- OpenStack Cloud Computing Cookbook(Third Edition)
- Kevin Jackson Cody Bunch Egle Sigler
- 355字
- 2021-07-16 20:39:13
Configuring roles in Keystone
Roles are the permissions given to users within a tenant. Here, we will configure two roles: an admin role that allows for the administration of our environment, and a member role that is given to ordinary users who will be using the cloud environment.
Getting ready
We will be using the keystone client to operate Keystone. If the python-keystoneclient tool isn't available, follow the steps described at http://bit.ly/OpenStackCookbookClientInstall.
Ensure that we have our environment set correctly to access our OpenStack environment for administrative purposes:
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
Tip
You can use the controller node if no other machines are available on your network, as this has the python-keystoneclient and the relevant access to the OpenStack environment. If you are using the Vagrant environment, issue the following command to get access to the Controller:
vagrant ssh controller
How to do it...
To create the required roles in our OpenStack environment, perform the following steps:
- Create the
adminrole as follows:# admin role keystone role-create --name admin You will get an output like this: +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 625b81ae9f024366bbe023a62ab8a18d | | name | admin | +----------+----------------------------------+
- To create the
Member role, we repeat the step and specify theMember role:# Member role keystone role-create --name Member
How it works...
Creation of the roles is simply achieved by using the keystone client and specifying the role-create option with the following syntax:
keystone role-create --name role_name
The role_name attribute can't be arbitrary for admin and Member roles. The admin role has been set by default in /etc/keystone/policy.json as having administrative rights:
{ "admin_required": [["role:admin"], ["is_admin:1"]] }
The Member role is also configured by default in the OpenStack Dashboard, Horizon, for a non-admin user created through the web interface.
On creation of the role, the ID associated with is returned, and we can use it when assigning roles to users. To see a list of roles and the associated IDs in our environment, we can issue the following command:
keystone role-list
- Mastering Concurrency Programming with Java 8
- 自制編譯器
- Redis入門指南(第3版)
- ASP.NET Core 2 and Vue.js
- 基于差分進化的優化方法及應用
- Silverlight魔幻銀燈
- MySQL數據庫管理與開發實踐教程 (清華電腦學堂)
- 名師講壇:Java微服務架構實戰(SpringBoot+SpringCloud+Docker+RabbitMQ)
- Mastering Python Networking
- C和C++游戲趣味編程
- Python Data Science Cookbook
- C語言程序設計教程
- Responsive Web Design with jQuery
- 高質量程序設計指南:C++/C語言
- Learning Zimbra Server Essentials