(1)创建租户
登录OpenStack平台,创建租户depA和depB,并且在这两个租户下各创一个用户userA和userB的普通用户,创建完之后(创建过程不再赘述),使用命令查看,命令如下:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 0dd87985eb314fed828e6888aed4880d | demo |
| 525075abb84e4e088dfe3adc4da61e72 | depB |
| 55b50cbb4dd4459b873cb15a8b03db43 | admin |
| a184a157399043c2a40abc52df0459a2 | service |
| df58511d2c914690b48e89f1e512ae6b | depA |
+----------------------------------+---------+
[root@controller ~]# openstack user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 0f8782af6a654d77b587e25a32f91f28 | cinder |
| 1ab30f77400448eba6b2d47e55084540 | demo |
| 2550fa93b1fe4cb582f1f46353b836d8 | ceilometer |
| 2d2a345336184b1ebbdf022f710084e8 | neutron |
| 48b816f9db9541b4bd9ca49ad453574c | glance |
| 4c989a43a75c477bb4f9b7566cde6028 | userA |
| 765a16c99d7d42a4b69ff941f7791b54 | aodh |
| 788efa329f324b91a431ad56cd7b9a14 | nova |
| 7ecae98d16d54483b964c9c2548fd7bc | swift |
| 8a33fc3342154a3ca264ae7b918648ba | userB |
| 962612a3e7784df38d0c98fea1f30320 | heat |
| 9ee4731c00c24f659b8790be6b77bc8a | admin |
| d6fdd1e5e1a348e0b6c5b8c7f33ba5fa | placement |
| d957a578fed2452ab91bc651f2f1fb97 | heat_domain_admin |
| e91070fa751e49689963b566db999bee | gnocchi |
+----------------------------------+-------------------+可以看见租户与用户均已存在。
(2)上传镜像
使用cirros-0.3.4-x86_64-disk.img上传至控制节点的/root目录下,并上传至云平台中,命令如下:
[root@controller ~]# glance image-create --name cirros --disk-format qcow2 --container-format bare --progress ] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-02-10T05:31:48Z |
| disk_format | qcow2 |
| id | 1fa9cbfe-392f-437e-ad18-f00987415b15 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 55b50cbb4dd4459b873cb15a8b03db43 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-02-10T05:31:49Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------+上传镜像后,userA和userB都不能看到该镜像。接下来做相关配置,使得A租户中的用户可以看到该镜像。
(3)权限配置
首先将镜像共享给A租户,命令如下:
[root@controller ~]# glance member-create 1fa9cbfe-392f-437e-ad18-f00987415b15 df58511d2c914690b48e89f1e512ae6b
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| 1fa9cbfe-392f-437e-ad18-f00987415b15 | df58511d2c914690b48e89f1e512ae6b | pending |
+--------------------------------------+----------------------------------+---------+在共享之后,镜像的状态是pending状态,此时还需要激活镜像,命令如下:
[root@openstack ~]# glance member-update 1fa9cbfe-392f-437e-ad18-f00987415b15 df58511d2c914690b48e89f1e512ae6b accepted
+--------------------------------------+----------------------------------+----------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+----------+
| 1fa9cbfe-392f-437e-ad18-f00987415b15 | df58511d2c914690b48e89f1e512ae6b | accepted |
+--------------------------------------+----------------------------------+----------+此时镜像的状态就变为了accepted,可以在dashboard界面登录userA用户,查看是否可以看到cirros镜像(也可以登录userB用户,查看是否能看到镜像),如图3-1所示:
图3-1 镜像界面
通过这种方式,可以使用管理员设置不同租户对不同镜像的访问权限。
