OpenStack – User Management

OpenStack – User Management

As an administrator, you manage projects, users, and roles. Projects are organizational units in the cloud to which you can assign users. Projects are also known as projects or accounts. Users can be members of one or more projects. Roles define which actions users can perform. You assign roles to user-project pairs.

List all users in OpenStack environment.


$ openstack user list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 352b37f5c89144d4ad0534139266d51f | admin    |
| 86c0de739bcb4802b8dc786921355813 | demo     |
| 32ec34aae8ea432e8af560a1cec0e881 | glance   |
| 7047fcb7908e420cb36e13bbd72c972c | nova     |
+----------------------------------+----------+

To create a user, you must specify a name. Optionally, you can specify a project ID, password, and email address. It is recommended that you include the project ID and password because the user cannot log in to the dashboard without this information.

Create the new-user user

 

$ openstack user create --project new-project --password PASSWORD new-user
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| email      | None                             |
| enabled    | True                             |
| id         | 6322872d9c7e445dbbb49c1f9ca28adc |
| name       | new-user                         |
| project_id | 0b0b995694234521bf93c792ed44247f |
| username   | new-user                         |
+------------+----------------------------------+

You can update the name, email address, and enabled status for a user.

 

$ openstack user set USER_NAME --disable

$ openstack user set USER_NAME --enable
$ openstack user set USER_NAME --name user-new --email new-user@example.com
User has been updated.

Delete a specified user account.

$ openstack user delete USER_NAME

List the available roles in OpenStack.

$ openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member        |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_      |
| 6ecf391421604da985db2f141e46a7c8 | admin         |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole   |
+----------------------------------+---------------+

Users can be members of multiple projects. To assign users to multiple projects, define a role and assign that role to a user-project pair.

Create the new-role role.

$ openstack role create new-role
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a34425c884c74c8881496dc2c2e84ffc |
| name      | new-role                         |
+-----------+----------------------------------+

To assign a user to a project, you must assign the role to a user-project pair. To do this, you need the user, role, and project IDs.

$ openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME

Verify the role assignment

$ openstack role list --user USER_NAME --project TENANT_ID
Listing assignments using role list is deprecated as of the Newton release. Use role assignment list --user <user-name> --project <project-name> --names instead.
+----------------------------------+-------------+---------+------+
| ID                               | Name        | Project | User |
+----------------------------------+-------------+---------+------+
| a34425c884c74c8881496dc2c2e84ffc | new-role    | demo    | demo |
| 04a7e3192c0745a2b1e3d2baf5a3ee0f | Member      | demo    | demo |
| 62bcf3e27eef4f648eb72d1f9920f6e5 | anotherrole | demo    | demo |
+----------------------------------+-------------+---------+------+

View details for a specified role

$ openstack role show ROLE_NAME
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a34425c884c74c8881496dc2c2e84ffc |
| name      | new-role                         |
+-----------+----------------------------------+

Remove a role from a user-project pair

$ openstack role remove --user USER_NAME --project TENANT_ID ROLE_NAME

No Comments

Post a Reply

Inquire Now
close slider