keystone认证服务
实验操作平台:OpenStack单节点操作
一、相关概念
1、认证(authentication)
认证是确认允许一个用户访问的进程
2、证书(credentials)
用于确认用户身份的数据
3、令牌(token)
通常指的是一串比特值或者字符串,用来作为访问资源的记号。(令牌的有效期是有限的,可以随时被撤回)
4、租户(tenant)
早期版本又称为project,它是各服务中的一些可以访问的资源集合
平台构建完毕会产生admin、service和demo三个租户。
admin租户代表管理组,拥有平台的最高权限,可以更新、删除和修改系统的任何数据。
service代表平台内所有的服务的总集合,平台安装的所有服务默认会加入到此租户中,为后期的统一管理提供帮助,此租户可以修改当期租户下所有服务的配置信息,提交租户的内容以及修改。
demo则是一个演示测试租户
5、用户(user)
使用服务的用户,可以是人、服务或系统使用OpenStack相关服务的一个组织
6、角色(role)
代表一组用户可以访问的资源权限
平台构建完毕,系统会创建_member_、admin两个用户权限,
_member_表示系统的普通用户的权限,拥有系统的正常使用和对当前租户的管理权限
admin角色是代表系统的管理员身份,对系统又绝对的管理权限
7、关系
OpenStack中项目(project)、用户(user)和角色(role)3者的关系如下:
项目是用户的集合,项目又称为租户或accounts,用户可以属于一个或多个项目,角色决定了用户的权限,可以分配角色给user-project组
8、认证服务流程
用户请求云主机的流程涉及认证Keystone服务、计算Nova服务、镜像Glance服务,在服务流程中,令牌(Token)作为流程认证传递,具体服务申请认证机制流程,如图:
服务申请认证机制流程
二、配置keystone应用环境
管理用户的环境变量:admin-openrc.sh
来管理最终的凭证和终端
主配置文件位置
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# ls
admin-openrc.sh default_catalog.templates keystone.conf logging.conf policy.json ssl
请求身份令牌来验证服务
[root@controller ~]# keystone --os-username=admin --os-password= --os-auth-url=http://192.168.100.10:35357/v2.0 token-get
+-----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+-----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | --24T17::36Z |
| id | MIIM0gYJKoZIhvcNAQcCoIIMwzCCDL8CAQExCTAHBgUrDgMCGjCCCygGCSqGSIb3DQEHAaCCCxkEggsVeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxOS0wMS0yNFQxNjowNTozNi40MDE4NDIiLCAiZXhwaXJlcyI6ICIyMDE5LTAxLTI0VDE3OjA1OjM2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogIkFkbWluIFRlbmFudCIsICJlbmFibGVkIjogdHJ1ZSwgImlkIjogIjE4ZTM4NTQ1YTIwZjRmYmI4ZGJhODk0NDExOGQ0M2JjIiwgIm5hbWUiOiAiYWRtaW4ifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFt7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjg3NzQvdjIvMThlMzg1NDVhMjBmNGZiYjhkYmE4OTQ0MTE4ZDQzYmMiLCAicmVnaW9uIjogInJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4Nzc0L3YyLzE4ZTM4NTQ1YTIwZjRmYmI4ZGJhODk0NDExOGQ0M2JjIiwgImlkIjogIjQ1N2IzODViNzBiYzQxMDI4ZGIzOThkZGZiMmM1ODUzIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4Nzc0L3YyLzE4ZTM4NTQ1YTIwZjRmYmI4ZGJhODk0NDExOGQ0M2JjIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImNvbXB1dGUiLCAibmFtZSI6ICJub3ZhIn0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6OTY5NiIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjk2OTYiLCAiaWQiOiAiN2M0OWI0YjI3M2Y2NDA3ZGI1YjM2ZmZmMGUyM2ZlYTciLCAicHVibGljVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjk2OTYifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAibmV0d29yayIsICJuYW1lIjogIm5ldXRyb24ifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4Nzc2L3YyLzE4ZTM4NTQ1YTIwZjRmYmI4ZGJhODk0NDExOGQ0M2JjIiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6ODc3Ni92Mi8xOGUzODU0NWEyMGY0ZmJiOGRiYTg5NDQxMThkNDNiYyIsICJpZCI6ICI0MmYyMDIxOTYzOWU0NzY4OGViZGMzNmZjMDAxOWJiYyIsICJwdWJsaWNVUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6ODc3Ni92Mi8xOGUzODU0NWEyMGY0ZmJiOGRiYTg5NDQxMThkNDNiYyJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJ2b2x1bWV2MiIsICJuYW1lIjogImNpbmRlcnYyIn0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6OTI5MiIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjkyOTIiLCAiaWQiOiAiMjk3MTg2MTUyZGQ4NDI1MTk3OWNkYmVhMDY1ZWM2ODgiLCAicHVibGljVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjkyOTIifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFtZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4Nzc2L3YxLzE4ZTM4NTQ1YTIwZjRmYmI4ZGJhODk0NDExOGQ0M2JjIiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6ODc3Ni92MS8xOGUzODU0NWEyMGY0ZmJiOGRiYTg5NDQxMThkNDNiYyIsICJpZCI6ICIzMTdjYWZhYTliZjA0YmE2ODU2MjkyYTJkMjRjY2IwYiIsICJwdWJsaWNVUkwiOiAiaHR0cDovL2NvbnRyb2xsZXI6ODc3Ni92MS8xOGUzODU0NWEyMGY0ZmJiOGRiYTg5NDQxMThkNDNiYyJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJ2b2x1bWUiLCAibmFtZSI6ICJjaW5kZXIifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4MDgwL3YyL0FVVEhfMThlMzg1NDVhMjBmNGZiYjhkYmE4OTQ0MTE4ZDQzYmMiLCAicmVnaW9uIjogInJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo4MDgwL3YyL0FVVEhfMThlMzg1NDVhMjBmNGZiYjhkYmE4OTQ0MTE4ZDQzYmMiLCAiaWQiOiAiM2Q5ZTVmM2JhNWJlNDgzOWFlNjVlOGYwNjQxNzA5NTEiLCAicHVibGljVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjgwODAvdjIvQVVUSF8xOGUzODU0NWEyMGY0ZmJiOGRiYTg5NDQxMThkNDNiYyJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJvYmplY3Qtc3RvcmUiLCAibmFtZSI6ICJzd2lmdCJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjM1MzU3L3YyLjAiLCAicmVnaW9uIjogInJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vY29udHJvbGxlcjo1MDAwL3YyLjAiLCAiaWQiOiAiMDVjMjI1NzcwMjVhNDA5MzkzZWU2NGY0NmU5N2FjNDAiLCAicHVibGljVVJMIjogImh0dHA6Ly9jb250cm9sbGVyOjUwMDAvdjIuMCJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJpZGVudGl0eSIsICJuYW1lIjogImtleXN0b25lIn1dLCAidXNlciI6IHsidXNlcm5hbWUiOiAiYWRtaW4iLCAicm9sZXNfbGlua3MiOiBbXSwgImlkIjogIjRkZmE1NzE4MDQ0NDRiODY4NGY0MmQyNTY2N2UyZTBjIiwgInJvbGVzIjogW3sibmFtZSI6ICJfbWVtYmVyXyJ9LCB7Im5hbWUiOiAiYWRtaW4ifV0sICJuYW1lIjogImFkbWluIn0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbIjlmZTJmZjllZTQzODRiMTg5NGE5MDg3OGQzZTkyYmFiIiwgImI1NjJkMTRlY2M5MTRlMDNiYjRjZDRiMGJhZDAwYTg4Il19fX0xggGBMIIBfQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEAktxDU55tvzHyCI6x7dtYo9fhvKovjC24EsQTYOiUAFN4jNcrViNEvWX4U4Ohy6HE1p+6V2KPLR+z3--PEL21llnujgVm6Nvcw3AIPOmOFwVI5S5skrIWX56r1fowUmImqeeBhzc7yf98-4dVGdgtsvXCoUZFXw+1xBHLpRZvKNvvvp6w+rhn0GXIVcW+4eDgUw4yhyhOX7Skgq+vRz2u9y2masGKEwHacN9e55Hnwh6ISL8fYeE8zSk8ABUs91tk0g33T6kLA-lGZDnQ+YZ6-P0lpIAzVsYI5qqhxvilB-W2nqtXlVNBxwcQ1JyCXdfxYTiZ-Fb3nC7cG27QXfwzg== |
| tenant_id | 18e38545a20f4fbb8dba8944118d43bc |
| user_id | 4dfa571804444b8684f42d25667e2e0c |
+-----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
以admin用户访问http://172.24.0.10:35357/v2.0地址获取token值
三、管理认证用户
1、创建用户
创建一个名称为“alice”账户,密码为“mypassword123”,邮箱为“alice@example.com”
# keystone user-create --name=alice --pass=mypassword123 --email=alice@example.com
格式如下
keystone user-create --name <user-name> --tenant <tenant> --pass <pass> --email <email> --enabled <true|false>
参数 <tenant>代表绑定租户
[root@controller ~]# keystone user-create --name=alice --pass=mypassword123 --email=alice@example.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | alice@example.com |
| enabled | True |
| id | cf126a8e69574dd6ba48acff29046951 |
| name | alice |
| username | alice |
+----------+----------------------------------+
查看
2、创建租户
创建一个名为“acme”租户
其他参数:
租户描述名:[--description <tenant-description>]
[--enabled <true|false>]
# keystone tenant-create --name=acme
[root@controller ~]# keystone tenant-create --name=acme
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 12ad967d5d6742328f007749917cc5b1 |
| name | acme |
+-------------+----------------------------------+
3、创建角色
角色限定了用户的操作权限。例如,创建一个角色“compute-user”。
