openstack中Keystone组件简解
作者:@郑琰
本文转载请注明出处!:https://www.cnblogs.com/zhengyan6/p/16204696.html
一、Keystone服务概述
在Openstack框架中,keystone(Openstack Identity Service)的功能是负责验证身份、校验服务规则和发布服务令牌的,它实现了Openstack的Identity API.keystone可分解为两个功能:权限管理和服务目录。
二、Keystone运维操作
1、keystone运维命令
# 环境配置 source /etc/keystone/admin-openrc.sh # 创建 zzz用户 openstack user create --password ps1234 --email zzz@example.com --domain demo zzz # 创建acme项目 openstack project create --domain demo acme # 创建角色 openstack role create compute-user # 绑定用户和项目权限 # 添加的用户需要分配一定的权限,需要把用户关联绑定到对应的项目和角色 openstack role add --user zzz --project acme compute-user
2、keystone查询命令
# 用户列表查询 [root@controller ~]# openstack user list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0f217182b5af448c988f5464c706a337 | admin | | 1579d0526c8b4cf0ba1158960054fde0 | neutron | | 408d6f8e000847a3a9a0f799a1ea2ef6 | zzz | | 560d1dca91184856822e3750ea2f4afb | nova | | 5ca7355fbe4f4b87b352a72f9c4b4a66 | cinder | | 93443c8fc497495e8bb9033a1a52fc1d | demo | | d5bcfce4e83d4ef696bcd87599399429 | swift | | e255b170101c41d3b839dbb013daef02 | glance | +----------------------------------+---------+ # 查询hqs用户详细信息 [root@controller ~]# openstack user show zzz +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 90f55d85d1824e2ca27318eefc57535e | | email | zzz@example.com | | enabled | True | | id | 408d6f8e000847a3a9a0f799a1ea2ef6 | | name | zzz | +-----------+----------------------------------+ # 查询当前openstack平台所有项目 [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 015510f69fd74453a700a529b7bee827 | demo | | 168c9d9e5cf448c2a3dab6335590566a | service | | 386dbfcf77e444c7872e4e23d5829fcc | admin | | b66f515463e54b229b1d61d9313717ff | acme | +----------------------------------+---------+ # 查询acme项目详情 [root@controller ~]# openstack project show acme +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | domain_id | 90f55d85d1824e2ca27318eefc57535e | | enabled | True | | id | b66f515463e54b229b1d61d9313717ff | | is_domain | False | | name | acme | | parent_id | 90f55d85d1824e2ca27318eefc57535e | +-------------+----------------------------------+ # 查询所有keystone角色 [root@controller ~]# openstack role list +----------------------------------+--------------+ | ID | Name | +----------------------------------+--------------+ | 0190945cf6a84b60bb2f4631f85c30fa | compute-user | | 4c438257d4a24e4aa4d4fcbeff248bce | user | | d8ac2f3e57664b7abee701d82c9bbf16 | admin | +----------------------------------+--------------+ # 查询compute-user角色详细信息 [root@controller ~]# openstack role show compute-user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 0190945cf6a84b60bb2f4631f85c30fa | | name | compute-user | +-----------+----------------------------------+ # 查看平台所有服务所使用的端点地址 [root@controller ~]# openstack endpoint list +------------+-----------+--------------+--------------+---------+-----------+---------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +------------+-----------+--------------+--------------+---------+-----------+---------------+ | 14f90cb0cb | RegionOne | nova | compute | True | internal | http://contro |
分类:
OpenStack
标签:
OpenStack·
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)