| c2f72bfe91674550a52ea6841dcbced1 | RegionOne | cinderv2     | volumev2     | True    | admin     | http://192.168.200.146:8776/v2/%(tenant_id)s      |
| c711e71a8ab14d9cbf8c630f0d21e403 | RegionOne | neutron      | network      | True    | internal  | http://192.168.200.146:9696                       |
| cce94bdfa07b424e87779e23c9ffd65f | RegionOne | ceilometer   | metering     | True    | internal  | http://192.168.200.146:8777                       |
| d7b267b1f36c43ccbe54b1331b98f5ce | RegionOne | gnocchi      | metric       | True    | public    | http://192.168.200.146:8041                       |
| df899a0429024787bfea8b11568ac1b9 | RegionOne | swift        | object-store | True    | internal  | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
| e0962fa6be3d47a3bf47d9d6a7b854a0 | RegionOne | nova         | compute      | True    | public    | http://192.168.200.146:8774/v2.1/%(tenant_id)s    |
| e1414759b9244e0d8ddbd40f862bb539 | RegionOne | gnocchi      | metric       | True    | internal  | http://192.168.200.146:8041                       |
| e93363ab128e488687085ba5185c941e | RegionOne | placement    | placement    | True    | internal  | http://192.168.200.146:8778/placement             |
| e958b5bc2c7848c893670ef8c798b72b | RegionOne | swift        | object-store | True    | admin     | http://192.168.200.146:8080/v1/AUTH_%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
[root@admin ~(keystone_admin)]#

删除用户


[root@admin ~(keystone_admin)]# openstack  user delete alice
[root@admin ~(keystone_admin)]# openstack  user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 8dbf97f777ee4846878acb44e55f6cdf | admin      |
| c0449813c2c64646a04e3728e226a741 | demo       |
| aa1e1e5794bf4b18abf92917fc989399 | glance     |
| 60e8f499f760462a830e3737bff0a741 | cinder     |
| 8db00b68ea9440fbb6a2295960acf927 | nova       |
| 934b741e29844c498b0d93819170ea9b | placement  |
| 11976389447244f1821200826b21f714 | neutron    |
| cbc8969aff1944fa9cbe7af9e954da0a | swift      |
| 6b86d63f1dd44a6dbb8db04d0d672af5 | gnocchi    |
| 09234ece374149b782efb58c9a171a59 | ceilometer |
| 7ca386ae6bfc4b4fa60c80120f34b516 | aodh       |
+----------------------------------+------------+
[root@admin ~(keystone_admin)]#

删除项目

[root@admin ~(keystone_admin)]# openstack project delete yun2024
[root@admin ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 009a94428fb84a0db16aa4a1adab9a35 | admin    |
| 579764513c9748d9bb6bff9458f8be26 | demo     |
| a1b3c17e306e465db96b9afdb6bd4aae | services |
+----------------------------------+----------+
[root@admin ~(keystone_admin)]#

删除角色

[root@admin ~(keystone_admin)]# openstack role delete yunjisuanmy
[root@admin ~(keystone_admin)]# openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 42fec268bbfe4a978b4f90e2e12a2585 | SwiftOperator |
| 5127777a534b4a788aae9c47310f7f10 | ResellerAdmin |
| 749151fa885d4c4398c4897e0bf36e39 | member        |
| b35dec44110e498095b97bd7ba694584 | reader        |
| c2201d74ab4740e98ccb9fc143ed9ca5 | _member_      |
| e0e1666efec04af6b9af07434206eb6c | admin         |
+----------------------------------+---------------+
[root@admin ~(keystone_admin)]#

最后利用--help查看文档


[root@admin ~]# openstack role --help
Command "role" matches:
  role add
  role assignment list
  role create
  role delete
  role list
  role remove
  role set
  role show
[root@admin ~]#
文章标签:
数据安全/隐私保护
运维
安全
关键词:
运维命令
openstack keystone
openstack运维
openstack运维命令
阿西吧ba
目录
相关文章
土木林森
|
2月前
|
图形学 开发者 存储
超越基础教程:深度拆解Unity地形编辑器的每一个隐藏角落,让你的游戏世界既浩瀚无垠又细节满满——从新手到高手的全面技巧升级秘籍
【8月更文挑战第31天】Unity地形编辑器是游戏开发中的重要工具,可快速创建复杂多变的游戏环境。本文通过比较不同地形编辑技术,详细介绍如何利用其功能构建广阔且精细的游戏世界,并提供具体示例代码,展示从基础地形绘制到植被与纹理添加的全过程。通过学习这些技巧,开发者能显著提升游戏画面质量和玩家体验。
土木林森
94 3
pbeskoyq7ffm4
|
2月前
|
SQL 运维 监控
DM日常运维高频命令总结
DM日常运维高频命令总结
pbeskoyq7ffm4
83 3
pbeskoyq7ffm4
|
2月前
|
运维 Oracle 前端开发
Oracle 11g RAC集群日常运维命令总结
Oracle 11g RAC集群日常运维命令总结
pbeskoyq7ffm4
70 2
pbeskoyq7ffm4
|
2月前
|
SQL 运维 调度
DM8日常运维命令总结(二)
DM8日常运维命令总结(二)
pbeskoyq7ffm4
71 2
pbeskoyq7ffm4
|
2月前
|
SQL 运维 Oracle
入门级Oracle 11g日常运维命令总结
入门级Oracle 11g日常运维命令总结
pbeskoyq7ffm4
70 1
pbeskoyq7ffm4
|
2月前
|
SQL 运维 数据库
DM8日常运维必须要懂的几个命令
DM8日常运维必须要懂的几个命令
pbeskoyq7ffm4
58 1
小Lee
|
2月前
|
存储 API 持续交付
OpenStack组件Keystone
【8月更文挑战第20天】
小Lee
53 3
工程师阿龙
|
2月前
|
移动开发 运维 网络协议
运维必备 | Linux netstat命令详解
运维必备 | Linux netstat命令详解
工程师阿龙
89 8
jcLee95
|
2月前
|
数据采集 运维 监控
运维笔记:流编辑器sed命令用法解析
运维笔记:流编辑器sed命令用法解析
jcLee95
51 5
听风de歌
|
2月前
|
存储 负载均衡 API
OpenStack核心组件Keystone
【8月更文挑战第3天】
听风de歌
245 8

热门文章

最新文章

  • 1
    【运维知识进阶篇】手把手教你搭建OpenVPN(保姆级教程)(一)
  • 2
    系统批量运维管理器Fabric详解
  • 3
    2016全新Linux+Python高端运维班-Linux服务 DNS,httpd,加密通讯,vsftp,NFS,samba服务练习
  • 4
    IT运维服务商如何将WannaCry拒之门外?恒远志成称安全需防微杜渐
  • 5
    云MSP服务案例|云上Oracle RAC部署运维及实践
  • 6
    网络运维团队如何应对最新的黑客威胁?
  • 7
    半自动化运维之动态添加数据文件(一)
  • 8
    系统运维
  • 9
    mysql中的时间函数---运维常用
  • 10
    运维调试记录:Ubuntu启动到字符界面和图形界面
  • 1
    【专栏】虚拟化技术与云计算平台 OpenStack:硬件虚拟化、操作系统级虚拟化和容器化
    591
  • 2
    OpenStack私有云裸机物理服务器角色规划
    100
  • 3
    openstack cinder、swift运维命令
    129
  • 4
    openstack基于实例的快照
    65
  • 5
    openstack云平台创建卷以及使用卷挂载
    178
  • 6
    openstack 使用ssh远程管理云主机
    154
  • 7
    openstack 上创建云主机
    315
  • 8
    openstack 部署单节点
    273
  • 9
    ChaosBlade支持问题之支持openstack如何解决
    55
  • 10
    k8s 开通openstack
    143

    • 相关课程

    更多
  • 企业运维之弹性计算原理与实践
  • 企业运维之云上网络原理与实践课程
  • 企业级运维之云原生与Kubernetes实战课程
  • 面向运维的 python 脚本速成-1024程序员节创造营公益课
  • Linux企业运维实战 - 入门及常用命令
  • 玩转云上智能运维

    • 相关电子书

    更多
  • 企业运维之云原生和Kubernetes 实战
  • 可视化架构运维实践
  • OpenStack Swift 海量小文件性能优化之路

    • 相关实验场景

    更多
  • MySQL数据库快速部署实践
  • 使用操作系统智能助手OS Copilot解锁操作系统运维与编程
  • 使用物联网平台远程管理运维设备
  • 消息队列RocketMQ版:消费异常运维排查体验
  • 快速开发光伏电站数字孪生运维系统
  • RocketMQ的常规运维实践应用
    • 下一篇
    AI助理直击要害,从繁复中提炼精华——使用CDN加速访问OSS存储的图片