十一、OpenStack项目管理:
11.1 基本管理
— 项目∶一组隔离的资源和对象。由一组关联的用户进行管理
— 老的版本里,也用租户(tenant)来表示
— 根据配置的需求,项目对应一个组织、一个公司或是一个使用客户等
— 项目中可以有多个用户,项目中的用户可以在该项目创建、管理虚资资源
— 具有admin角色的用户可以创建项目项目相关信息保存到MariaDB中
11.2 项目创建-图形
注:其中vcpu数量、云主机数量、内存比较重要、浮动IP(需要用钱买)
注默认用户不能删除
11.3 创建项目-命令
11.3.1 初始化环境变量
[root@host1 ~]# source ~/keystonerc_admin
[root@host1 ~(keystone_admin)]# env | grep OS
HOSTNAME=host1
OS_REGION_NAME=RegionOne
OS_PASSWORD=2174c6bf69be4430
OS_AUTH_URL=http://192.168.0.10:5000/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin
[root@host1 ~(keystone_admin)]# openstack help 使用帮助
[root@host1 ~(keystone_admin)]# openstack help | grep project
11.3.2 创建名为myproject项目
[root@host1 ~(keystone_admin)]# openstack project create myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| enabled | True |
| id | 7b16d25cae8c459dba136e0f374f934f |
| name | myproject |
+-------------+----------------------------------+
11.3.3 列出所有项目
[root@host1 ~(keystone_admin)]# openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 154870f02a6448ea828c88f5208323e7 | services |
| 7b16d25cae8c459dba136e0f374f934f | myproject |
| 7b289b9968f94cdd95ba5ebd7a5fe770 | admin |
| cb415fec8a274e3daad0fd790828b045 | momo2021 |
+----------------------------------+-----------+
11.3.4 查看myproject详细信息
[root@host1 ~(keystone_admin)]# openstack project show myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| enabled | True |
| id | 7b16d25cae8c459dba136e0f374f934f |
| name | myproject |
| properties | |
+-------------+----------------------------------+
11.3.5 禁止和启动项目
[root@host1 ~(keystone_admin)]# openstack project set --disable myproject
[root@host1 ~(keystone_admin)]# openstack project set --enable myproject
11.3.6 查看项目配合
[root@host1 ~(keystone_admin)]# nova quota-show --tenant myproject
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+
11.3.7 更新可用vcpu数目为30
[root@host1 ~(keystone_admin)]# nova quota-update --cores 30 myproject
[root@host1 ~(keystone_admin)]# nova quota-show --tenant myproject
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 30 |
| ram | 51200 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+
11.3.8 删除myproject
[root@host1 ~(keystone_admin)]# openstack project delete myproject
11.4 用户管理
非管理员用户权限: 起动实例 创建卷和快照 创建镜像 分配浮动IP 创建网络和路由器 创建防火墙以及规则、规则策略 查看网络拓扑、项目使用概况等
11.4.1 创建user2用户,指定密码为123456
[root@host1 ~(keystone_admin)]# openstack user create --password 132456 user2
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | d4dc897a38e946a1861e18ce5421355e |
| name | user2 |
| username | user2 |
+----------+----------------------------------+
11.4.2 设置user2的email地址
[root@host1 ~(keystone_admin)]# openstack user set --email user2@qq.com user2
11.4.3 列出所有用户
[root@host1 ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| b9487ff5e4e54d6eaa9c9959d5475e8f | admin |
| e4849d6dd3b74a63a154f259f6143b8e | neutron |
| a4db3da5da9b496ebb9b5218315c0b2f | gnocchi |
| d1ce188b529d4b5ab93d4d38a0be3096 | aodh |
| 0547adbbf08e4f25bb2d1ca7be78d92c | nova |
| 52082ac63145492a999448cad422a1c3 | glance |
| d736df493ecf4c1ea9ef50fe4ddcb55f | ceilometer |
| e7d6db6db74b4c2ea71459498b460d4c | cinder |
| 47543db543954f529aa9d3d151f841bf | user1 |
| d4dc897a38e946a1861e18ce5421355e | user2 |
+----------------------------------+------------+
11.4.4查看user2信息
[root@host1 ~(keystone_admin)]# opens
openssl openstack openstack-keystone-sample-data
11.4.5 查看user2信息
[root@host1 ~(keystone_admin)]# openstack user show user2
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | user2@qq.com |
| enabled | True |
| id | d4dc897a38e946a1861e18ce5421355e |
| name | user2 |
| username | user2 |
+----------+----------------------------------+
11.4.6 指定user2可以访问myproject,角色为_member_
[root@host1 ~(keystone_admin)]# openstack role add --user user2 --project myproject _member_
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 9fe2ff9ee4384b1894a90878d3e92bab |
| name | _member_ |
+-----------+----------------------------------+
11.4.8 查看user2在myproject中的角色
[root@host1 ~(keystone_admin)]# openstack role list --project myproject --user user2
Listing assignments using role list is deprecated as of the Newton release. Use role assignment list --user <user-name> --project <project-name> --names instead.
