[OpenStack] OpenStack Essex - KeyStone 命令行详解

OpenStack - KeyStone 命令行详解

localadmin@OpenStack-1:~$ keystone
usage: keystone [--os_username <auth-user-name>]
                [--os_password <auth-password>]
                [--os_tenant_name <auth-tenant-name>]
                [--os_tenant_id <tenant-id>] [--os_auth_url <auth-url>]
                [--os_region_name <region-name>]
                [--os_identity_api_version <identity-api-version>]
                [--token <service-token>] [--endpoint <service-endpoint>]
                [--username <auth-user-name>] [--password <auth-password>]
                [--tenant_name <tenant-name>] [--auth_url <auth-url>]
                [--region_name <region-name>]
                <subcommand> ...

Command-line interface to the OpenStack Identity API.

Positional arguments:
<subcommand>
    catalog             List service catalog, possibly filtered by service.
    ec2-credentials-create
                        Create EC2-compatibile credentials for user per tenant
    ec2-credentials-delete
                        Delete EC2-compatibile credentials
    ec2-credentials-get
                        Display EC2-compatibile credentials
    ec2-credentials-list
                        List EC2-compatibile credentials for a user
    endpoint-create     Create a new endpoint associated with a service
    endpoint-delete     Delete a service endpoint
    endpoint-get        Find endpoint filtered by a specific attribute or
                        service type
    endpoint-list       List configured service endpoints
    role-create         Create new role
    role-delete         Delete role
    role-get            Display role details
    role-list           List all roles, or only those granted to a user.
    service-create      Add service to Service Catalog
    service-delete      Delete service from Service Catalog
    service-get         Display service from Service Catalog
    service-list        List all services in Service Catalog
    tenant-create       Create new tenant
    tenant-delete       Delete tenant
    tenant-get          Display tenant details
    tenant-list         List all tenants
    tenant-update       Update tenant name, description, enabled status
    token-get           Display the current user token
    user-create         Create new user
    user-delete         Delete user
    user-get            Display user details.
    user-list           List users
    user-password-update
                        Update user password
    user-role-add       Add role to user
    user-role-remove    Remove role from user
    user-update         Update user's name, email, and enabled status
    discover            Discover Keystone servers and show authentication
                        protocols and
    help                Display help about this program or one of its
                        subcommands.

Optional arguments:
--os_username <auth-user-name>
                        Defaults to env[OS_USERNAME]
--os_password <auth-password>
                        Defaults to env[OS_PASSWORD]
--os_tenant_name <auth-tenant-name>
                        Defaults to env[OS_TENANT_NAME]
--os_tenant_id <tenant-id>
                        Defaults to env[OS_TENANT_ID]
--os_auth_url <auth-url>
                        Defaults to env[OS_AUTH_URL]
--os_region_name <region-name>
                        Defaults to env[OS_REGION_NAME]
--os_identity_api_version <identity-api-version>
                        Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
--token <service-token>
                        Defaults to env[SERVICE_TOKEN]
--endpoint <service-endpoint>
                        Defaults to env[SERVICE_ENDPOINT]
--username <auth-user-name>
                        Deprecated
--password <auth-password>
                        Deprecated
--tenant_name <tenant-name>
                        Deprecated
--auth_url <auth-url>
                        Deprecated
--region_name <region-name>
                        Deprecated

=================== 为KeyStone创建Tenants ===================

Creating Tenants

Create the tenants by executing the following commands. In this case, we are creating two tenants - admin and service.

keystone tenant-create --name admin
keystone tenant-create --name service

localadmin@OpenStack-1:~$ keystone tenant-create --name admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | None                             |
| enabled     | True                             |
| id          | 938c2aeb59f842c58c03a1e5bbe50e20 |
| name        | admin                            |
+-------------+----------------------------------+
localadmin@OpenStack-1:~$ keystone tenant-create --name service
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | None                             |
| enabled     | True                             |
| id          | a4a59e33b382439bab47cc8c2d01caf1 |
| name        | service                          |
+-------------+----------------------------------+

