Hi….
Lanjut lagi yah untuk COA series nya
Users
Seperti sebelumnya, kita cek command yang ada untuk manage user ini apa saja
[root@localhost centos(keystone_admin)]# openstack user --help Command "user" matches: user create user delete user list user password set user set user show
Sekarang coba cek, user yang sudah ada
[root@localhost centos(keystone_admin)]# openstack user list +----------------------------------+------------+ | ID | Name | +----------------------------------+------------+ | 23e4b8d17ec34921a44419fb243e2e9f | aodh | | 3261551f781840bcb52ac7e403717e1c | glance | | 3eb5ec95b83e424bbee3ade5ee43f737 | neutron | | 6b1887d907aa4920afc848db9707c431 | admin | | 6d3ec2aa483f4cb598bfdb7a5394dd69 | ceilometer | | 76abbdc01fe741d8976fc49ded6093d4 | swift | | 8301050d83804fe399e3731b0979f144 | demo | | 84af867a7810494e8dd837fe05d05f1b | gnocchi | | 93c6646c3d654084abb2710971e846db | nova | | 946edb0acc2d4b97bffffbaee8ff3474 | placement | | ac80bdff114a4b82a7afbf34c3949cf1 | cinder | +----------------------------------+------------+
Untuk membuat user, menggunakan command openstack user create, untuk lebih detail parameter yang ada
[root@localhost centos(keystone_admin)]# openstack user create --help
usage: openstack user create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>] [--fit-width]
[--print-empty] [--noindent] [--prefix PREFIX]
[--domain <domain>] [--project <project>]
[--project-domain <project-domain>]
[--password <password>] [--password-prompt]
[--email <email-address>]
[--description <description>]
[--enable | --disable] [--or-show]
<name>
Create new user
positional arguments:
<name> New user name
optional arguments:
-h, --help show this help message and exit
--domain <domain> Default domain (name or ID)
--project <project> Default project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can
be used in case collisions between project names
exist.
--password <password>
Set user password
--password-prompt Prompt interactively for password
--email <email-address>
Set user email address
--description <description>
User description
--enable Enable user (default)
--disable Disable user
--or-show Return existing user
Untuk lebih singkat nya, gunakan command
openstack user create --password-prompt <username>
[root@localhost centos(keystone_admin)]# openstack user create --password-prompt admin_konfigurasi
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2aa274d6a1fc487c9620ba1c2ce3b185 |
| name | admin_konfigurasi |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Sekarang, kita cek apakah user yang dibuat tadi sudah ada
[root@localhost centos(keystone_admin)]# openstack user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 23e4b8d17ec34921a44419fb243e2e9f | aodh |
| 2aa274d6a1fc487c9620ba1c2ce3b185 | admin_konfigurasi |
| 3261551f781840bcb52ac7e403717e1c | glance |
| 3eb5ec95b83e424bbee3ade5ee43f737 | neutron |
| 6b1887d907aa4920afc848db9707c431 | admin |
| 6d3ec2aa483f4cb598bfdb7a5394dd69 | ceilometer |
| 76abbdc01fe741d8976fc49ded6093d4 | swift |
| 8301050d83804fe399e3731b0979f144 | demo |
| 84af867a7810494e8dd837fe05d05f1b | gnocchi |
| 93c6646c3d654084abb2710971e846db | nova |
| 946edb0acc2d4b97bffffbaee8ff3474 | placement |
| ac80bdff114a4b82a7afbf34c3949cf1 | cinder |
+----------------------------------+-------------------+
[root@localhost centos(keystone_admin)]# openstack user show admin_konfigurasi
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2aa274d6a1fc487c9620ba1c2ce3b185 |
| name | admin_konfigurasi |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Seperti yang kita coba diatas, ada beberapa parameter (field) yang bisa diset, tapi kita menggunakan parameter standar saja pada saat create user. Sekarang, kita coba set salah satu field nya
[root@localhost centos(keystone_admin)]# openstack user set --email admin_konfigurasi@konfigurasi.net admin_konfigurasi
[root@localhost centos(keystone_admin)]# openstack user show admin_konfigurasi
+---------------------+-----------------------------------+
| Field | Value |
+---------------------+-----------------------------------+
| domain_id | default |
| email | admin_konfigurasi@konfigurasi.net |
| enabled | True |
| id | 2aa274d6a1fc487c9620ba1c2ce3b185 |
| name | admin_konfigurasi |
| options | {} |
| password_expires_at | None |
+---------------------+-----------------------------------+
Untuk menghapus, gunakan command
openstack user delete <username> atau openstack user delete <id> [root@localhost centos(keystone_admin)]# openstack user delete admin_konfigurasi [root@localhost centos(keystone_admin)]# openstack user delete 2aa274d6a1fc487c9620ba1c2ce3b185
List pada dashboard
Roles
Seperti sebelumnya, tambahkan help, untuk mengetahui command yang tersedia
[root@localhost centos(keystone_admin)]# openstack role --help Command "role" matches: role add role assignment list role create role delete role list role remove role set role show
Cek role yang ada
[root@localhost centos(keystone_admin)]# openstack role list +----------------------------------+---------------+ | ID | Name | +----------------------------------+---------------+ | 10f7aa8a9e23466c97d3bb8ab85405be | admin | | 322e5fb05de44c40b96586bef6c36696 | ResellerAdmin | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | e591126e24d04f09a37ec4de20ad0088 | SwiftOperator | +----------------------------------+---------------+
User pada openstack, memerlukan role untuk mengetahui, “hak”/”kewenangan” user. Seperti dilihat diatas, ada 4 role, dan untuk user biasa, role nya adalah _member_.