+----------------------------------+----------+-----------+-------+
| ID | Name | Project | User |
+----------------------------------+----------+-----------+-------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | myproject | user2 |
+----------------------------------+----------+-----------+-------+
11.4.9 禁用用户与启动用户
[root@host1 ~(keystone_admin)]# openstack user set --disable user2
[root@host1 ~(keystone_admin)]# openstack user set --enable user2
11.4.10 修改user2的密码为redhat
[root@host1 ~(keystone_admin)]# openstack user set --password redhat user2 //重置密码,不需要初始密码
11.4.11将user2从myproject中移除
[root@host1 ~(keystone_admin)]# openstack role remove --project myproject --user user2 _member_
11.4.12 删除user2用户
[root@host1 ~(keystone_admin)]# openstack user delete user2
[root@host1 ~(keystone_admin)]#
十一、OpenStack项目管理:
11.1 基本管理
— 项目∶一组隔离的资源和对象。由一组关联的用户进行管理
— 老的版本里,也用租户(tenant)来表示
— 根据配置的需求,项目对应一个组织、一个公司或是一个使用客户等
— 项目中可以有多个用户,项目中的用户可以在该项目创建、管理虚资资源
— 具有admin角色的用户可以创建项目项目相关信息保存到MariaDB中
11.2 项目创建-图形
注:其中vcpu数量、云主机数量、内存比较重要、浮动IP(需要用钱买)
注默认用户不能删除
11.3 创建项目-命令
11.3.1 初始化环境变量
[root@host1 ~]# source ~/keystonerc_admin
[root@host1 ~(keystone_admin)]# env | grep OS
HOSTNAME=host1
OS_REGION_NAME=RegionOne
OS_PASSWORD=2174c6bf69be4430
OS_AUTH_URL=http://192.168.0.10:5000/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin
[root@host1 ~(keystone_admin)]# openstack help 使用帮助
[root@host1 ~(keystone_admin)]# openstack help | grep project
11.3.2 创建名为myproject项目
[root@host1 ~(keystone_admin)]# openstack project create myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| enabled | True |
| id | 7b16d25cae8c459dba136e0f374f934f |
| name | myproject |
+-------------+----------------------------------+
11.3.3 列出所有项目
[root@host1 ~(keystone_admin)]# openstack project list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 154870f02a6448ea828c88f5208323e7 | services |
| 7b16d25cae8c459dba136e0f374f934f | myproject |
| 7b289b9968f94cdd95ba5ebd7a5fe770 | admin |
| cb415fec8a274e3daad0fd790828b045 | momo2021 |
+----------------------------------+-----------+
11.3.4 查看myproject详细信息
[root@host1 ~(keystone_admin)]# openstack project show myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| enabled | True |
| id | 7b16d25cae8c459dba136e0f374f934f |
| name | myproject |
| properties | |
+-------------+----------------------------------+
11.3.5 禁止和启动项目
[root@host1 ~(keystone_admin)]# openstack project set --disable myproject
[root@host1 ~(keystone_admin)]# openstack project set --enable myproject
11.3.6 查看项目配合
[root@host1 ~(keystone_admin)]# nova quota-show --tenant myproject
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+
11.3.7 更新可用vcpu数目为30
[root@host1 ~(keystone_admin)]# nova quota-update --cores 30 myproject
[root@host1 ~(keystone_admin)]# nova quota-show --tenant myproject
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 30 |
| ram | 51200 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+
11.3.8 删除myproject
[root@host1 ~(keystone_admin)]# openstack project delete myproject
11.4 用户管理
非管理员用户权限: 起动实例 创建卷和快照 创建镜像 分配浮动IP 创建网络和路由器 创建防火墙以及规则、规则策略 查看网络拓扑、项目使用概况等
11.4.1 创建user2用户,指定密码为123456
[root@host1 ~(keystone_admin)]# openstack user create --password 132456 user2
