- OpenStack Cloud Computing Cookbook(Third Edition)
- Kevin Jackson Cody Bunch Egle Sigler
- 355字
- 2021-07-16 20:39:13
Configuring roles in Keystone
Roles are the permissions given to users within a tenant. Here, we will configure two roles: an admin role that allows for the administration of our environment, and a member role that is given to ordinary users who will be using the cloud environment.
Getting ready
We will be using the keystone client to operate Keystone. If the python-keystoneclient tool isn't available, follow the steps described at http://bit.ly/OpenStackCookbookClientInstall.
Ensure that we have our environment set correctly to access our OpenStack environment for administrative purposes:
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
Tip
You can use the controller node if no other machines are available on your network, as this has the python-keystoneclient and the relevant access to the OpenStack environment. If you are using the Vagrant environment, issue the following command to get access to the Controller:
vagrant ssh controller
How to do it...
To create the required roles in our OpenStack environment, perform the following steps:
- Create the
adminrole as follows:# admin role keystone role-create --name admin You will get an output like this: +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 625b81ae9f024366bbe023a62ab8a18d | | name | admin | +----------+----------------------------------+
- To create the
Member role, we repeat the step and specify theMember role:# Member role keystone role-create --name Member
How it works...
Creation of the roles is simply achieved by using the keystone client and specifying the role-create option with the following syntax:
keystone role-create --name role_name
The role_name attribute can't be arbitrary for admin and Member roles. The admin role has been set by default in /etc/keystone/policy.json as having administrative rights:
{ "admin_required": [["role:admin"], ["is_admin:1"]] }
The Member role is also configured by default in the OpenStack Dashboard, Horizon, for a non-admin user created through the web interface.
On creation of the role, the ID associated with is returned, and we can use it when assigning roles to users. To see a list of roles and the associated IDs in our environment, we can issue the following command:
keystone role-list
- Deploying Node.js
- Vue.js前端開(kāi)發(fā)基礎(chǔ)與項(xiàng)目實(shí)戰(zhàn)
- Vue.js 3.x從入門到精通(視頻教學(xué)版)
- Learning Informatica PowerCenter 10.x(Second Edition)
- Julia機(jī)器學(xué)習(xí)核心編程:人人可用的高性能科學(xué)計(jì)算
- Visual Basic程序設(shè)計(jì)實(shí)驗(yàn)指導(dǎo)(第4版)
- Python機(jī)器學(xué)習(xí)編程與實(shí)戰(zhàn)
- Android Native Development Kit Cookbook
- Java程序設(shè)計(jì)
- C程序設(shè)計(jì)實(shí)踐教程
- RabbitMQ Essentials
- 深度學(xué)習(xí):Java語(yǔ)言實(shí)現(xiàn)
- Learning Hadoop 2
- TypeScript 2.x By Example
- 遠(yuǎn)方:兩位持續(xù)創(chuàng)業(yè)者的點(diǎn)滴思考