# keystone role-create --name=compute-user
[root@controller ~]# keystone role-create --name=compute-user
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | c26db3d217044f32a3f27fa88874eba6 |
| name | compute-user |
+----------+----------------------------------+
4、绑定用户和租户权限
把用户关联绑定到对应的租户和角色
给用户“alice”分配“acme”租户下的“compute-user”角色
# keystone user-role-add --user=alice --role=compute-user --tenant-id=12ad967d5d6742328f007749917cc5b1
[root@controller ~]# keystone user-role-add --user=alice --role=compute-user --tenant-id=12ad967d5d6742328f007749917cc5b1
[root@controller ~]#
在OpenStack中验证服务的身份令牌也可以直接在admin-openrc.sh文件中定义系统用户、密码以及认证服务的endpoint等参数,在实际应用中,直接引用(source)环境变量,即可使用Keystone。
四、OpenStack服务
Nova、Glance、Swift、Heat、Ceilometer
Nova提供云计算服务
Glance提供镜像管理服务
Swift提供对象存储服务
Heat提供资源编排服务
Ceilometer提供告警计费服务
Cinder提供块存储服务
OpenStack为每一个服务提供一个用于访问的端点(endpoint),如果需要访问服务,则必须知道它的端点,端点一般为url,我们知道服务的url,就可以访问它。
端点的url具有public、private和admin三种权限。
public url可以被全局访问
private url只能被局域网访问
admin url被从常规的访问中分离出来
1、查询服务目录
显示所有已有的service
# keystone catalog
[root@controller ~]# keystone catalog
Service: compute
+-------------+------------------------------------------------------------+
| Property | Value |
+-------------+------------------------------------------------------------+
| adminURL | http://controller:8774/v2/18e38545a20f4fbb8dba8944118d43bc |
| id | 457b385b70bc41028db398ddfb2c5853 |
| internalURL | http://controller:8774/v2/18e38545a20f4fbb8dba8944118d43bc |
| publicURL | http://controller:8774/v2/18e38545a20f4fbb8dba8944118d43bc |
| region | regionOne |
+-------------+------------------------------------------------------------+
Service: network
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminURL | http://controller:9696 |
| id | 7c49b4b273f6407db5b36fff0e23fea7 |
| internalURL | http://controller:9696 |
| publicURL | http://controller:9696 |
| region | regionOne |
+-------------+----------------------------------+
Service: volumev2
+-------------+------------------------------------------------------------+
| Property | Value |
+-------------+------------------------------------------------------------+
| adminURL | http://controller:8776/v2/18e38545a20f4fbb8dba8944118d43bc |
| id | 42f20219639e47688ebdc36fc0019bbc |
| internalURL | http://controller:8776/v2/18e38545a20f4fbb8dba8944118d43bc |
| publicURL | http://controller:8776/v2/18e38545a20f4fbb8dba8944118d43bc |
| region | regionOne |
+-------------+------------------------------------------------------------+
Service: image
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminURL | http://controller:9292 |
| id | 297186152dd84251979cdbea065ec688 |
| internalURL | http://controller:9292 |
| publicURL | http://controller:9292 |
| region | regionOne |
+-------------+----------------------------------+
Service: volume
+-------------+------------------------------------------------------------+
| Property | Value |
+-------------+------------------------------------------------------------+
| adminURL | http://controller:8776/v1/18e38545a20f4fbb8dba8944118d43bc |
| id | 317cafaa9bf04ba6856292a2d24ccb0b |
| internalURL | http://controller:8776/v1/18e38545a20f4fbb8dba8944118d43bc |
| publicURL | http://controller:8776/v1/18e38545a20f4fbb8dba8944118d43bc |
| region | regionOne |
+-------------+------------------------------------------------------------+
Service: object-store
