keystone api 操作紀錄


==建立admin project(tenant)==

如果利用cmd發生locale.Error: unsupported locale setting,請輸入以下cmd
$ export LANGUAGE=en_US.UTF-8 $ export LANG=en_US.UTF-8 $ export LC_ALL=en_US.UTF-8 $ locale-gen en_US.UTF-8 $ sudo dpkg-reconfigure locales

 建立能使用openstack cmd並具備admin權限的環境變數腳本,這邊的SERVICE_TOKEN請帶入/etc/keystone/keystone.conf中設定admin_token的值,目前keystone client cmd只能用v2.0。
$ cat >> openrc_admin_v3 << EOF
export OS_TOKEN=9c3c8d455f9d340e1f6a
export OS_URL=http://$MY_IP:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF

$ source openrc_admin_v3
===============================分隔線===========================
$ cat >> openrc_admin_v2.0 << EOF
export OS_TOKEN=9c3c8d455f9d340e1f6a
export OS_URL=http://$MY_IP:35357/v2.0
export OS_IDENTITY_API_VERSION=2
EOF

$ source openrc_admin_v2.0


 利用keystone/openstack cmd client
$ keystone tenant-create --name admin --description "Admin Tenant"

 $ openstack project create --domain default --description "Admin Project" admin

 利用curl api
v2.0
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"tenant": {"description": "Admin Tenant","enabled": true,"name": "admin"}}' http://$CONTROLLER_IP:35357/v2.0/tenants \
| python -mjson.tool
v3
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"project": {"description": "Admin Tenant","domain_id": "default","enabled": true,"name": "admin"}}' http://$CONTROLLER_IP:35357/v3/projects | python -mjson.tool

==建立user==

利用cmd
$ keystone user-create --name admin --pass password

$ openstack user create --domain default --password password admin

 利用api
v2.0
# curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"user": {"description": "default project admin","enabled": true,"name": "admin","password": "password"}}' http://$CONTROLLER_IP:35357/v2.0/users | python -mjson.tool
v3
# curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"user": {"description": "default project admin","domain_id": "default","enabled": true,"name": "admin","password": "password"}}' http://$CONTROLLER_IP:35357/v3/users | python -mjson.tool

==建立admin role==

利用cmd
$ keystone role-create --name admin

 $ openstack role create admin

 利用api
v2.0
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"role": {"name": "admin1"}}' http://$CONTROLLER_IP:35357/v2.0/OS-KSADM/roles
v3
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"role": {"name": "admin"}}' http://$CONTROLLER_IP:35357/v3/roles | python -mjson.tool

==綁定role==

利用cmd
$ keystone user-role-add --user admin --tenant admin --role admin

 $ openstack role add --project admin --user admin admin

 利用api
v2.0
# curl -X PUT -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H \
"Content-Type: application/json"\
http://$CONTROLLER_IP:35357/v2.0/tenants/admin_project_id/\
users/admin_user_id/roles/OS-KSADM/admin_role_id | python -mjson.tool
v3
# curl -X PUT -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H \
"Content-Type: application/json" \
http://$CONTROLLER_IP:35357/v3/projects/admin_project_id/\
users/admin_user_id/roles/admin_role_id | python -mjson.tool

==建立service tenant==

利用cmd
$ keystone tenant-create --name service --description "Service Tenant"

 $ openstack project create --domain default --description "Service Project" service

 利用api
v2.0
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"tenant": {"description": "Service Tenant","enabled": true,"name": "service"}}' http://$CONTROLLER_IP:35357/v2.0/tenants | python -mjson.tool
v3
$ curl -X POST -H "X-Auth-Token:$OS_SERVICE_TOKEN" -H "Content-Type: application/json" -d '{"project": {"description": "Service Tenant","domain_id": "default","enabled": true,"service": "admin"}}' http://$CONTROLLER_IP:35357/v3/projects | python -mjson.tool

==建立keystone service==

利用cmd
$ keystone service-create --name keystone --type identity --description "OpenStack Identity"

 $ openstack service create --name keystone --description "OpenStack Identity" identity

