阅读392 返回首页    go 阿里云 go 技术社区[云栖]

openstack 命令行管理六 - 用户管理 (备忘)

openstack 中, 常见用户管理命令是 keystone
常见的管理是, 增加, 删除, 修改用户, 为用户设定角色
默认时候, 增加用户时都需要为用户指定一个租户, 我们同样介绍如何把用户加入到另外的一个租户中去

帮助

[root@station140 ~(keystone_admin)]# keystone  | grep user
                [--os-username <auth-user-name>]
                        Create EC2-compatible credentials for user per tenant.
                        List EC2-compatible credentials for a user
    token-get           Display the current user token.
    user-create         Create new user
    user-delete         Delete user
    user-get            Display user details.
    user-list           List users.
    user-password-update
                        Update user password.
    user-role-add       Add role to user
    user-role-list      List roles granted to a user
    user-role-remove    Remove role from user
    user-update         Update user's name, email, and enabled status.
    bootstrap           Grants a new role to a new user on a new tenant, after
  --os-username <auth-user-name>
                        one via authentication (e.g. with username &


添加用户方法

[root@station140 ~(keystone_admin)]# keystone user-create --name terry --tenant cloud --pass vipshop --email <a target=_blank target="_blank" href="mailto:signmem@hotmail.com">signmem@hotmail.com</a> --enabled true
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |      <a target=_blank target="_blank" href="mailto:signmem@hotmail.com">signmem@hotmail.com</a>         |
| enabled  |               True               |
|    id    | 8f6478593aa845b3b44eded4aade0f6f |
|   name   |              terry               |
| tenantId | 9467f30b8bba4770a06a687e4584636b |  <- 对应 cloud 的 id
+----------+----------------------------------+

更新用户信息 

keystone user-update --name terry --email terry@111.com terry


keystone user-list 命令只能够列出所有用户 或使用参数指定属于某个 project 中的用户

[root@station140 ~(keystone_admin)]# keystone user-list --tenant cloud
+----------------------------------+-------+---------+---------------+
|                id                |  name | enabled |     email     |
+----------------------------------+-------+---------+---------------+
| 8f6478593aa845b3b44eded4aade0f6f | terry |   True  | terry@111.com |
+----------------------------------+-------+---------+---------------+


默认状态下, openstack 对租户具有两种常见格式, 管理员与用户(admin, _member_)

[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone role-list
+----------------------------------+---------------+
|                id                |      name     |
+----------------------------------+---------------+
| e46045f97c974133980771e64913d75b | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 301acc99e28c457f9b27087a1eb1ab0b |     admin     |
+----------------------------------+---------------+



上面 user-create 命令, 把用户添加到 tenant 中, 默认用户具有 member 角色, 可以通过命令令用户成为管理员
keystone user-role-add --user terry.zeng --role admin --tenant cloud



把用户添加到另外一个租户方法, (用户只能够使用自己所属租户中的资源)
keystone user-role-add --user terry.zeng --role _member_ --tenant DEV





假如要查询其他用户在某个 tenant 下的角色方法
你首先需要知道该用户密码, 才可以以该用户身份去执行角色查询, 因此这个方式是不推荐的


修改用户密码方法
[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone user-password-update terry.zeng
New Password:
Repeat New Password:



查询用户 terry.zeng 在 tenant QA 中的角色方法如下
[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone --os-username terry.zeng --os-password 123123 --os-tenant-name QA user-role-list
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 62b3813eb92e415b85816722e9479636 | 98e5fdd9e50f423881f49c845e1d26ad |
| 301acc99e28c457f9b27087a1eb1ab0b |  admin   | 62b3813eb92e415b85816722e9479636 | 98e5fdd9e50f423881f49c845e1d26ad |
+----------------------------------+----------+----------------------------------+----------------------------------+




另外一个方法, 可以通过直接查询数据库获得
mysql> select a.name username, b.name tenant, c.name role  from keystone.user a, keystone.project b, keystone.role c, keystone.assignment d  where a.id = d.actor_id  and b.id = d.target_id  and c.id = d.role_id and a.name='terry.zeng' order by tenant;
+------------+--------+----------+
| username   | tenant | role     |
+------------+--------+----------+
| terry.zeng | DEV    | _member_ |
| terry.zeng | DEV    | admin    |
| terry.zeng | DMZ1   | _member_ |
| terry.zeng | DMZ1   | admin    |
| terry.zeng | DMZ2   | admin    |
| terry.zeng | DMZ2   | _member_ |
| terry.zeng | MGMT   | _member_ |
| terry.zeng | MGMT   | admin    |
| terry.zeng | MOBILE | _member_ |
| terry.zeng | MOBILE | admin    |
| terry.zeng | OPS    | _member_ |
| terry.zeng | QA     | admin    |
| terry.zeng | QA     | _member_ |
| terry.zeng | QATOOL | admin    |
| terry.zeng | QATOOL | _member_ |
+------------+--------+----------+
15 rows in set (0.01 sec)

最后更新:2017-04-03 12:55:07

  上一篇:go 设计模式学习总结
  下一篇:go Maven、Webx、Velocity学习总结(很好理解的一篇文章)