openstack/openstack-manuals
Code Issues Proposed changes

Flattened chapter structure.

Browse Source 
Added basic Manage Services chapter, and placed Identity and Compute sections inside. Redid Compute section header to match. Removed installation instructions (user should already have installed).

Change-Id: Iffb15804ea7c3b6e6ebed526fdd17c4e125184a8
This commit is contained in:
Summer Long
2013-10-16 17:44:54 +10:00
committed by Diane Fleming
parent a27fadcdb4
commit ccc11916b6
7 changed files with 325 additions and 290 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
doc/common/section_cli_overview.xml
View File

@@ -40,56 +40,66 @@
</listitem>
<listitem>
<para><emphasis role="bold">cinder</emphasis>
(<application>python-cinderclient</application>).
Client for the Block Storage
Service API that lets you create and manage
volumes.</para>
(<application>python-cinderclient</application>).
Client for the Block Storage Service API that lets you
create and manage volumes.</para>
</listitem>
<listitem>
<para><emphasis role="bold">glance</emphasis>
(<application>python-glanceclient</application>).
Client for the Image Service
API that lets you create and manage images.</para>
(<application>python-glanceclient</application>).
Client for the Image Service API that lets you create
and manage images.</para>
</listitem>
<listitem>
<para><emphasis role="bold">heat</emphasis>
(<application>python-heatclient</application>).
Client for the Orchestration API
that lets you launch stacks from templates, view
details of running stacks including events and
resources, and update and delete stacks.</para>
(<application>python-heatclient</application>).
Client for the Orchestration API that lets you launch
stacks from templates, view details of running stacks
including events and resources, and update and delete
stacks.</para>
</listitem>
<listitem>
<para><emphasis role="bold">keystone</emphasis>
(<application>python-keystoneclient</application>).
Client for the Identity
Service API that lets you create and manage users,
tenants, roles, endpoints, and credentials.</para>
(<application>python-keystoneclient</application>).
Client for the Identity Service API that lets you
create and manage users, tenants, roles, endpoints,
and credentials.</para>
</listitem>
<listitem>
<para><emphasis role="bold">neutron</emphasis>
(<application>python-neutronclient</application>).
Client for the Networking API
that lets you configure networks for guest servers.
This client was previously known as <emphasis
role="bold">quantum</emphasis>.</para>
(<application>python-neutronclient</application>).
Client for the Networking API that lets you configure
networks for guest servers. This client was previously
known as <emphasis role="bold"
>quantum</emphasis>.</para>
</listitem>
<listitem>
<para><emphasis role="bold">nova</emphasis>
(<application>python-novaclient</application>).
Client for the Compute API and
its extensions. Use to create and manage images,
instances, and flavors.</para>
(<application>python-novaclient</application>).
Client for the Compute API and its extensions. Use to
create and manage images, instances, and
flavors.</para>
</listitem>
<listitem>
<para><emphasis role="bold">swift</emphasis>
(<application>python-swiftclient</application>).
Client for the Object Storage
API that lets you gather statistics, list items,
update metadata, upload, download and delete files
stored by the Object Storage service. Provides access
to a swift installation for ad hoc processing.</para>
(<application>python-swiftclient</application>).
Client for the Object Storage API that lets you gather
statistics, list items, update metadata, upload,
download and delete files stored by the Object Storage
service. Provides access to a swift installation for
ad hoc processing.</para>
</listitem>
</itemizedlist>
<para>An OpenStack common client is in development.</para>
<para os="adminuser">See <link
xlink:href="http://docs.openstack.org/user-guide/content/install_clients.html"
>Install the OpenStack command-line clients</link> for
client installation instructions. See <link
xlink:href="http://docs.openstack.org/user-guide/content/cli_openrc.html"
>Download and source the OpenStack RC file</link> for
information about the OpenStack RC file. Both topics are in
the <link
xlink:href="http://docs.openstack.org/user-guide/content/index.html"
><citetitle>OpenStack End User
Guide</citetitle></link>.</para>
</section>

