了解和使用keystone(四)创建普通用户
创建domain
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 domain create --description "Demo Domain" demo-domain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Domain |
| enabled | True |
| id | 32b54ffdebe84eba9cd10a8dbe647b70 |
| name | demo-domain |
+-------------+----------------------------------+创建project
我们可以和之前那样创建project,但是也可以为project增加一些参数。
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 project create --domain demo-domain --description "Demo Project" demo-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 32b54ffdebe84eba9cd10a8dbe647b70 |
| enabled | True |
| id | 0bea5cd96e6746c3a9a811c88b5bc969 |
| is_domain | False |
| name | demo-project |
| parent_id | 32b54ffdebe84eba9cd10a8dbe647b70 |
+-------------+----------------------------------+
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 project create --domain demo-domain --description "Project A" --property project-A-param1=value1 --property project-A-param2=value2 project-A
+------------------+----------------------------------+
| Field | Value |
+------------------+----------------------------------+
| description | Project A |
| domain_id | 32b54ffdebe84eba9cd10a8dbe647b70 |
| enabled | True |
| id | b65e9985801f4481bce7ba885b68cac3 |
| is_domain | False |
| name | project-A |
| parent_id | 32b54ffdebe84eba9cd10a8dbe647b70 |
| project_A_param1 | value1 |
| project_A_param2 | value2 |
+------------------+----------------------------------+查看结果。我们还没学习如何获取TOKEN,因此我们将原始初始化的admin_token先给放出来。
$ curl -H "X-Auth-Token:ADMIN" -H "Content-type: application/json" http://localhost:35357/v3/projects | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1131 100 1131 0 0 19556 0 --:--:-- --:--:-- --:--:-- 19842
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:35357/v3/projects"
},
"projects": [
{
"description": "Demo Project",
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"enabled": true,
"id": "0bea5cd96e6746c3a9a811c88b5bc969",
"is_domain": false,
"links": {
"self": "http://localhost:35357/v3/projects/0bea5cd96e6746c3a9a811c88b5bc969"
},
"name": "demo-project",
"parent_id": "32b54ffdebe84eba9cd10a8dbe647b70"
},
{
"description": "Admin project",
"domain_id": "13b6ce90f57844e3bfec0eeb0389104e",
"enabled": true,
"id": "5b5893ebc8ca42abaaa18dca873a6921",
"is_domain": false,
"links": {
"self": "http://localhost:35357/v3/projects/5b5893ebc8ca42abaaa18dca873a6921"
},
"name": "admin-project",
"parent_id": "13b6ce90f57844e3bfec0eeb0389104e"
},
{
"description": "Project A",
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"enabled": true,
"id": "b65e9985801f4481bce7ba885b68cac3",
"is_domain": false,
"links": {
"self": "http://localhost:35357/v3/projects/b65e9985801f4481bce7ba885b68cac3"
},
"name": "project-A",
"parent_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"project_A_param1": "value1",
"project_A_param2": "value2"
}
]
}创建角色
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 role create demo-role
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 6abf3532fce440148a7f29abc7685142 |
| name | demo-role |
+-----------+----------------------------------+创建用户
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 user create --domain demo-domain --password 123456 userA1
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 32b54ffdebe84eba9cd10a8dbe647b70 |
| enabled | True |
| id | 421da52236f04d43ab2cfa82a01b477d |
| name | userA1 |
+-----------+----------------------------------+
关联project和角色
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 role add --project project-A --user userA1 demo-role
$ curl -H "X-Auth-Token:ADMIN" -H "Content-type: application/json" http://localhost:35357/v3/users/421da52236f04d43ab2cfa82a01b477d | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 223 100 223 0 0 1785 0 --:--:-- --:--:-- --:--:-- 1827
