Learning openstack authentication management, refer to "HCIP-Cloud_Computing-OpenStack_V1.0_ Laboratory Manual", the following experimental procedure
OpenStack Dashboard operation
After the first landing, you can change settings in the Chinese language and change the time zone
Then the left navigation bar select "Identity Management - role" into the role list, click "Create Role"
Create a role called "Role_web", and click Submit to complete the creation of the role
"Create a user" - "user management" to enter the list of users, click on the top right of the page on the left navigation bar to select
Username User_web_01, password abc @ 123, project selection system has created admin, roles Role_web, the other to keep the default
Repeat the above steps to create a user "User_web_02", select the role "admin"
In the left navigation bar select "Identity Management - Groups" to enter the list of user groups, click the upper right corner "Create Group"
Enter the user group name, "Group_web", then click the "Create Group"
Returns the list of user groups, user groups to be operated in the row "Actions", click on the "Manage members"
Enter the user group membership list, click the "Add User
Users opt-in list users in the group of "User_web_01" and "User_web_02"
Then view the user just added, click on the user name to enter the user overview page, view details
Then log out admin user, log in using User_web_01 and User_web_02
Create a project, modify the project quota
Login as admin, navigation bar, select "Identity Management - Project" to create the project
will complain when creating
this time need in the "Identity Management - Role", create a role "user"
In the "Project Information", fill in the project name "Project_web", keep the other default
Select "project members", the user "User_web_01" adding, role selection is "admin"
然后单击“创建项目”,完成项目的创建
返回项目列表,单击项目名称“Project_web",查看项目信息
注销admin,以User_web_01登陆,验证
再次以admin用户登陆,选择”身份管理-项目“,查看"Project_web"项目,按照如下方式配置”修改配额“
修改配额,分别在”实例“,”卷“和”网络“进行修改,分别修改为5,5,10进行资源限制
注销admin,以User_web_01登陆,选择进入Project_web项目,进入”计算-概况“确认项目的配额的变化
Openstack cli操作
创建角色、用户及用户组
进入controller节点,导入环境变量
. admin-openrc.sh
查看Openstack角色相关的命令的用法
openstack role --help
子命令具体用法可以通过如下方式进行查看openstack role create --help
使用命令创建Role_cliopenstack role create Role_cli
然后使用openstack user命令,通过--help参数查看命令用法opesntack user --help<br/>openstack user create --help<br/>
按照如下命令创建User_cli_01,并设置密码openstack user create --domain default --project admin --password-prompt User_cli_01
为用户User_cli_01在项目admin中添加角色Role_cliopenstack role add --project admin --user User_cli_01 Role_cli
然后创建一个用户User_cli_02,并在项目admin添加角色adminopenstack user create --domain default --project admin --password-prompt User_cli_02
openstack role add --project admin --user User_cli_02 admin
然后查看角色分配情况
openstack role assignment list --names |grep User_cli
创建用户组”Group_cli"
openstack group create Group_cli
然后为用户组“Group_cli"添加用户成员”User_cli_01"和“User_cli_02"
openstack group add user Group_cli User_cli_01 User_cli_02
创建User_cli_01的环境变量User_cli_01-openrc.sh,并编辑
cp admin-openrc.sh User_cli_01-openrc.sh
vi cp admin-openrc.sh User_cli_01-openrc.sh
重要修改用户名和密码
导入User_cli_01的环境变量文件,查看项目列表,只能看到项目admin
User_cli_01-openrc.sh
openstack project list
创建User_cli_02的环境变量文件User_cli_02-openrc.sh, 然后导入环境变量
cp admin-openrc.sh User_cli_02-openrc.sh
vi cp admin-openrc.sh User_cli_02-openrc.sh
检查项目列表,可以看到所有的项目
禁用用户,删除用户
导入admini-opensrc.sh环境变量,以admin身份进行操作
从用户组”Group_cli"中移除用户"User_cli_02"
openstack group remove user Group_cli User_cli_02
检查用户组Group_cli是否包含用户“User_cli_02"
openstack group contains user Group_cli User_cli_02
禁用用户"User_cli_02"
openstack user set --disable User_cli_02
查看用户”User_cli_02"的禁用状态
openstack user show User_cli_02
删除User_cli_02
openstack user delete User_cli_02
查看用户列表
openstack user list
可见用户User_cli_02已经不存在了
创建项目,修改项目配额
项目相关的命令主要是openstack project
创建项目“Project_cli"
openstack project create --domain default Project_cli
为用户”User_cli_02"在项目“Project_cli"中添加角色”admin"
openstack role add --project Project_cli --user User_cli_01 admin
查看角色分配情况
openstack role assignment list --name |grep User_cli_01
修改用户"User_cli_01"环境变量"User_cli_01-openstack.sh",修改项目为Project_cli
导入”User_cli_01"环境变量
检查项目列表
openstack project list
openstack配额相关命令是
oepnstack quota
查看项目Project_cli的默认配额
然后修改项目"Project_cli"的默认配额,将实例数量修改为5,卷数量修改为5,网络修改为10
openstack quota set --instances 5 --volumes 5 --networks 10 Project_cli
检查项目"Project_cli"的配额变化
openstack quota show Project_cli | grep -E "instances|volumes|networks"
确认修改成功
创建服务和服务端点
Use openstack cli can also perform some operations can not be performed on openstack dashboard, such as creating services and service endpoints.
Now beginning to create a swift service and the service endpoint description
first import admin environment variable
openstack service is service-related command
Create a service "swift"
openstack service create --name swift --description "Openstack Object Storage" object-store
View the list of services
openstack service list
openstack endpoint to endpoint related commands
Create a service "swift" service endpoint
openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1/AUTH_%\(tenant_id\)s
View service endpoint swif services
openstack endpoint list |grep swift
At this time landing opesntack dashboard interface, in the "project - object storage - container" to confirm