删除域
(openstack) domain set MyDomain --disable
(openstack) domain delete MyDomain
(openstack)
用命令行创建domain
(openstack) project create --domain default --description '1234' --enable epc-operating
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 1234 |
| domain_id | default |
| enabled | True |
| id | 7dfaef2aee8647e5a14d93de5a2e0d04 |
| is_domain | False |
| name | epc-operating |
| parent_id | default |
+-------------+----------------------------------+
(openstack)
创建用户john
(openstack) user create --domain default --project epc-operating --description '1234' --password openstack --enable john
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 7dfaef2aee8647e5a14d93de5a2e0d04 |
| description | 1234 |
| domain_id | default |
| enabled | True |
| id | 84f1b9496bcb4b6fbe6ad3c88ff76399 |
| name | john |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
(openstack)
将user角色赋给john
(openstack) role add --project epc-operating --user john user
(openstack)
创建project
(openstack) project create --domain soc --description '1234' --enable development
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 1234 |
| domain_id | d0535e3b2574465ca74eb0c90abb8f18 |
| enabled | True |
| id | 024cc08365ee4320ac272b26a98822f7 |
| is_domain | False |
| name | development |
| parent_id | d0535e3b2574465ca74eb0c90abb8f18 |
+-------------+----------------------------------+
(openstack)
创建soc域下的用户
(openstack) user create --domain soc --project development --password openstack --description '1234' --enable tom
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 024cc08365ee4320ac272b26a98822f7 |
| description | 1234 |
| domain_id | d0535e3b2574465ca74eb0c90abb8f18 |
| enabled | True |
| id | 7cf1d030ab904a79ba61ee9e2fc998dd |
| name | tom |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
(openstack)
将amin角色赋值给tom
(openstack) role add --project development --project-domain soc --user tom admin
(openstack)
***删除对应角色
(openstack) role remove --project epc-operating --project-domain default --user john admin
(openstack)
在default创建角色test,并在epc-operatin项目中赋值给john
(openstack) role create test
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | ba84a878799d44bb81219c9fb6a8ed81 |
| name | test |
+-----------+----------------------------------+
(openstack) role add --project epc-operating --project-domain default --user john test
(openstack)
创建组在default域
(openstack) group create --domain default tests
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| id | 0cccd757c541486c88897bacc710d50a |
| name | tests |
+-------------+----------------------------------+
(openstack)
在soc域增加角色
(openstack) role create --domain soc mytest
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | d0535e3b2574465ca74eb0c90abb8f18 |
| id | 677057b202ed4433a0f53e6da1a1d7d6 |
| name | mytest |
+-----------+----------------------------------+
(openstack)
在soc域创建组
(openstack) group create --domain soc soc-admins
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | d0535e3b2574465ca74eb0c90abb8f18 |
| id | 0c836f4c58be43039492a86775cac2ce |
| name | soc-admins |
+-------------+----------------------------------+
(openstack)
将tom加入soc-admins组
(openstack) group add user --group-domain soc --user-domain soc soc-admins tom
(openstack)
将角色admin赋给域soc的项目development中的组soc-admins
(openstack) role add --group-domain soc --group soc-admins --project-domain soc --project development admin
(openstack)
****************
(openstack) service delete ceilometer
(openstack)
创建云计量服务ceilometer
(openstack) service create --name ceilometer --desc '1234' --enable metering
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 1234 |
| enabled | True |
| id | ed6f151d157d42cc9ca29a82d5d3296e |
| name | ceilometer |
| type | metering |
+-------------+----------------------------------+
(openstack)
创建endpoint
(openstack) endpoint create --region RegionOne --enable ceilometer public http://controller:8777
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5bd35a31ed7c465182638e7b5eea6b9b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed6f151d157d42cc9ca29a82d5d3296e |
| service_name | ceilometer |
| service_type | metering |
| url | http://controller:8777 |
+--------------+----------------------------------+
(openstack)
(openstack) endpoint create --region RegionOne --enable ceilometer internal http://controller:8777
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bee0a90e5c364256ac13c036a0ab4ba6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed6f151d157d42cc9ca29a82d5d3296e |
| service_name | ceilometer |
| service_type | metering |
| url | http://controller:8777 |
+--------------+----------------------------------+
(openstack) endpoint create --region RegionOne --enable ceilometer admin http://controller:8777
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c7824595c7f45ceb7ad067025e3bf85 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed6f151d157d42cc9ca29a82d5d3296e |
| service_name | ceilometer |
| service_type | metering |
| url | http://controller:8777 |
+--------------+----------------------------------+
(openstack)
修改环境变量后查看token
root@controller:/home/coa# more david-openrc #修改后的结果
export OS_USERNAME=david
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=ims-operating
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
root@controller:/home/coa#
root@controller:/home/coa# . david-openrc #执行修改系统环境变量
root@controller:/home/coa# openstack
(openstack) token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-03-29T01:11:23+0000 |
| id | gAAAAABkI4IrbfhCzWXaL0t04qbfznv1cG2tguoFxuxE8kMdAw5RcmwmKOmpHCUOxf6l2VVqaM_ax18vwzVp4M5Al09UCNG6idP5xu8bSFoA1Ty-ULh4seGZO339lcHmNSayC__pclOYRBNSPjW3NunWFTA-MYQIS-DUe0wxMoDWpemdHErVPHo |
| project_id | dafb5ea590be41eeb4edb4a8f93cd92c |
| user_id | ef66f432e793455ba965eb77a974e4c0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(openstack) user list ***无权查看用户信息
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-2f57fef4-c0eb-4937-bd91-77eaf1d08b05)
(openstack) exit
root@controller:/home/coa# . admin-openrc
root@controller:/home/coa# openstack
(openstack) user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 11b283bc1c9143a6812e908f1efb8b1a | placement |
| 29e4f99cbda642ebb1acea6b474c6622 | heat_domain_admin |
| 339fcdfca93842f0921c419b7571a4f7 | neutron |
| 3e48610c95d943f6ae7fba5a39e4240e | nova |
| 5e96d2c1e08846bfbd7bd8829794d763 | heat |
| 7cf1d030ab904a79ba61ee9e2fc998dd | tom |
| 84f1b9496bcb4b6fbe6ad3c88ff76399 | john |
| 9fc44367471747f2b1bca71b2095c4e3 | demo |
| ab15929f87d34773811dbac9448a8690 | swift |
| ad033a37b3784cb4a36a4605cd9e9272 | lisa |
| afcd6e12d4844cf79454e8cb411f2370 | admin |
| c22b7ac751b24b549ef969cb7c909dff | glance |
| e105de594e2341d2bf7efe0e02787e99 | cinder |
| ef66f432e793455ba965eb77a974e4c0 | david |
+----------------------------------+-------------------+
(openstack) token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-03-29T01:12:09+0000 |
| id | gAAAAABkI4JZzJcB8ayrffNQHarxSkhPXryQAZac9MQoYSEOs27KmdXD7882-rOOX1YZLB9UD8HibYiuHkkZcn0gR0CjNKwsG4B58sx66anYlAnNkVWlOYpXiA2oGrm305kwM4yLfwFYghkT1wuNm7RYLlCp3NcGgMWYT5Qp4qUUVw3urYLMsPI |
| project_id | 2376805a9b7e4da08652a703c6eb5b4a |
| user_id | afcd6e12d4844cf79454e8cb411f2370 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(openstack)