关于keystone的有关使用
使用前不要忘了生效环境变量
[root@controller bin]# source /etc/keystone/admin-openrc.sh
一、安装完keystone后,在数据库中查询keystone用户的远程访问权限信息
[root@controller bin]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3160
Server version: 10.1.17-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show grants for 'keystone'@'%';
+---------------------------------------------------------------------------------------------------------+
| Grants for keystone@% |
+---------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*032197AE5731D4664921A6CCAC7CFCE6A0698693' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%' |
+---------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> show grants for 'keystone'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for keystone@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'localhost' IDENTIFIED BY PASSWORD '*032197AE5731D4664921A6CCAC7CFCE6A0698693' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'localhost' |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
二、列出数据库keystone中的所有表
MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
+------------------------+
37 rows in set (0.01 sec)
三、使用OpenStack相关命令,查询角色列表信息
[root@controller bin]# openstack role list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 20d2aee7dbcf4655ad4e484b02ebceba | ResellerAdmin |
| 6d84f3340ac64bf2a603c4293a8f7188 | user |
| 88bad53b7a234e13acedba2c921ee678 | heat_stack_user |
| 92be81545d21427989ef1f190011f5e2 | admin |
| d1864e6c7a284818be27a78e208336e8 | heat_stack_owner |
+----------------------------------+------------------+
[root@controller bin]#
四、使用OpenStack相关命令,查询admin项目信息
[root@controller bin]# openstack project show admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 1ea8c48151614914a0e52498ad204b0a |
| enabled | True |
| id | 5cb6243755824171b7e0873b18847545 |
| is_domain | False |
| name | admin |
| parent_id | 1ea8c48151614914a0e52498ad204b0a |
+-------------+----------------------------------+
五、使用OpenStack相关命令,查询用户列表信息
[root@controller bin]# openstack user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 1f1c7e56346e44f68433a4ffe004a751 | heat_domain_admin |
| 5066441011374f05b33f51791f197501 | cinder |
| 7fcdbb81f75c440080d2236dda784987 | glance |
| 8cbf2b37da454016b15d507472a9f71f | swift |
| 9d0a6c4b175946aa978eaa85cd6b4f0a | neutron |
| abf0de24950d46d6ba765dd970da726c | trove |
| ae6a2ec279434a48a4dfd0dd885d80fa | nova |
| b0d318ce09fe4b60b34ac0613dd88ef4 | demo |
| c41437163d5a431e90bee1a1afb49e14 | heat |
| c678293c2f1f4db9bd8a059a8bc81cf3 | admin |
| f09ece0c8fa641a595a8c3cc0338c63f | aodh |
| fd7d8273a6a6425a91f8c52abb2ac1e5 | ceilometer |
+----------------------------------+-------------------+
六、使用OpenStack相关命令,查询服务列表信息
[root@controller bin]# openstack service list
+----------------------------------+------------+----------------+
| ID | Name | Type |
+----------------------------------+------------+----------------+
| 49bda235d0d34b2b9a0d4b37e60290e5 | trove | database |
| 4edf2dd5f61c4da9b6076a4bcb930424 | cinderv2 | volumev2 |
| 5e81039de058460fa25f14844f8e3ec1 | swift | object-store |
| 5f53de5101624411a0d25a512e90389a | ceilometer | metering |
| a0568c0cfebb47d0873e6bf8ae6ede46 | neutron | network |
| ac8db11ccc90427ba885777f38b2f008 | keystone | identity |
| bb8b37f8e01c4064ab135d92bce48484 | cinder | volume |
| c5e14b333d054d33bc83b4f6b19fd692 | aodh | alarming |
| cb2ed15bf72d44ffbdfc0d0a0d72b11b | heat-cfn | cloudformation |
| d77260fb5616414980ae94b6f829945b | nova | compute |
| d9a31079827546c7a9f70947a1d64327 | heat | orchestration |
| df14540b77fc49ba915f9b02f4ce2a7b | glance | image |
+----------------------------------+------------+----------------+
七、使用一条命令将keystone的数据库导出为当前路径下的keystone.sql文件,并使用命令查询文件keystone.sql的大小
[root@controller bin]# mysqldump -uroot -p000000 keystone > keystone.sql
[root@controller bin]#
[root@controller bin]# du -sh keystone.sql
44K keystone.sql
[root@controller bin]# du -s keystone.sql
44 keystone.sql
[root@controller bin]#
八、关于OpenStack相关命令的相关帮助
[root@controller bin]# openstack --help
可以结合grep命令使用
[root@controller bin]# openstack --help | grep project
[--os-project-domain-id <auth-project-domain-id>]
[--os-project-name <auth-project-name>]
[--os-project-domain-name <auth-project-domain-name>]
[--os-token <auth-token>] [--os-project-id <auth-project-id>]
osprofiler middleware in the projects user would like
files of the required projects.
--os-project-domain-id <auth-project-domain-id>
With v3password: Domain ID containing project With
v3scopedsaml: Domain ID containing project With
v3oidcpassword: Domain ID containing project With
v3unscopedadfs: Domain ID containing project With
token: Domain ID containing project With v3token:
Domain ID containing project With password: Domain ID
containing project With v3unscopedsaml: Domain ID
containing project With osc_password: Domain ID
containing project (Env: OS_PROJECT_DOMAIN_ID)
--os-project-name <auth-project-name>
--os-project-domain-name <auth-project-domain-name>
With v3password: Domain name containing project With
v3scopedsaml: Domain name containing project With
v3oidcpassword: Domain name containing project With
v3unscopedadfs: Domain name containing project With
token: Domain name containing project With v3token:
Domain name containing project With password: Domain
name containing project With v3unscopedsaml: Domain
name containing project With osc_password: Domain name
containing project (Env: OS_PROJECT_DOMAIN_NAME)
--os-project-id <auth-project-id>
federation project list List accessible projects
image add project Associate project with image
image remove project Disassociate project with image
project create Create new project
project delete Delete project(s)
project list List projects
project set Set project properties
project show Display project details
quota set Set quotas for project or class
quota show Show quotas for project or class
role add Adds a role to a user or group on a domain or project
role remove Remove role from domain/project : user/group
usage list List resource usage per project
usage show Show resource usage for a single project
[root@controller bin]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 5cb6243755824171b7e0873b18847545 | admin |
| cb0776d53c30425681beedd6cb455d9e | service |
| dc7d3eb4a56943a6abb0a33c370e48ea | demo |
+----------------------------------+---------+