=================== 为KeyStone创建Users ===================

Creating Users

Create the users by executing the following commands. In this case, we are creating four users - admin, nova, glance and swift

keystone user-create --name admin --pass admin --email admin@foobar.com 
keystone user-create --name nova --pass nova   --email nova@foobar.com
keystone user-create --name glance --pass glance   --email glance@foobar.com
keystone user-create --name swift --pass swift   --email swift@foobar.com

localadmin@OpenStack-1:~$ keystone |grep user
usage: keystone [--os_username <auth-user-name>]
                [--username <auth-user-name>] [--password <auth-password>]
                        Create EC2-compatibile credentials for user per tenant
                        List EC2-compatibile credentials for a user
    role-list           List all roles, or only those granted to a user.
    token-get           Display the current user token
    user-create         Create new user
    user-delete         Delete user
    user-get            Display user details.
    user-list           List users
    user-password-update
                        Update user password
    user-role-add       Add role to user
    user-role-remove    Remove role from user
    user-update         Update user's name, email, and enabled status
  --os_username <auth-user-name>
  --username <auth-user-name>
localadmin@OpenStack-1:~$ keystone user-list
+----------------------------------+---------+-------------------+--------+
|                id                | enabled |       email       |  name  |
+----------------------------------+---------+-------------------+--------+
| 2acc3e1b7f90484d88a51d668496b664 | True    | swift@foobar.com  | swift  |
| 3e8c6c6a7013469cbf673538d9cca353 | True    | admin@foobar.com  | admin  |
| 97f20d8dada74684940383217a5d77cc | True    | nova@foobar.com   | nova   |
| d2536af05c1c4972aea56b0edbd9ea35 | True    | glance@foobar.com | glance |
+----------------------------------+---------+-------------------+--------+

=================== 为KeyStone创建Roles ===================

Creating Roles

Create the roles by executing the following commands. In this case, we are creating two roles - admin and Member.

keystone role-create --name admin
keystone role-create --name Member

localadmin@OpenStack-1:~$ keystone|grep role
    role-create         Create new role
    role-delete         Delete role
    role-get            Display role details
    role-list           List all roles, or only those granted to a user.
    user-role-add       Add role to user
    user-role-remove    Remove role from user
localadmin@OpenStack-1:~$ keystone role-create --name admin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| id       | fde51bfee49a49c6a7d718ea6d78eeff |
| name     | admin                            |
+----------+----------------------------------+
localadmin@OpenStack-1:~$ keystone role-create --name Member
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| id       | 3544b420d0ac4b98a9192c102e17af3f |
| name     | Member                           |
+----------+----------------------------------+

=================== 为KeyStone Add Roles to Users in Tennats ===================

Adding Roles to Users in Tenants

Now we add roles to the users that have been created. A role to a specific user in a specific tenant can be assigned with the following command:

keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID

The required 'id' can be obtained from the commands - keystone user-list, keystone tenant-list, keystone role-list.

To add a role of 'admin' to the user 'admin' of the tenant 'admin'.

keystone user-role-add --user b3de3aeec2544f0f90b9cbfe8b8b7acd --role 2bbe305ad531434991d4281aaaebb700 --tenant_id 7f95ae9617cd496888bc412efdceabfd

The following commands will add a role of 'admin' to the users 'nova', 'glance' and 'swift' of the tenant 'service'.

keystone user-role-add --user ce8cd56ca8824f5d845ba6ed015e9494 --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
keystone user-role-add --user 518b51ea133c4facadae42c328d6b77b --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
keystone user-role-add --user 1b986cca67e242f38cd6aa4bdec587ca --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199

The 'Member' role is used by Horizon and Swift. So add the 'Member' role accordingly.

keystone user-role-add --user b3de3aeec2544f0f90b9cbfe8b8b7acd --role d983800dd6d54ee3a1b1eb9f2ae3291f --tenant_id 7f95ae9617cd496888bc412efdceabfd

Replace the id appropriately as listed by keystone user-list, keystone role-list, keystone tenant-list.

localadmin@OpenStack-1:~$ keystone |grep user-role
user-role-add Add role to user
user-role-remove Remove role from user

keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID

To add a role of 'admin' to the user 'admin' of the tenant 'admin'.

keystone user-role-add --user 3e8c6c6a7013469cbf673538d9cca353 --role fde51bfee49a49c6a7d718ea6d78eeff --tenant_id 938c2aeb59f842c58c03a1e5bbe50e20