 利用api
*注意如果這邊需要用api的話,須先建立token
v2.0
$ curl -i -H "Content-Type: application/json" -d '{"auth":{"tenantName":"admin","passwordCredentials":{"username":"admin","password":"password"}}}' http://$CONTROLLER_IP:35357/v2.0/tokens;echo

{"access": {"token": {"issued_at": "2016-04-14T07:18:34.409439", "expires": "2016-04-14T08:18:34Z", "id": "9d24e027c60d41e2b4233681b3c21983", "tenant": {"description": "Admin Tenant", "enabled": true, "id": "0457441ea44948eeb6869fe62a2cb028", "name": "admin"}, "audit_ids": ["3LrtQxLwT06Np-Nagjc-bg"]}, "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], "id": "b5663841ae2343658f29bf0f91d36d83", "roles": [{"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["a6a0e60f5e2e43f385c6b46d85f3b236"]}}}

v3
$ curl -i -H "Content-Type: application/json" -d '{ "auth": {"identity": {"methods": ["password"], "password": {"user": {"name": "admin","domain": { "id": "default" },"password": "password"}}},"scope": {"project": {"name": "admin","domain": { "id":"default" }}}}}' http://$CONTROLLER_IP:35357/v3/auth/tokens ; echo

HTTP/1.1 201 Created X-Subject-Token: 5f9e491a692842cab7191514c7a11ee1 Vary: X-Auth-Token Content-Type: application/json Content-Length: 504 X-Openstack-Request-Id: req-fc33172c-c2e0-444f-9960-8ab8d2be5712
v2.0
$ curl -X POST -H 'X-Auth-Token:9d24e027c60d41e2b4233681b3c21983' -H "Content-Type: application/json" -d '{"OS-KSADM:service": {"name": "keystone","type": "identity","description": "OpenStack Identity"}}' http://$CONTROLLER_IP:35357/v2.0/OS-KSADM/services | python -mjson.tool
v3
$ curl -X POST -H 'X-Auth-Token:5f9e491a692842cab7191514c7a11ee1' -H "Content-Type: application/json" -d '{"service": {"name": "keystone","type": "identity","description": "OpenStack Identity"}}' http://$CONTROLLER_IP:35357/v3/services | python -mjson.tool

==建立keystone endpoint==

利用cmd
$ keystone endpoint-create \ --service-id $(keystone service-list | awk '/ identity / {print $2}') \ --publicurl http://$MY_PUBLIC_IP:5000/v2.0 \ --internalurl http://$MY_PRIVATE_IP:5000/v2.0 \ --adminurl http://$MY_PRIVATE_IP:35357/v2.0 \ --region RegionOne

$ keystone endpoint-create \
--service-id $(keystone service-list | awk '/ identity / {print $2}') \ --publicurl http://$MY_PUBLIC_IP:5000/v3 \ --internalurl http://$MY_PRIVATE_IP:5000/v3 \ --adminurl http://$MY_PRIVATE_IP:35357/v3 \ --region RegionOne
$ openstack endpoint create --region RegionOne identity public http://$MY_PUBLIC_IP:5000/v3

 $ openstack endpoint create --region RegionOne identity internal http://$MY_PRIVATE_IP:5000/v3

 $ openstack endpoint create --region RegionOne identity admin http://$MY_PRIVATE_IP:35357/v3

 利用api
v3
$ curl -X POST -H "X-Auth-Token:5f9e491a692842cab7191514c7a11ee1" -H "Content-Type: application/json" -d '{"endpoint": {"interface": "admin","name": "keystone","region": "RegionOne","url": "http://controller:35357/v3","service_id": "e3597e94c6c046a2a10270f95b07ffc9"}}' http://$CONTROLLER_IP:35357/v3/endpoints | python -mjson.tool

$ curl -X POST -H "X-Auth-Token:5f9e491a692842cab7191514c7a11ee1" -H "Content-Type: application/json" -d '{"endpoint": {"interface": "internal","name": "keystone","region": "RegionOne","url": "http://controller:35357/v3","service_id": "e3597e94c6c046a2a10270f95b07ffc9"}}' http://$CONTROLLER_IP:35357/v3/endpoints | python -mjson.tool
$ curl -X POST -H "X-Auth-Token:5f9e491a692842cab7191514c7a11ee1" -H "Content-Type: application/json" -d '{"endpoint": {"interface": "public","name": "keystone","region": "RegionOne","url": "http://controller:35357/v3","service_id": "e3597e94c6c046a2a10270f95b07ffc9"}}' http://$CONTROLLER_IP:35357/v3/endpoints | python -mjson.tool