+-------------+-----------------------------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------------------------+
| adminURL | http://controller:8080/v2/AUTH_18e38545a20f4fbb8dba8944118d43bc |
| id | 3d9e5f3ba5be4839ae65e8f064170951 |
| internalURL | http://controller:8080/v2/AUTH_18e38545a20f4fbb8dba8944118d43bc |
| publicURL | http://controller:8080/v2/AUTH_18e38545a20f4fbb8dba8944118d43bc |
| region | regionOne |
+-------------+-----------------------------------------------------------------+
Service: identity
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminURL | http://controller:35357/v2.0 |
| id | 05c22577025a409393ee64f46e97ac40 |
| internalURL | http://controller:5000/v2.0 |
| publicURL | http://controller:5000/v2.0 |
| region | regionOne |
+-------------+----------------------------------+
[root@controller ~]#
2、显示某个service信息
keystone catalog --service <service-type>
[root@controller ~]# keystone catalog --service network
Service: network
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminURL | http://controller:9696 |
| id | 7c49b4b273f6407db5b36fff0e23fea7 |
| internalURL | http://controller:9696 |
| publicURL | http://controller:9696 |
| region | regionOne |
+-------------+----------------------------------+
3、查询Keystone服务器和授权协议
# keystone discover
[root@controller ~]# keystone discover
Keystone found at http://controller:35357/v2.0
- supports version v2. (stable) here http://controller:35357/v2.0/
- and s3tokens: OpenStack S3 API
- and OS-EP-FILTER: OpenStack Keystone Endpoint Filter API
- and OS-FEDERATION: OpenStack Federation APIs
- and OS-KSADM: OpenStack Keystone Admin
- and OS-SIMPLE-CERT: OpenStack Simple Certificate API
- and OS-EC2: OpenStack EC2 API
[root@controller ~]#
4、创建服务
格式:
keystone service-create --name <name> --type <type> --description <service-description>
参数说明:
--name <name>:创建的服务名称。
--type <type>:创建服务类型。
--description <service-description> 创建服务描述
5、创建服务访问端点
格式:
keystone endpoint-create --region <endpoint-region> --service <service> --publicurl <public-url> --adminurl <admin-url> --internalurl <internal-url>
参数说明:
--region <endpoint-region>:创建端点的区域名称。
--service <service>:端点创建的使用服务名称。
--publicurl <public-url>:对外服务的URL地址。
--adminurl <admin-url>:管理网络访问的URL地址。
--internalurl <internal-url>:内部访问的URL地址。
6、其他常用的keystone命令
# keystone bash-completion
输出可选的命令,即选项
[root@controller ~]# keystone bash-completion
--enabled --tenant_id --value --role help --region tenant-get --user-id user-list discover ec2-credentials-create --tenant-id --role-name user-role-add --pass user-delete tenant-delete endpoint-delete --service-id --service_id role-create endpoint-create password-update --tenant-name service-create --user-name tenant-update --endpoint-type --new-password -h user-create --tenant --service --description --wrap endpoint-list ec2-credentials-delete --role_id user-role-remove role-get tenant-list ec2-credentials-list user-get --user --publicurl catalog --user_id user-role-list role-delete --endpoint_type --attr user-update endpoint-get --type --access ec2-credentials-get --name --internalurl --email bootstrap role-list user-password-update --help tenant-create --current-password token-get --adminurl service-delete service-get service-list --role-id
[root@controller ~]#
end
keystone认证服务的更多相关文章
- Openstack Keystone 认证服务(四)
Openstack Keystone 认证服务(四) keystone 的安装完全依赖ocata的源, 如果没有建议自己搭建. 否则用的源不对会产生各种奇葩问题. 创建keystone库和用户: ## ...