36
doc/common/section_glance_cli_manage_images.xml
View File

@@ -23,8 +23,8 @@
<procedure>
<step>
<para>To list the available images:</para>
<screen><prompt>$</prompt> <userinput>glance image-list</userinput></screen>
<screen><?db-font-size 45%?><computeroutput>+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
<screen><prompt>$</prompt> <userinput>glance image-list</userinput>
<computeroutput>+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| 397e713c-b95b-4186-ad46-6126863ea0a9 | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active |
@@ -34,15 +34,15 @@
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+</computeroutput></screen>
<para>You can use grep to filter the list, as
follows:</para>
<screen><prompt>$</prompt> <userinput>glance image-list | grep 'cirros'</userinput></screen>
<screen><?db-font-size 45%?><computeroutput>| 397e713c-b95b-4186-ad46-6126863ea0a9 | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active |
<screen><prompt>$</prompt> <userinput>glance image-list | grep 'cirros'</userinput>
<computeroutput>| 397e713c-b95b-4186-ad46-6126863ea0a9 | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active |
| df430cc2-3406-4061-b635-a51c16e488ac | cirros-0.3.1-x86_64-uec-kernel | aki | aki | 4955792 | active |
| 3cf852bd-2332-48f4-9ae4-7d926d50945e | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active |</computeroutput></screen>
</step>
<step>
<para>To get image details, by name or ID:</para>
<screen><prompt>$</prompt> <userinput>glance image-show myCirrosImage</userinput></screen>
<screen><?db-font-size 45%?><computeroutput>+---------------------------------------+--------------------------------------+
<screen><prompt>$</prompt> <userinput>glance image-show myCirrosImage</userinput>
<?db-font-size 45%?><computeroutput>+---------------------------------------+--------------------------------------+
| Property | Value |
+---------------------------------------+--------------------------------------+
| Property 'base_image_ref' | 397e713c-b95b-4186-ad46-6126863ea0a9 |
@@ -80,23 +80,29 @@
| status | active |
| updated_at | 2013-07-22T19:46:42 |
+---------------------------------------+--------------------------------------+</computeroutput></screen>
<note><para>The OpenStack Image Service can store location metadata for images, which can enable direct file access for a
client. Update <filename>/etc/glance/glance.conf</filename> with:</para>
<note><para>To store location metadata for images, which enables direct file
access for a client, update the
<filename>/etc/glance/glance.conf</filename>
file with the following statements:</para>
<para>
<itemizedlist>
<listitem>
<para><code>show_multiple_locations = True</code></para>
</listitem>
<listitem>
<para><code>filesystem_store_metadata_file =
<replaceable>filePath</replaceable></code>, where
<replaceable>filePath</replaceable> points to a JSON file
containing the mount point for OpenStack images on your system
and a unique ID. For example:
<programlisting language="json">[{
<para><code>filesystem_store_metadata_file
=
<replaceable>filePath</replaceable></code>,
where
<replaceable>filePath</replaceable>
points to a JSON file that defines
the mount point for OpenStack
images on your system and a unique
ID. For example:
<programlisting language="json">[{
"id": "b9d69795-5951-4cb0-bb5c-29491e1e2daf",
"mountpoint": "/var/lib/glance/images/"
}]</programlisting></para>
}]</programlisting></para>
</listitem>
</itemizedlist>
</para>

12
doc/common/section_nova_cli_manage_images.xml
View File

@@ -24,8 +24,8 @@
<step>
<para>To create the image, list instances to get the
server ID:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput></screen>
<screen><?db-font-size 50%?><computeroutput>+--------------------------------------+----------------------+--------+------------+-------------+------------------+
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<?db-font-size 50%?><computeroutput>+--------------------------------------+----------------------+--------+------------+-------------+------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+--------+------------+-------------+------------------+
| 84c6e57d-a6b1-44b6-81eb-fcb36afd31b5 | myCirrosServer | ACTIVE | None | Running | private=10.0.0.3 |
@@ -41,8 +41,8 @@
<step>
<para>Get details for your image to check its
status:</para>
<screen><prompt>$</prompt> <userinput>nova image-show <replaceable>IMAGE</replaceable></userinput></screen>
<screen><?db-font-size 50%?><computeroutput>+-------------------------------------+--------------------------------------+
<screen><prompt>$</prompt> <userinput>nova image-show <replaceable>IMAGE</replaceable></userinput>
<?db-font-size 50%?><computeroutput>+-------------------------------------+--------------------------------------+
| Property | Value |
+-------------------------------------+--------------------------------------+
| metadata owner_id | 66265572db174a7aa66eba661f58eb9e |
@@ -84,8 +84,8 @@
<para>To launch an instance from your image, include the
image ID and flavor ID, as follows:</para>
<screen><prompt>$</prompt> <userinput>nova boot newServer --image 7e5142af-1253-4634-bcc6-89482c5f2e8a \
--flavor 3</userinput></screen>
<screen><?db-font-size 50%?><computeroutput>+-------------------------------------+--------------------------------------+
--flavor 3</userinput>
<?db-font-size 50%?><computeroutput>+-------------------------------------+--------------------------------------+
| Property | Value |
+-------------------------------------+--------------------------------------+
| OS-EXT-STS:task_state | scheduling |

