閱讀392 返回首頁    go 技術社區[雲棲]

openstack 命令行管理六 - 用戶管理 (備忘)

openstack 中, 常見用戶管理命令是 keystone
常見的管理是, 增加, 刪除, 修改用戶, 為用戶設定角色
默認時候, 增加用戶時都需要為用戶指定一個租戶, 我們同樣介紹如何把用戶加入到另外的一個租戶中去

幫助

[root@station140 ~(keystone_admin)]# keystone  | grep user
                [--os-username <auth-user-name>]
                        Create EC2-compatible credentials for user per tenant.
                        List EC2-compatible credentials for a user
    token-get           Display the current user token.
    user-create         Create new user
    user-delete         Delete user
    user-get            Display user details.
    user-list           List users.
    user-password-update
                        Update user password.
    user-role-add       Add role to user
    user-role-list      List roles granted to a user
    user-role-remove    Remove role from user
    user-update         Update user's name, email, and enabled status.
    bootstrap           Grants a new role to a new user on a new tenant, after
  --os-username <auth-user-name>
                        one via authentication (e.g. with username &


添加用戶方法

[root@station140 ~(keystone_admin)]# keystone user-create --name terry --tenant cloud --pass vipshop --email <a target=_blank target="_blank" href="mailto:signmem@hotmail.com">signmem@hotmail.com</a> --enabled true
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |      <a target=_blank target="_blank" href="mailto:signmem@hotmail.com">signmem@hotmail.com</a>         |
| enabled  |               True               |
|    id    | 8f6478593aa845b3b44eded4aade0f6f |
|   name   |              terry               |
| tenantId | 9467f30b8bba4770a06a687e4584636b |  <- 對應 cloud 的 id
+----------+----------------------------------+

更新用戶信息 

keystone user-update --name terry --email terry@111.com terry


keystone user-list 命令隻能夠列出所有用戶 或使用參數指定屬於某個 project 中的用戶

[root@station140 ~(keystone_admin)]# keystone user-list --tenant cloud
+----------------------------------+-------+---------+---------------+
|                id                |  name | enabled |     email     |
+----------------------------------+-------+---------+---------------+
| 8f6478593aa845b3b44eded4aade0f6f | terry |   True  | terry@111.com |
+----------------------------------+-------+---------+---------------+


默認狀態下, openstack 對租戶具有兩種常見格式, 管理員與用戶(admin, _member_)

[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone role-list
+----------------------------------+---------------+
|                id                |      name     |
+----------------------------------+---------------+
| e46045f97c974133980771e64913d75b | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 301acc99e28c457f9b27087a1eb1ab0b |     admin     |
+----------------------------------+---------------+



上麵 user-create 命令, 把用戶添加到 tenant 中, 默認用戶具有 member 角色, 可以通過命令令用戶成為管理員
keystone user-role-add --user terry.zeng --role admin --tenant cloud



把用戶添加到另外一個租戶方法, (用戶隻能夠使用自己所屬租戶中的資源)
keystone user-role-add --user terry.zeng --role _member_ --tenant DEV





假如要查詢其他用戶在某個 tenant 下的角色方法
你首先需要知道該用戶密碼, 才可以以該用戶身份去執行角色查詢, 因此這個方式是不推薦的


修改用戶密碼方法
[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone user-password-update terry.zeng
New Password:
Repeat New Password:



查詢用戶 terry.zeng 在 tenant QA 中的角色方法如下
[root@hh-yun-puppet-129021 ~(keystone_admin)]# keystone --os-username terry.zeng --os-password 123123 --os-tenant-name QA user-role-list
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 62b3813eb92e415b85816722e9479636 | 98e5fdd9e50f423881f49c845e1d26ad |
| 301acc99e28c457f9b27087a1eb1ab0b |  admin   | 62b3813eb92e415b85816722e9479636 | 98e5fdd9e50f423881f49c845e1d26ad |
+----------------------------------+----------+----------------------------------+----------------------------------+




另外一個方法, 可以通過直接查詢數據庫獲得
mysql> select a.name username, b.name tenant, c.name role  from keystone.user a, keystone.project b, keystone.role c, keystone.assignment d  where a.id = d.actor_id  and b.id = d.target_id  and c.id = d.role_id and a.name='terry.zeng' order by tenant;
+------------+--------+----------+
| username   | tenant | role     |
+------------+--------+----------+
| terry.zeng | DEV    | _member_ |
| terry.zeng | DEV    | admin    |
| terry.zeng | DMZ1   | _member_ |
| terry.zeng | DMZ1   | admin    |
| terry.zeng | DMZ2   | admin    |
| terry.zeng | DMZ2   | _member_ |
| terry.zeng | MGMT   | _member_ |
| terry.zeng | MGMT   | admin    |
| terry.zeng | MOBILE | _member_ |
| terry.zeng | MOBILE | admin    |
| terry.zeng | OPS    | _member_ |
| terry.zeng | QA     | admin    |
| terry.zeng | QA     | _member_ |
| terry.zeng | QATOOL | admin    |
| terry.zeng | QATOOL | _member_ |
+------------+--------+----------+
15 rows in set (0.01 sec)

最後更新:2017-04-03 12:55:07

  上一篇:go 設計模式學習總結
  下一篇:go Maven、Webx、Velocity學習總結(很好理解的一篇文章)