- 3.openstack之mitaka搭建keystone认证服务
认证服务keystone部署 一:安装和配置服务 1.建库建用户 mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON ...
- openstack Q版部署-----keystone认证服务安装配置(3)
一.新建数据库及用户(控制节点) 登录数据库,创建db以及用户: CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'ke ...
- openstack 部署(Q版)-----keystone认证服务安装配置
一.新建数据库及用户 CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' ID ...
- 在安装Openstack的keystone认证服务时,出现The request you have made requires authentication. (HTTP 401) (Request-ID: req-f94bebba-f0c5-4a92-85问题的处理
创建openstack的keystone认证服务器报错: The request you have made requires authentication. (HTTP 401) (Reques ...
- S1_搭建分布式OpenStack集群_04 keystone认证服务安装配置
一.新建数据库及用户(控制节点)# mysql -uroot -p12345678MariaDB [(none)]> CREATE DATABASE keystone;MariaDB [(non ...
- 003-官网安装openstack之-keystone身份认证服务
以下操作均在控制节点进行 1.控制节点安装keystone服务 概念理解: Keystone是OpenStack框架中,负责身份验证.服务规则和服务令牌的功能, 它实现了OpenStack的Ident ...
- 云计算管理平台之OpenStack认证服务Keystone
一.keystone简介 keystone是openstack中的核心服务,它主要作用是实现用户认证和授权以及服务目录:所谓服务目录指所有可用服务的信息库,包含所有可用服务及其API endport路 ...
- CentOS7安装OpenStack(Rocky版)-02.安装Keyston认证服务组件(控制节点)
本文分享openstack的认证服务组件keystone --------------- 完美的分割线 ---------------- 2.0.keystone认证服务 1)用户与认证:用户权限与用 ...
随机推荐
- [工作记录] NDK: AKEYCODE_DEL not notified
https://code.google.com/p/android/issues/detail?id=42904#makechanges 我们游戏的输入系统是自己渲染(通过跨平台渲染接口)的. 首先有 ...
- Js 字符串的三大操作
回顾: var num = str.length:字符个数 str = str.toLowerCase()/toUpperCase() var char = str.charAt(index) :指 ...
- gcc的编译属性和选项
1.指定内存默认对其参数: __attribute__((packed)):按一字节对其__attribute__((aligned(n))):从此之后默认按n字节对其 例如: struct stu ...
- day 53 js学习之
---恢复内容开始--- 1.昨日作业讲解 弄一个上图一样的选择器,可以全选,可以反选,取消 <!DOCTYPE html> <html lang="zh-CN" ...
- PowerDesigner ---- 数据库设计(物理模型CDM和概念模型PDM)
前言 上一篇介绍了个PowerDesigner工具的安装和汉化,现在我就说一下怎么用这个PowerDesigner建数据库吧. 内容 第一种方法:概念模型转物理模型 1.首先新建模型--选择概念模 ...
- 收集到的关于 freeCodeCamp 中文社区
收集到的关于 freeCodeCamp 中文社区 freeCodeCamp 是一个免费学习编程的开源项目. 中文有两个,一个是 cn 一个是 one. one 是新版的,相关于硬分支.(具体什么原因, ...
- [转]HTML 简介
HTML 实例 <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <t ...
- hadoop mapreduce 简单例子
本例子统计 用空格分开的单词出现数量( 这个Main.mian 启动方式是hadoop 2.0 的写法.1.0 不一样 ) 目录结构: 使用的 maven : 下面是maven 依赖. <de ...
- apache的MultipartEntityBuilder文件上传
本文讲解多文件上传方法,不比较上传有几种方法和效率,而是定向分析apache的httpmime包的MultipartEntityBuilder类,源码包:httpmime-4.5.2.jar 一.常用 ...
- Redis 基础命令
1. 进入redis目录,启动redis cd src ./redis-server 2. 进入redis目录,启动redis客户端 cd src ./redis-cli 3. info命令 4. ...