The following commands will add a role of 'admin' to the users 'nova', 'glance' and 'swift' of the tenant 'service'.

keystone user-role-add --user 97f20d8dada74684940383217a5d77cc --role fde51bfee49a49c6a7d718ea6d78eeff --tenant_id a4a59e33b382439bab47cc8c2d01caf1
keystone user-role-add --user d2536af05c1c4972aea56b0edbd9ea35 --role fde51bfee49a49c6a7d718ea6d78eeff --tenant_id a4a59e33b382439bab47cc8c2d01caf1
keystone user-role-add --user 2acc3e1b7f90484d88a51d668496b664 --role fde51bfee49a49c6a7d718ea6d78eeff --tenant_id a4a59e33b382439bab47cc8c2d01caf1

The 'Member' role is used by Horizon and Swift. So add the 'Member' role accordingly.

keystone user-role-add --user 3e8c6c6a7013469cbf673538d9cca353 --role 3544b420d0ac4b98a9192c102e17af3f --tenant_id 938c2aeb59f842c58c03a1e5bbe50e20

=================== 为KeyStone创建Services ===================

Creating Services

Now we need to create the required services which the users can authenticate with. nova-compute, nova-volume, glance, swift, keystone and ec2 are some of the services that we create.

keystone service-create --name service_name --type service_type --description 'Description of the service'

keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name volume --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name swift --type object-store --description 'OpenStack Storage Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
keystone service-create --name ec2 --type ec2 --description 'EC2 Service'

Each of the services that have been created above will be identified with a unique id which can be obtained from the following command:

keystone service-list
+----------------------------------+----------+--------------+----------------------------+
|                id                |   name   |     type     |        description         |
+----------------------------------+----------+--------------+----------------------------+
| 1e93ee6c70f8468c88a5cb1b106753f3 | nova     | compute      | OpenStack Compute Service  |
| 28fd92ffe3824004996a3e04e059d875 | ec2      | ec2          | EC2 Service                |
| 7d4ec192dfa1456996f0f4c47415c7a7 | keystone | identity     | OpenStack Identity Service |
| 96f35e1112b143e59d5cd5d0e6a8b22d | swift    | object-store | OpenStack Storage Service  |
| f38f4564ff7b4e43a52b2f5c1b75e5fa | volume   | volume       | OpenStack Volume Service   |
| fbafab6edcab467bb734380ce6be3561 | glance   | image        | OpenStack Image Service    |
+----------------------------------+----------+--------------+----------------------------+

The 'id' will be used in defining the endpoint for that service.

=================== 为KeyStone创建Endpoints ===================

Creating Endpoints

Create endpoints for each of the services that have been created above.

keystone endpoint-create --region region_name --service_id service_id --publicurl public_url --adminurl admin_url  --internalurl internal_url

For creating an endpoint for nova-compute, execute the following command:

keystone endpoint-create --region myregion --service_id 1e93ee6c70f8468c88a5cb1b106753f3 --publicurl 'http://10.10.10.2:8774/v2/$(tenant_id)s' --adminurl 'http://10.10.10.2:8774/v2/$(tenant_id)s' --internalurl 'http://10.10.10.2:8774/v2/$(tenant_id)s'

For creating an endpoint for nova-volume, execute the following command:

keystone endpoint-create --region myregion --service_id f38f4564ff7b4e43a52b2f5c1b75e5fa --publicurl 'http://10.10.10.2:8776/v1/$(tenant_id)s' --adminurl 'http://10.10.10.2:8776/v1/$(tenant_id)s' --internalurl 'http://10.10.10.2:8776/v1/$(tenant_id)s'

For creating an endpoint for glance, execute the following command:

keystone endpoint-create --region myregion --service_id fbafab6edcab467bb734380ce6be3561 --publicurl 'http://10.10.10.2:9292/v1' --adminurl 'http://10.10.10.2:9292/v1' --internalurl 'http://10.10.10.2:9292/v1'

For creating an endpoint for swift, execute the following command:

keystone endpoint-create --region myregion --service_id 96f35e1112b143e59d5cd5d0e6a8b22d --publicurl 'http://10.10.10.2:8080/v1/AUTH_$(tenant_id)s' --adminurl 'http://10.10.10.2:8080/v1' --internalurl 'http://10.10.10.2:8080/v1/AUTH_$(tenant_id)s'