==其他常用cmd==

$ keystone user-role-list --user admin --tenant admin $ keystone user-role-remove --user admin --tenant admin --role-id role-id $ keystone role-list $ keystone user-list $ keystone tenant-list

 $ opestack service list
$ openstack user list
$ openstack project list
$ openstack role list
$ openstack endpoint list
$ openstack endpoint delete endpoint-id

==驗證==

$ cat >> adminrc << EOF
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://$MY_PRIVATE_IP:35357/v3

 export OS_IDENTITY_API_VERSION=3
EOF

 $ unset OS_TOKEN OS_URL

 $ source adminrc

 $ openstack token issue

留言

張貼留言

這個網誌中的熱門文章

Python - 計算特定目錄底下的檔案以及目錄數量

$ vim countFileandFolder.py import os import sys fileList = [] fileSize = 0 folderCount = 0 rootdir = '/usr/lib' for root, subFolders, files in os.walk(rootdir): folderCount += len(subFolders) for file in files: f = os.path.join(root,file) fileSize = fileSize + os.path.getsize(f) #print(f) fileList.append(f) print("Total Size is {0} bytes".format(fileSize)) print(“Total Files “, len(fileList)) print(“Total Folders “, folderCount) 參考來源 :   recursive list files in a dir using Python
閱讀完整內容

devstack安裝all in one openstack(pike)

環境說明: 這邊利用virtualbox開啟一台vm,網卡第一張設定Bridge Adapter模式,第二張設定Host-only Network模式 OS 16.04 kernel 4.4.0-87-generic Host Private IP (Management IP)/Interface(eth1) Public IP/Interface(eth0) controller 192.168.100.4 172.20.3.53 首先建立一個user為stack $ adduser stack $ echo 'stack ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/stack $ chmod 0440 /etc/sudoers.d/stack 更新軟體清單以及套件 $ apt-get update && apt-get -y upgrade 安裝ntp並設定 $ apt-get install -y git ntp # 編輯ntp.conf 加入以下server $ vim /etc/ntp.conf server time.stdtime.gov.tw 切換stack並clone devstack $ su stack $ cd $ git clone https://github.com/openstack-dev/devstack.git $ cd devstack $ git checkout stable/pike (Optional) 如果想使用murano,必須另外下載source code,如果沒有要用murano可跳過這步 $ git clone https://github.com/openstack/murano.git -b stable/kilo $ cd murano/contrib/devstack # 複製murano source code $ export DEVSTACK_DIR=~/devstack $ cp lib/murano ${DEVSTACK...
閱讀完整內容

PHP - 產生qrcode

我們這邊利用 PHP QR Code 的open source library來產生圖檔, Step1 : 首先先下載source code至相關目錄 Step2 : 以下是範例code $ vim sample1.php <?php include 'phpqrcode/lib/full/qrlib.php'; $param = isset($_GET['data']) ? $_GET['data'] : 'Test Sample.'; ob_start("callback"); $codeText = $param; $debugLog = ob_get_contents(); ob_end_clean(); QRcode::png($codeText); Step3: 並利用sample2.php執行 $ vim sample2.php <?php $ourParamId = 1234; echo '<img src="sample1.php?data='.$ourParamId.'" />'; P.S. 如果想要讓qr code加入特定logo 可以利用google相關api產生 $ vim sample3.php <?php include 'phpqrcode/lib/full/qrlib.php'; ## 產生qr code的路徑檔名 $filepath = 'myimage.png'; ## 你想加入的logo路徑圖檔 $logopath = ' your logo path '; ## qr code的內容 $codeContents = 'Test Sample3'; QRcode::png($codeContents,$filepath , QR_ECLEVEL_H); $QR = imagecreatefrompng($filepath); $logo = imagecr...
閱讀完整內容