9
doc/user-guide-admin/ch_cli.xml
View File

@@ -12,11 +12,6 @@
<xi:include
href="../common/section_cli_overview.xml"/>
<?hard-pagebreak?>
<xi:include
href="../common/section_cli_install.xml"/>
<?hard-pagebreak?>
<xi:include href="../common/section_cli_openrc.xml"/>
<?hard-pagebreak?>
<xi:include
href="../common/section_cli_version.xml"/>
<?hard-pagebreak?>
@@ -26,9 +21,7 @@
<xi:include
href="section_keystone_cli_manage_projects_users_roles.xml"/>
<?hard-pagebreak?>
<xi:include href="../common/section_keystone_cli_services.xml"/>
<?hard-pagebreak?>
<xi:include href="section_nova_cli_services.xml"/>
<xi:include href="section_cli_manage_services.xml"/>
<?hard-pagebreak?>
<xi:include href="../common/section_glance_cli_manage_images.xml"/>
<?hard-pagebreak?>

11
doc/user-guide-admin/section_cli_manage_services.xml Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_cli_manage_services">
<?dbhtml stop-chunking?>
<title>Manage services</title>
<xi:include href="../common/section_keystone_cli_services.xml"/>
<?hard-pagebreak?>
<xi:include href="section_nova_cli_services.xml"/>
</section>

407
doc/user-guide-admin/section_keystone_cli_manage_projects_users_roles.xml
View File