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | d4dc897a38e946a1861e18ce5421355e |
| name | user2 |
| username | user2 |
+----------+----------------------------------+
11.4.2 设置user2的email地址
[root@host1 ~(keystone_admin)]# openstack user set --email user2@qq.com user2
11.4.3 列出所有用户
[root@host1 ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| b9487ff5e4e54d6eaa9c9959d5475e8f | admin |
| e4849d6dd3b74a63a154f259f6143b8e | neutron |
| a4db3da5da9b496ebb9b5218315c0b2f | gnocchi |
| d1ce188b529d4b5ab93d4d38a0be3096 | aodh |
| 0547adbbf08e4f25bb2d1ca7be78d92c | nova |
| 52082ac63145492a999448cad422a1c3 | glance |
| d736df493ecf4c1ea9ef50fe4ddcb55f | ceilometer |
| e7d6db6db74b4c2ea71459498b460d4c | cinder |
| 47543db543954f529aa9d3d151f841bf | user1 |
| d4dc897a38e946a1861e18ce5421355e | user2 |
+----------------------------------+------------+
11.4.4查看user2信息
[root@host1 ~(keystone_admin)]# opens
openssl openstack openstack-keystone-sample-data
11.4.5 查看user2信息
[root@host1 ~(keystone_admin)]# openstack user show user2
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | user2@qq.com |
| enabled | True |
| id | d4dc897a38e946a1861e18ce5421355e |
| name | user2 |
| username | user2 |
+----------+----------------------------------+
11.4.6 指定user2可以访问myproject,角色为_member_
[root@host1 ~(keystone_admin)]# openstack role add --user user2 --project myproject _member_
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 9fe2ff9ee4384b1894a90878d3e92bab |
| name | _member_ |
+-----------+----------------------------------+
11.4.8 查看user2在myproject中的角色
[root@host1 ~(keystone_admin)]# openstack role list --project myproject --user user2
Listing assignments using role list is deprecated as of the Newton release. Use role assignment list --user <user-name> --project <project-name> --names instead.
+----------------------------------+----------+-----------+-------+
| ID | Name | Project | User |
+----------------------------------+----------+-----------+-------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | myproject | user2 |
+----------------------------------+----------+-----------+-------+
11.4.9 禁用用户与启动用户
[root@host1 ~(keystone_admin)]# openstack user set --disable user2
[root@host1 ~(keystone_admin)]# openstack user set --enable user2
11.4.10 修改user2的密码为redhat
[root@host1 ~(keystone_admin)]# openstack user set --password redhat user2 //重置密码,不需要初始密码
11.4.11将user2从myproject中移除
[root@host1 ~(keystone_admin)]# openstack role remove --project myproject --user user2 _member_
11.4.12 删除user2用户
[root@host1 ~(keystone_admin)]# openstack user delete user2
[root@host1 ~(keystone_admin)]#
11.5 配额管理
配额: 管理员可以通过配额限制,防止资源过度使用;配额基本项目,限制每个项目可以使用多少资源;这些操作上的功能上的限制,赋予了管理员对每个项止的精准控制
资源参数
安全组规则:指定每个项目可用的规则数
核心:指定每个项可用的VCPU核心数
固定IP地址:指定每个项目可用的固定IP数
浮动IP地址:指定每个项目可用的浮动IP数
注入文件大小 :指定每个项目内容大小
注入文件路径:指定每个项目注入的文件路径长度
注入文件:指定每个项目允许注入的文件数目
实例:指定每个项目可创建的虚拟机实例数目
密钥对:指定每个项可创建的密钥数
元数据:指定每个项目可用的元数据数据目
内存:指定每个项目可用的最大内存
安全组:指定每个项目可创建的安全组数目
列出项目的缺省配额
[root@host1 ~(keystone_admin)]# nova quota-defaults
列出myproject的配额
[root@host1 ~(keystone_admin)]# nova quota-show --tenant myproject
修改浮动IP地址配额
[root@host1 ~(keystone_admin)]# nova quota-update --floating-ips 20 myproject