Untuk menambahkan, gunakan command
openstack role add --project <projectname> --user <username> <role>
[root@localhost centos(keystone_admin)]# openstack role add --project konfigurasi --user admin_konfigurasi _member_
Untuk cek berdasarkan project
[root@localhost centos(keystone_admin)]# openstack role assignment list --name --project konfigurasi +----------+---------------------------+-------+---------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------+---------------------------+-------+---------------------+--------+-----------+ | _member_ | admin_konfigurasi@Default | | konfigurasi@Default | | False | +----------+---------------------------+-------+---------------------+--------+-----------+
Untuk cek berdasarkan user
[root@localhost centos(keystone_admin)]# openstack role assignment list --name --user admin_konfigurasi +----------+---------------------------+-------+---------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------+---------------------------+-------+---------------------+--------+-----------+ | _member_ | admin_konfigurasi@Default | | konfigurasi@Default | | False | +----------+---------------------------+-------+---------------------+--------+-----------+
Atau bisa juga gabungkan user dan project
[root@localhost centos(keystone_admin)]# openstack role assignment list --name --project konfigurasi --user admin_konfigurasi +----------+---------------------------+-------+---------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------+---------------------------+-------+---------------------+--------+-----------+ | _member_ | admin_konfigurasi@Default | | konfigurasi@Default | | False | +----------+---------------------------+-------+---------------------+--------+-----------+
Sekarang, kita coba membuat role baru
[root@localhost centos(keystone_admin)]# openstack role create writer +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 4a5115356f9643fa92c1028338cdcc9b | | name | writer | +-----------+----------------------------------+
Untuk cek atau verifikasi
[root@localhost centos(keystone_admin)]# openstack role list +----------------------------------+---------------+ | ID | Name | +----------------------------------+---------------+ | 10f7aa8a9e23466c97d3bb8ab85405be | admin | | 322e5fb05de44c40b96586bef6c36696 | ResellerAdmin | | 4a5115356f9643fa92c1028338cdcc9b | writer | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | e591126e24d04f09a37ec4de20ad0088 | SwiftOperator | +----------------------------------+---------------+ [root@localhost centos(keystone_admin)]# openstack role show writer +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 4a5115356f9643fa92c1028338cdcc9b | | name | writer | +-----------+----------------------------------+
User yang ada bisa memiliki lebih dari 1 role, sekarang kita coba tambahkan user yang tadi sudah diadd pada role _member_, ke role writer
[root@localhost centos(keystone_admin)]# openstack role assignment list --name --project konfigurasi --user admin_konfigurasi +----------+---------------------------+-------+---------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------+---------------------------+-------+---------------------+--------+-----------+ | writer | admin_konfigurasi@Default | | konfigurasi@Default | | False | | _member_ | admin_konfigurasi@Default | | konfigurasi@Default | | False | +----------+---------------------------+-------+---------------------+--------+-----------+
Untuk menghapus, gunakan command
openstack role delete <name>
[root@localhost centos(keystone_admin)]# openstack role delete writer
Sekarang kita coba create role baru lagi dan assign user serta project ke role tersebut
[root@localhost centos(keystone_admin)]# openstack role create contributor +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 8cc039326d4948c3a0898abebe501572 | | name | contributor | +-----------+----------------------------------+ [root@localhost centos(keystone_admin)]# openstack role add --project konfigurasi --user admin_konfigurasi contributor [root@localhost centos(keystone_admin)]# openstack role assignment list --name --project konfigurasi --user admin_konfigurasi +-------------+---------------------------+-------+---------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +-------------+---------------------------+-------+---------------------+--------+-----------+ | contributor | admin_konfigurasi@Default | | konfigurasi@Default | | False | | _member_ | admin_konfigurasi@Default | | konfigurasi@Default | | False | +-------------+---------------------------+-------+---------------------+--------+-----------+ [root@localhost centos(keystone_admin)]# openstack role list +----------------------------------+---------------+ | ID | Name | +----------------------------------+---------------+ | 10f7aa8a9e23466c97d3bb8ab85405be | admin | | 322e5fb05de44c40b96586bef6c36696 | ResellerAdmin | | 8cc039326d4948c3a0898abebe501572 | contributor | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | e591126e24d04f09a37ec4de20ad0088 | SwiftOperator | +----------------------------------+---------------+
Apabila dicek pada dashboard
Ok, sementara itu dulu ya, dilanjut untuk COA series di posting berikutnya
One comment
Terima kasih, sangat membantu dalam mengimplementasikan users dan roles.