@@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="admin_cli_manage_projects_users">
<?dbhtml stop-chunking?>
<?dbhtml stop-chunking?>
<title>Manage projects, users, and roles</title>
<para>As a cloud administrator, you manage projects, users, and
roles. Projects are organizational units in the cloud to which
@@ -28,11 +28,13 @@
<para>Before you can delete a user account, you must remove the
user account from its primary project.</para>
<para>Before you can run keystone client commands, you must
download and source an OpenStack RC file. See <xref
linkend="cli_openrc"/>.</para>
download and source an OpenStack RC file. See <link
xlink:href="http://docs.openstack.org/user-guide/content/cli_openrc.html"
>Download and source the OpenStack RC file</link>.</para>
<section xml:id="services">
<title>Services</title>
<para>To look at your service catalog, use these keystone client commands.</para>
<para>To look at your service catalog, use these keystone
client commands.</para>
<section xml:id="keystone-service-create">
<title><literal>service-create</literal></title>
<para>Keyword arguments:</para>
@@ -94,20 +96,21 @@ keystone service-get 08741d8ed88242ca88d1f61484a0fe3b</userinput>
keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
</screen>
</section>
<section xml:id="admin_cli_projects">
<title>Create a tenant (project)</title>
<para>A tenant is a group of zero or more users. In nova, a
tenant owns virtual machines. In swift, a tenant owns
containers. In the Dashboard, tenants are represented as projects.
Users can be associated with more than one tenant.
Each tenant and user pairing can have a role associated with
it.</para>
<procedure>
<step>
<para>To list all projects with their ID, name, and
whether they are enabled or disabled:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
<screen><computeroutput>+----------------------------------+--------------------+---------+
<section xml:id="admin_cli_projects">
<title>Create a tenant (project)</title>
<para>A tenant is a group of zero or more users. In nova,
a tenant owns virtual machines. In swift, a tenant
owns containers. In the Dashboard, tenants are
represented as projects. Users can be associated with
more than one tenant. Each tenant and user pairing can
have a role associated with it.</para>
<procedure>
<step>
<para>To list all projects with their ID, name,
and whether they are enabled or
disabled:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
<screen><computeroutput>+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin | True |
@@ -117,13 +120,13 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| 3943a53dc92a49b2827fae94363851e1 | service | True |
| 80cab5e1f02045abad92a2864cfd76cb | test_project | True |
+----------------------------------+--------------------+---------+</computeroutput></screen>
</step>
<step>
<para>Create a project named
<literal>new-project</literal>:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-create --name new-project --description 'my new project'</userinput></screen>
<para>By default, the project is enabled.</para>
<screen><computeroutput>+-------------+----------------------------------+
</step>
<step>
<para>Create a project named
<literal>new-project</literal>:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-create --name new-project --description 'my new project'</userinput></screen>
<para>By default, the project is enabled.</para>
<screen><computeroutput>+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | my new project |
@@ -131,34 +134,34 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| id | 1a4a0618b306462c9830f876b0bd6af2 |
| name | new-project |
+-------------+----------------------------------+</computeroutput></screen>
<para>Note the ID for the project so you can update it
in the next procedure.</para>
</step>
</procedure>
</section>
<section xml:id="cli_update_project">
<title>Update a project</title>
<para>Specify the project ID to update a project. You can
update the name, description, and enabled status of a
project.</para>
<procedure>
<step>
<para>To temporarily disable a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --enabled false</userinput></screen>
</step>
<step>
<para>To enable a disabled project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --enabled true</userinput></screen>
</step>
<step>
<para>To update the name of a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --name project-new</userinput></screen>
</step>
<step>
<para>To verify your changes, show information for the
updated project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-get <replaceable>PROJECT_ID</replaceable></userinput></screen>
<screen><computeroutput>+-------------+----------------------------------+
<para>Note the ID for the project so you can
update it in the next procedure.</para>
</step>
</procedure>
</section>
<section xml:id="cli_update_project">
<title>Update a project</title>
<para>Specify the project ID to update a project. You can
update the name, description, and enabled status of a
project.</para>
<procedure>
<step>
<para>To temporarily disable a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --enabled false</userinput></screen>
</step>
<step>
<para>To enable a disabled project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --enabled true</userinput></screen>
</step>
<step>
<para>To update the name of a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-update <replaceable>PROJECT_ID</replaceable> --name project-new</userinput></screen>
</step>
<step>
<para>To verify your changes, show information for
the updated project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-get <replaceable>PROJECT_ID</replaceable></userinput></screen>
<screen><computeroutput>+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | my new project |
@@ -166,27 +169,28 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| id | 1a4a0618b306462c9830f876b0bd6af2 |
| name | project-new |
+-------------+----------------------------------+</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="cli_project_delete">
<title>Delete a project</title>
<procedure>
<step>
<para>To delete a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-delete <replaceable>PROJECT_ID</replaceable></userinput></screen>
</step>
</procedure>
</section>
<section xml:id="admin_cli_user_accounts">
<title>Create a user</title>
<procedure>
<step>
<para>To list all users:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<para>The output shows the ID, name, enabled status,