For creating an endpoint for keystone, execute the following command:

keystone endpoint-create --region myregion --service_id 7d4ec192dfa1456996f0f4c47415c7a7 --publicurl http://10.10.10.2:5000/v2.0 --adminurl http://10.10.10.2:35357/v2.0 --internalurl http://10.10.10.2:5000/v2.0

For creating an endpoint for ec2, execute the following command:

keystone endpoint-create --region myregion --service_id 28fd92ffe3824004996a3e04e059d875 --publicurl http://10.10.10.2:8773/services/Cloud --adminurl http://10.10.10.2:8773/services/Admin --internalurl http://10.10.10.2:8773/services/Cloud

========================================================

localadmin@OpenStack-1:~$ ifconfig
eth0      Link encap:Ethernet HWaddr 00:0c:29:52:d8:43
          inet addr:192.168.26.128 Bcast:192.168.26.255 Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe52:d843/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:7261 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5194 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4668208 (4.6 MB) TX bytes:570640 (570.6 KB)

keystone endpoint-create --region region_name --service_id service_id --publicurl public_url --adminurl admin_url --internalurl internal_url

1.For creating an endpoint for nova-compute, execute the following command:

keystone endpoint-create --region myregion --service_id 3f6045a2dff94838bc8c04349e400d7b --publicurl 'http://192.168.26.128:8774/v2/$(tenant_id)s' --adminurl 'http://192.168.26.128:8774/v2/$(tenant_id)s' --internalurl 'http://192.168.26.128:8774/v2/$(tenant_id)s'

2.For creating an endpoint for nova-volume, execute the following command:

keystone endpoint-create --region myregion --service_id ce65ff0c2360463ca3f1c7de9091a2f2 --publicurl 'http://192.168.26.128:8776/v1/$(tenant_id)s' --adminurl 'http://192.168.26.128:8776/v1/$(tenant_id)s' --internalurl 'http://192.168.26.128:8776/v1/$(tenant_id)s'

3.For creating an endpoint for glance, execute the following command:

keystone endpoint-create --region myregion --service_id fdee65a80a43408fa5a09a4b83eb522d --publicurl 'http://192.168.26.128:9292/v1' --adminurl 'http://192.168.26.128:9292/v1' --internalurl 'http://192.168.26.128:9292/v1'

4.For creating an endpoint for swift, execute the following command:

keystone endpoint-create --region myregion --service_id a137d2460e22480b96560480ba3aaa35 --publicurl 'http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s' --adminurl 'http://192.168.26.128:8080/v1' --internalurl 'http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s'

5.For creating an endpoint for keystone, execute the following command:

keystone endpoint-create --region myregion --service_id 0a645b805ad042e0b1c165ee88767de9 --publicurl http://192.168.26.128:5000/v2.0 --adminurl http://192.168.26.128:35357/v2.0 --internalurl http://192.168.26.128:5000/v2.0

6.For creating an endpoint for ec2, execute the following command:

keystone endpoint-create --region myregion --service_id 2b67c5132ef84e9296ba4bc830ad8b7f --publicurl http://192.168.26.128:8773/services/Cloud --adminurl http://192.168.26.128:8773/services/Admin --internalurl http://192.168.26.128:8773/services/Cloud

localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id 3f6045a2dff94838bc8c04349e400d7b --publicurl 'http://192.168.26.128:8774/v2/$(tenant_id)s' --adminurl 'http://192.168.26.128:8774/v2/$(tenant_id)s' --internalurl 'http://192.168.26.128:8774/v2/$(tenant_id)s'
+-------------+---------------------------------------------+
|   Property |                    Value                    |
+-------------+---------------------------------------------+
| adminurl    | http://192.168.26.128:8774/v2/$(tenant_id)s |
| id          | fe231052b8cb4c72b76a465d220794cc            |
| internalurl | http://192.168.26.128:8774/v2/$(tenant_id)s |
| publicurl   | http://192.168.26.128:8774/v2/$(tenant_id)s |
| region      | myregion                                    |
| service_id | 3f6045a2dff94838bc8c04349e400d7b            |
+-------------+---------------------------------------------+
localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id ce65ff0c2360463ca3f1c7de9091a2f2 --publicurl 'http://192.168.26.128:8776/v1/$(tenant_id)s' --adminurl 'http://192.168.26.128:8776/v1/$(tenant_id)s' --internalurl 'http://192.168.26.128:8776/v1/$(tenant_id)s'
+-------------+---------------------------------------------+
|   Property |                    Value                    |
+-------------+---------------------------------------------+
| adminurl    | http://192.168.26.128:8776/v1/$(tenant_id)s |
| id          | ba70dffe79b444498bb4d1b05af1fc12            |
| internalurl | http://192.168.26.128:8776/v1/$(tenant_id)s |
| publicurl   | http://192.168.26.128:8776/v1/$(tenant_id)s |
| region      | myregion                                    |
| service_id | ce65ff0c2360463ca3f1c7de9091a2f2            |
+-------------+---------------------------------------------+
localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id fdee65a80a43408fa5a09a4b83eb522d --publicurl 'http://192.168.26.128:9292/v1' --adminurl 'http://192.168.26.128:9292/v1' --internalurl 'http://192.168.26.128:9292/v1'
+-------------+----------------------------------+
|   Property |              Value               |
+-------------+----------------------------------+
| adminurl    | http://192.168.26.128:9292/v1    |
| id          | e0e1f5fa6c4940408cba6670e4764a1a |
| internalurl | http://192.168.26.128:9292/v1    |
| publicurl   | http://192.168.26.128:9292/v1    |
| region      | myregion                         |
| service_id | fdee65a80a43408fa5a09a4b83eb522d |
+-------------+----------------------------------+
localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id a137d2460e22480b96560480ba3aaa35 --publicurl 'http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s' --adminurl 'http://192.168.26.128:8080/v1' --internalurl 'http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s'
+-------------+--------------------------------------------------+
|   Property |                      Value                       |
+-------------+--------------------------------------------------+
| adminurl    | http://192.168.26.128:8080/v1                    |
| id          | 7b67aee572c94093b9b5c27a891b5e9e                 |
| internalurl | http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s |
| publicurl   | http://192.168.26.128:8080/v1/AUTH_$(tenant_id)s |
| region      | myregion                                         |
| service_id | a137d2460e22480b96560480ba3aaa35                 |
+-------------+--------------------------------------------------+
localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id 0a645b805ad042e0b1c165ee88767de9 --publicurl http://192.168.26.128:5000/v2.0 --adminurl http://192.168.26.128:35357/v2.0 --internalurl http://192.168.26.128:5000/v2.0
+-------------+----------------------------------+
|   Property |              Value               |
+-------------+----------------------------------+
| adminurl    | http://192.168.26.128:35357/v2.0 |
| id          | c6380d2b2af945159d485f02b0b1298f |
| internalurl | http://192.168.26.128:5000/v2.0 |
| publicurl   | http://192.168.26.128:5000/v2.0 |
| region      | myregion                         |
| service_id | 0a645b805ad042e0b1c165ee88767de9 |
+-------------+----------------------------------+
localadmin@OpenStack-1:~$
localadmin@OpenStack-1:~$ keystone endpoint-create --region myregion --service_id 2b67c5132ef84e9296ba4bc830ad8b7f --publicurl http://192.168.26.128:8773/services/Cloud --adminurl http://192.168.26.128:8773/services/Admin --internalurl http://192.168.26.128:8773/services/Cloud
+-------------+-------------------------------------------+
|   Property |                   Value                   |
+-------------+-------------------------------------------+
| adminurl    | http://192.168.26.128:8773/services/Admin |
| id          | 3b42af5d3eab43448c92f60e6af41b21          |
| internalurl | http://192.168.26.128:8773/services/Cloud |
| publicurl   | http://192.168.26.128:8773/services/Cloud |
| region      | myregion                                  |
| service_id | 2b67c5132ef84e9296ba4bc830ad8b7f          |
+-------------+-------------------------------------------+

posted @ 2012-06-04 11:17 Jonson Li 阅读(1380) 评论(0) 收藏举报

刷新页面返回顶部

大数据与人工智能探索

“云”，“大数据”，“人工智能”正在改变着我们的生活，让我们一起来迎接新的变革与挑战吧。