openstack中Keystone组件简解

一、Keystone服务概述

在Openstack框架中,keystone(Openstack Identity Service)的功能是负责验证身份、校验服务规则和发布服务令牌的,它实现了Openstack的Identity API.keystone可分解为两个功能:权限管理和服务目录。

二、Keystone运维操作

1、keystone运维命令

# 环境配置
source /etc/keystone/admin-openrc.sh

# 创建 zzz用户
openstack user create --password ps1234 --email zzz@example.com --domain demo zzz

# 创建acme项目
openstack project create --domain demo acme

# 创建角色
openstack role create compute-user

# 绑定用户和项目权限
# 添加的用户需要分配一定的权限,需要把用户关联绑定到对应的项目和角色
openstack role add --user zzz --project acme compute-user

2、keystone查询命令

# 用户列表查询
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 0f217182b5af448c988f5464c706a337 | admin   |
| 1579d0526c8b4cf0ba1158960054fde0 | neutron |
| 408d6f8e000847a3a9a0f799a1ea2ef6 | zzz     |
| 560d1dca91184856822e3750ea2f4afb | nova    |
| 5ca7355fbe4f4b87b352a72f9c4b4a66 | cinder  |
| 93443c8fc497495e8bb9033a1a52fc1d | demo    |
| d5bcfce4e83d4ef696bcd87599399429 | swift   |
| e255b170101c41d3b839dbb013daef02 | glance  |
+----------------------------------+---------+

# 查询hqs用户详细信息
[root@controller ~]# openstack user show zzz
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 90f55d85d1824e2ca27318eefc57535e |
| email     | zzz@example.com                  |
| enabled   | True                             |
| id        | 408d6f8e000847a3a9a0f799a1ea2ef6 |
| name      | zzz                              |
+-----------+----------------------------------+

# 查询当前openstack平台所有项目
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 015510f69fd74453a700a529b7bee827 | demo    |
| 168c9d9e5cf448c2a3dab6335590566a | service |
| 386dbfcf77e444c7872e4e23d5829fcc | admin   |
| b66f515463e54b229b1d61d9313717ff | acme    |
+----------------------------------+---------+

# 查询acme项目详情
[root@controller ~]# openstack project show acme
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | 90f55d85d1824e2ca27318eefc57535e |
| enabled     | True                             |
| id          | b66f515463e54b229b1d61d9313717ff |
| is_domain   | False                            |
| name        | acme                             |
| parent_id   | 90f55d85d1824e2ca27318eefc57535e |
+-------------+----------------------------------+

# 查询所有keystone角色
[root@controller ~]# openstack role list
+----------------------------------+--------------+
| ID                               | Name         |
+----------------------------------+--------------+
| 0190945cf6a84b60bb2f4631f85c30fa | compute-user |
| 4c438257d4a24e4aa4d4fcbeff248bce | user         |
| d8ac2f3e57664b7abee701d82c9bbf16 | admin        |
+----------------------------------+--------------+

# 查询compute-user角色详细信息
[root@controller ~]# openstack role show compute-user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 0190945cf6a84b60bb2f4631f85c30fa |
| name      | compute-user                     |
+-----------+----------------------------------+

# 查看平台所有服务所使用的端点地址
[root@controller ~]# openstack endpoint list
+------------+-----------+--------------+--------------+---------+-----------+---------------+
| ID         | Region    | Service Name | Service Type | Enabled | Interface | URL           |
+------------+-----------+--------------+--------------+---------+-----------+---------------+
| 14f90cb0cb | RegionOne | nova         | compute      | True    | internal  | http://contro |
posted @ 2022-04-28 21:42  郑琰  阅读(200)  评论(0编辑  收藏  举报
#

# #