- OpenStack Cloud Computing Cookbook(Fourth Edition)
- Kevin Jackson Cody Bunch Egle Sigler James Denton
- 619字
- 2021-07-02 16:25:09
Adding users in Keystone
Adding users to OpenStack Identity service requires the user to belong to a domain or a project in the domain and to be assigned a role defined in the domain or the project. For this section, we will create two users. The first user will be named cloud_admin and will have the cloud_admin role assigned to them in the cookbook project. The second user will be named reader and will have the default _member_ role assigned to them in the same cookbook project.
Getting ready
Ensure that you are logged on to a correctly configured OpenStack client and can access the OpenStack environment as a user with admin privileges.
Refer to Chapter 2, The OpenStack Client, for details of setting up your environment to use OpenStack command-line client.
How to do it…
In order to create a user in OpenStack and assign roles to it, we will need to execute the commands listed below.
- First, get the
bookstoredomain ID or domain name:
- Using the
bookstoredomain name, create a newcloud_adminuser:openstack user create --domain bookstore --password verysecret cloud_admin
- Next, get a cookbook project ID or project name:
openstack project list
- Create the
readeruser in thebookstoredomaincookbookproject:openstack user create --domain bookstore --project cookbook --password verysecret reader
- Assign
cloud_adminuser to theadminrole:openstack role add --domain bookstore --user cloud_admin --role-domain bookstore admin
There is no output from this command.
- Assign the
readeruser to the_member_role:openstack role add --project cookbook --user reader _member_
There is no output from this command.
- List user and role assignment:
openstack role assignment listThe output will be a matrix of role, user, group, project, and domain IDs. We omit the example output due to sheer size of the table that contains a matrix of IDs for each role, user, group, project, domain, and whether the role was inherited.
How it works…
Adding users in the OpenStack Identity service involves a number of steps and dependencies. First, a domain and a project are required for the user to be part of. A user must always belong to a domain. If there are no custom domains created, a default domain will be used. Once the project exists, the user can be added. At this point, the user has no role associated, so the final step is to assign the role to this user, such as _member_, admin, or a custom role.
To create a user with the user create option, the syntax is as follows:
openstack user create --domain <domain> --password <password> <user_name>
The user_name attribute is an arbitrary name, but cannot contain any spaces. A password attribute must be present. In the previous examples, these were set to verysecret. If the domain attribute is not specified, the default domain will be set.
To assign a role to a user with the role add option, the syntax is as follows for the default domain:
openstack role add --project <project> --user <user> <role>
For a user in a custom domain, use the following syntax to assign a role:
openstack role add --domain <domain> --user <user> --role-domain <role_domain> <role>
The role_domain parameter is the name (or ID) of the domain to which the role belongs.
We will also need to have the names or IDs of the user, role, and project in order to assign roles to users. These names or IDs can be found using the following commands:
openstack project list openstack user list openstack role list
The --domain <domain> option is only required if custom domains are used. To obtain a list of domains, issue the following command:
openstack domain list
To get a matrix of domain, project, user, and role assignments, use the following command:
openstack role assignment list
- OpenStack Cloud Computing Cookbook(Third Edition)
- 數據科學實戰手冊(R+Python)
- Java多線程編程實戰指南:設計模式篇(第2版)
- 嵌入式軟件系統測試:基于形式化方法的自動化測試解決方案
- C++面向對象程序設計(微課版)
- Mastering Julia
- Cassandra Data Modeling and Analysis
- C++程序設計基礎教程
- The Data Visualization Workshop
- 精通網絡視頻核心開發技術
- ExtJS高級程序設計
- Python深度學習原理、算法與案例
- 21天學通C++(第5版)
- 零代碼實戰:企業級應用搭建與案例詳解
- 智能手機故障檢測與維修從入門到精通