and e-mail address for each user:</para>
<screen><computeroutput>+----------------------------------+----------+---------+----------------------+
</step>
</procedure>
</section>
<section xml:id="cli_project_delete">
<title>Delete a project</title>
<procedure>
<step>
<para>To delete a project:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-delete <replaceable>PROJECT_ID</replaceable></userinput></screen>
</step>
</procedure>
</section>
<section xml:id="admin_cli_user_accounts">
<title>Create a user</title>
<procedure>
<step>
<para>To list all users:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<para>The output shows the ID, name, enabled
status, and e-mail address for each
user:</para>
<screen><computeroutput>+----------------------------------+----------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
| 352b37f5c89144d4ad0534139266d51f | admin | True | admin@example.com |
@@ -194,18 +198,18 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| 32ec34aae8ea432e8af560a1cec0e881 | glance | True | glance@example.com |
| 7047fcb7908e420cb36e13bbd72c972c | nova | True | nova@example.com |
+----------------------------------+----------+---------+----------------------+</computeroutput></screen>
</step>
<step>
<para>To create a user, you must specify a name.
Optionally, you can specify a tenant ID, password,
and email address. It is recommended that you
include the tenant ID and password because the
user cannot log in to the dashboard without this
information.</para>
<para>To create the <literal>new-user</literal>
user:</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name new-user --tenant_id 1a4a0618b306462c9830f876b0bd6af2 --pass <replaceable>PASSWORD</replaceable></userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
</step>
<step>
<para>To create a user, you must specify a name.
Optionally, you can specify a tenant ID,
password, and email address. It is recommended
that you include the tenant ID and password
because the user cannot log in to the
dashboard without this information.</para>
<para>To create the <literal>new-user</literal>
user:</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name new-user --tenant_id 1a4a0618b306462c9830f876b0bd6af2 --pass <replaceable>PASSWORD</replaceable></userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
@@ -214,53 +218,54 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| name | new-user |
| tenantId | 1a4a0618b306462c9830f876b0bd6af2 |
+----------+----------------------------------+</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="cli_update_user">
<title>Update a user</title>
<para>You can update the name, email address, and enabled
status for a user.</para>
<procedure>
<step>
<para>To temporarily disable a user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --enabled false</userinput></screen>
<para>If you disable a user account, the user cannot
log in to the dashboard. However, data for the
user account is maintained, so you can enable the
user at any time.</para>
</step>
<step>
<para>To enable a disabled user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --enabled true</userinput></screen>
</step>
<step>
<para>To change the name and description for a user
account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --name user-new --email new-user@example.com</userinput></screen>
<screen><computeroutput>User has been updated.</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="cli_delete_user">
<title>Delete a user</title>
<procedure>
<step>
<para>To delete a specified user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-delete <replaceable>USER_ID</replaceable></userinput></screen>
</step>
</procedure>
</section>
<section xml:id="admin_cli_modify_projects">
<title>Create and assign a role</title>
<para>Users can be members of multiple projects. To assign
users to multiple projects, define a role and assign that
role to a user-project pair.</para>
<procedure>
<step>
<para>To list the available roles:</para>
<screen><prompt>$</prompt> <userinput>keystone role-list</userinput></screen>
<screen><computeroutput>+----------------------------------+---------------+
</step>
</procedure>
</section>
<section xml:id="cli_update_user">
<title>Update a user</title>
<para>You can update the name, email address, and enabled
status for a user.</para>
<procedure>
<step>
<para>To temporarily disable a user
account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --enabled false</userinput></screen>
<para>If you disable a user account, the user
cannot log in to the dashboard. However, data
for the user account is maintained, so you can
enable the user at any time.</para>
</step>
<step>
<para>To enable a disabled user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --enabled true</userinput></screen>
</step>
<step>
<para>To change the name and description for a
user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-update <replaceable>USER_ID</replaceable> --name user-new --email new-user@example.com</userinput></screen>
<screen><computeroutput>User has been updated.</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="cli_delete_user">
<title>Delete a user</title>
<procedure>
<step>
<para>To delete a specified user account:</para>
<screen><prompt>$</prompt> <userinput>keystone user-delete <replaceable>USER_ID</replaceable></userinput></screen>
</step>
</procedure>
</section>
<section xml:id="admin_cli_modify_projects">
<title>Create and assign a role</title>
<para>Users can be members of multiple projects. To assign
users to multiple projects, define a role and assign
that role to a user-project pair.</para>
<procedure>
<step>
<para>To list the available roles:</para>
<screen><prompt>$</prompt> <userinput>keystone role-list</userinput></screen>
<screen><computeroutput>+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
@@ -269,27 +274,28 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| 6ecf391421604da985db2f141e46a7c8 | admin |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
+----------------------------------+---------------+</computeroutput></screen>
</step>
<step>
<para>To create the <literal>new-role</literal>
role:</para>
<screen><prompt>$</prompt> <userinput>keystone role-create --name new-role</userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
</step>
<step>
<para>To create the <literal>new-role</literal>
role:</para>