{
"user": {
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"enabled": true,
"id": "9b4df6ca611f4387b039c483b48f712b",
"links": {
"self": "http://localhost:35357/v3/users/9b4df6ca611f4387b039c483b48f712b"
},
"name": "userA1"
}
}
$ curl -H "X-Auth-Token:ADMIN" -H "Content-type: application/json" http://localhost:35357/v3/projects/b65e9985801f4481bce7ba885b68cac3/users/421da52236f04d43ab2cfa82a01b477d/roles | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 349 100 349 0 0 3444 0 --:--:-- --:--:-- --:--:-- 3490
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:35357/v3/projects/b65e9985801f4481bce7ba885b68cac3/users/421da52236f04d43ab2cfa82a01b477d/roles"
},
"roles": [
{
"domain_id": null,
"id": "6abf3532fce440148a7f29abc7685142",
"links": {
"self": "http://localhost:35357/v3/roles/6abf3532fce440148a7f29abc7685142"
},
"name": "demo-role"
}
]
}设置具有扩展属性的用户
我们希望这个用户有些特殊的属性。但是命令中只能增加email这个属性。创建一个json文件u.json
$ cat u.json
{
"user": {
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"enabled": true,
"name": "userA2",
"password":"123456",
"email":"[email protected]",
"param1":"value1",
"param2":"value2"
}
}注意通过v3 api进行创建用户,而不是通过CLI,当中X-Auth-Token:ADMIN,实际应该是有adminUser通过账号,密码获取到token,此处填入该token。如何获取token在后面介绍,此处暂时先用预设的token。
$ curl -d @u.json -H "X-Auth-Token:ADMIN" -H "Content-type: application/json" http://localhost:35357/v3/users | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 513 100 290 100 223 1288 990 --:--:-- --:--:-- --:--:-- 1294
{
"user": {
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"email": "[email protected]",
"enabled": true,
"id": "459c2cc894844396bec6c16fbc28da87",
"links": {
"self": "http://localhost:35357/v3/users/459c2cc894844396bec6c16fbc28da87"
},
"name": "userA2",
"param1": "value1",
"param2": "value2"
}
}我们来看看数据库的存放情况:
mysql>select id,extra from user;
+----------------------------------+---------------------------------------------------------------------+
| id | extra |
+----------------------------------+---------------------------------------------------------------------+
| 421da52236f04d43ab2cfa82a01b477d | {} |
| 459c2cc894844396bec6c16fbc28da87 | {"email": "[email protected]", "param1": "value1", "param2": "value2"} |
| 4f63af5f7a6b42088289013ae109830b | {} |
+----------------------------------+---------------------------------------------------------------------+
3 rows in set (0.00 sec)关联project和role
$ openstack --os-username=adminUser --os-password=admin123 --os-url=http://localhost:35357/v3 --os-identity-api-version=3 role add --project project-A --user userA2 demo-role查看结果
$ curl -H "X-Auth-Token:ADMIN" -H "Content-type: application/json" http://localhost:35357/v3/users | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 812 100 812 0 0 11348 0 --:--:-- --:--:-- --:--:-- 12303
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:35357/v3/users"
},
"users": [
{
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"enabled": true,
"id": "421da52236f04d43ab2cfa82a01b477d",
"links": {
"self": "http://localhost:35357/v3/users/421da52236f04d43ab2cfa82a01b477d"
},
"name": "userA1"
},
{
"domain_id": "32b54ffdebe84eba9cd10a8dbe647b70",
"email": "[email protected]",
"enabled": true,
"id": "459c2cc894844396bec6c16fbc28da87",
"links": {
"self": "http://localhost:35357/v3/users/459c2cc894844396bec6c16fbc28da87"
},
"name": "userA2",
"param1": "value1",
"param2": "value2"
},
{
"domain_id": "13b6ce90f57844e3bfec0eeb0389104e",
"enabled": true,
"id": "4f63af5f7a6b42088289013ae109830b",
"links": {
"self": "http://localhost:35357/v3/users/4f63af5f7a6b42088289013ae109830b"
},
"name": "adminUser"
}
]
}