<screen><prompt>$</prompt> <userinput>keystone role-create --name new-role</userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+----------+----------------------------------+</computeroutput></screen>
</step>
<step>
<para>To assign a user to a project, you must assign
the role to a user-project pair. To do this, you
need the user, role, and project IDs.</para>
<substeps>
<step>
<para>To list users:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<screen><computeroutput>+----------------------------------+----------+---------+----------------------+
</step>
<step>
<para>To assign a user to a project, you must
assign the role to a user-project pair. To do
this, you need the user, role, and project
IDs.</para>
<substeps>
<step>
<para>To list users:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<screen><computeroutput>+----------------------------------+----------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
| 352b37f5c89144d4ad0534139266d51f | admin | True | admin@example.com |
@@ -299,13 +305,13 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| 32ec34aae8ea432e8af560a1cec0e881 | glance | True | glance@example.com |
| 7047fcb7908e420cb36e13bbd72c972c | nova | True | nova@example.com |
+----------------------------------+----------+---------+----------------------+</computeroutput></screen>
<para>Note the ID of the user to which you
want to assign the role.</para>
</step>
<step>
<para>To list role IDs:</para>
<screen><prompt>$</prompt> <userinput>keystone role-list</userinput></screen>
<screen><computeroutput>+----------------------------------+---------------+
<para>Note the ID of the user to which you
want to assign the role.</para>
</step>
<step>
<para>To list role IDs:</para>
<screen><prompt>$</prompt> <userinput>keystone role-list</userinput></screen>
<screen><computeroutput>+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
@@ -315,13 +321,13 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
| bef1f95537914b1295da6aa038ef4de6 | new-role |
+----------------------------------+---------------+</computeroutput></screen>
<para>Note the ID of the role that you want to
assign.</para>
</step>
<step>
<para>To list projects:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
<screen><computeroutput>+----------------------------------+--------------------+---------+
<para>Note the ID of the role that you
want to assign.</para>
</step>
<step>
<para>To list projects:</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
<screen><computeroutput>+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin | True |
@@ -333,52 +339,53 @@ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b</userinput>
| 3943a53dc92a49b2827fae94363851e1 | service | True |
| 80cab5e1f02045abad92a2864cfd76cb | test_project | True |
+----------------------------------+--------------------+---------+</computeroutput></screen>
<para>Note the ID of the project to which you
want to assign the role.</para>
</step>
</substeps>
</step>
<step>
<para>Assign a role to a user-project pair. In this
example, you assign the
<literal>new-role</literal> role to the
<literal>demo</literal> and
<literal>test-project</literal> pair:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-add --user <replaceable>USER_ID</replaceable> --role <replaceable>ROLE_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
</step>
<step>
<para>To verify the role assignment:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-list --user <replaceable>USER_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
<screen><computeroutput>+----------------------------------+----------+----------------------------------+----------------------------------+
<para>Note the ID of the project to which
you want to assign the role.</para>
</step>
</substeps>
</step>
<step>
<para>Assign a role to a user-project pair. In
this example, you assign the
<literal>new-role</literal> role to the
<literal>demo</literal> and
<literal>test-project</literal>
pair:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-add --user <replaceable>USER_ID</replaceable> --role <replaceable>ROLE_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
</step>
<step>
<para>To verify the role assignment:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-list --user <replaceable>USER_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
<screen><computeroutput>+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| bef1f95537914b1295da6aa038ef4de6 | new-role | 86c0de739bcb4802b8dc786921355813 | 80cab5e1f02045abad92a2864cfd76cb |
+----------------------------------+----------+----------------------------------+----------------------------------+</computeroutput></screen>
</step>
<step>
<para>To get details for a specified role:</para>
<screen><prompt>$</prompt> <userinput>keystone role-get <replaceable>ROLE_ID</replaceable></userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
</step>
<step>
<para>To get details for a specified role:</para>
<screen><prompt>$</prompt> <userinput>keystone role-get <replaceable>ROLE_ID</replaceable></userinput></screen>
<screen><computeroutput>+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+----------+----------------------------------+</computeroutput></screen>
</step>
<step>
<para>To remove a role from a user-project
pair:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-remove --user <replaceable>USER_ID</replaceable> --role <replaceable>ROLE_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
</step>
<step>
<para>To verify the role removal, run the following
command:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-list --user <replaceable>USER_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
<para>If the role was removed, the
command output omits the removed role.</para>
</step>
</procedure>
</section>
</step>
<step>
<para>To remove a role from a user-project
pair:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-remove --user <replaceable>USER_ID</replaceable> --role <replaceable>ROLE_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
</step>
<step>
<para>To verify the role removal, run the
following command:</para>
<screen><prompt>$</prompt> <userinput>keystone user-role-list --user <replaceable>USER_ID</replaceable> --tenant <replaceable>TENANT_ID</replaceable></userinput></screen>
<para>If the role was removed, the command output
omits the removed role.</para>
</step>
</procedure>
</section>
</section>
<xi:include href="section_nova_cli_manage_projects_security.xml"/>
</section>

68
doc/user-guide-admin/section_nova_cli_services.xml
View File

@@ -3,13 +3,15 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="nova-manage-services">
<title>Manage services</title>
<para>You can enable and disable services. In the following example, we will disable and enable the nova-compute service.</para>
<title>Manage Compute services</title>
<para>You can enable and disable Compute services. The following
examples disable and enable the <systemitem role="service"
>nova-compute</systemitem> service.</para>
<procedure>
<step><para>List the nova services.</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>
+------------------+----------+----------+---------+-------+----------------------------+-----------------+
<step>
<para>List the nova services:</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>+------------------+----------+----------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------+----------+---------+-------+----------------------------+-----------------+
| nova-conductor | devstack | internal | enabled | up | 2013-10-16T00:56:08.000000 | None |
@@ -19,22 +21,26 @@
| nova-scheduler | devstack | internal | enabled | up | 2013-10-16T00:56:04.000000 | None |
| nova-consoleauth | devstack | internal | enabled | up | 2013-10-16T00:56:07.000000 | None |
+------------------+----------+----------+---------+-------+----------------------------+-----------------+</computeroutput></screen>
</step>
<step><para>Disable a nova service.</para>
<screen><prompt>$</prompt> <userinput>nova service-disable localhost.localdomain nova-compute --reason 'trial log'</userinput>
<computeroutput>
+----------+--------------+----------+-------------------+
</step>
<step>
<para>Disable a nova service:</para>
<screen><prompt>$</prompt> <userinput>nova service-disable localhost.localdomain nova-compute --reason 'trial log'</userinput>
<computeroutput>+----------+--------------+----------+-------------------+
| Host | Binary | Status | Disabled Reason |
+----------+--------------+----------+-------------------+
| devstack | nova-compute | disabled | Trial log |
+----------+--------------+----------+-------------------+</computeroutput></screen>
<note>
<para>For the Havana release, new optional parameter <parameter>--reason</parameter> has been included to help users log a reason for disabling a service.</para>
</note></step>
<step><para>Check the service list.</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>
+------------------+----------+----------+---------+-------+----------------------------+------------------+
<note>
<para>The Havana release introduces the optional
<parameter>--reason</parameter> parameter that
enables you to log a reason for disabling a
service.</para>
</note>
</step>
<step>
<para>Check the service list:</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>+------------------+----------+----------+---------+-------+----------------------------+------------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------+----------+---------+-------+----------------------------+------------------+
| nova-conductor | devstack | internal | enabled | up | 2013-10-16T00:56:48.000000 | None |
@@ -43,20 +49,21 @@
| nova-network | devstack | internal | enabled | up | 2013-10-16T00:56:51.000000 | None |
| nova-scheduler | devstack | internal | enabled | up | 2013-10-16T00:56:44.000000 | None |
| nova-consoleauth | devstack | internal | enabled | up | 2013-10-16T00:56:47.000000 | None |
+------------------+----------+----------+---------+-------+----------------------------+-----------------+</computeroutput></screen></step>
<step><para>Enable the service.</para>
<screen><prompt>$</prompt> <userinput>nova service-enable localhost.localdomain nova-compute</userinput>
<computeroutput>
+----------+--------------+---------+
+------------------+----------+----------+---------+-------+----------------------------+-----------------+</computeroutput></screen>
</step>
<step>
<para>Enable the service:</para>
<screen><prompt>$</prompt> <userinput>nova service-enable localhost.localdomain nova-compute</userinput>
<computeroutput>+----------+--------------+---------+
| Host | Binary | Status |
+----------+--------------+---------+
| devstack | nova-compute | enabled |
+----------+--------------+---------+</computeroutput></screen>
</step>
<step><para>Check the service list.</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>
+------------------+----------+----------+---------+-------+----------------------------+-----------------+
</step>
<step>
<para>Check the service list:</para>
<screen><prompt>$</prompt> <userinput>nova service-list</userinput>
<computeroutput>+------------------+----------+----------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------+----------+---------+-------+----------------------------+-----------------+
| nova-conductor | devstack | internal | enabled | up | 2013-10-16T00:57:08.000000 | None |
@@ -65,6 +72,7 @@
| nova-network | devstack | internal | enabled | up | 2013-10-16T00:57:11.000000 | None |
| nova-scheduler | devstack | internal | enabled | up | 2013-10-16T00:57:14.000000 | None |
| nova-consoleauth | devstack | internal | enabled | up | 2013-10-16T00:57:07.000000 | None |
+------------------+----------+----------+---------+-------+----------------------------+-----------------+</computeroutput></screen></step>
</procedure>
+------------------+----------+----------+---------+-------+----------------------------+-----------------+</computeroutput></screen>
</step>
</procedure>
</section>