OpenStack:FolsomUserOnboarding
From DocWiki
(Difference between revisions)
(Created page with "There are multiple ways to onboard users, and though the preferred method might be to tie into the corporate or organization's LDAP or AD service, often it is necessary or desire...") |
|||
| Line 1: | Line 1: | ||
| - | There are multiple ways to onboard users, and though the preferred method might be to tie into the corporate or organization's LDAP or AD service, often it is necessary or desired to set up users against Keystone local authentication methods. This process can be done manually via API calls or with the keystone CLI tools, but I find a simple script makes this much more efficient, and reduces the chance of grabbing the wrong id when the number of users and projects starts to grow. | + | There are multiple ways to onboard users, and though the preferred method might be to tie into the corporate or organization's LDAP or AD service, often it is necessary or desired to set up users against Keystone local authentication methods. This process can be done manually via API calls or with the keystone CLI tools, but I find a simple script makes this much more efficient, and reduces the chance of grabbing the wrong id when the number of users and projects starts to grow. |
| - | + | <br> | |
| - | < | + | <code> |
| - | #!/bin/bash | + | <pre> |
| - | + | #!/bin/bash | |
| - | + | source ~/openrc | |
| - | </ | + | |
| + | echo Argv: $# | ||
| + | |||
| + | if [[ $# -lt 3 ]] | ||
| + | then | ||
| + | echo -e "Usage:\n${0} user password e-mail@address [tenant=openstack]" | ||
| + | else | ||
| + | user_id=`keystone user-list | grep ${1} | awk -F' ' '{print $2}'` | ||
| + | if [ ! -z ${user_id} ] | ||
| + | then | ||
| + | echo "error! username already exists" | ||
| + | exit 1 | ||
| + | fi | ||
| + | if [[ $# -eq 3 ]] | ||
| + | then | ||
| + | tenant_id=`keystone tenant-list | grep openstack | awk -F' ' '{print $2}'` | ||
| + | keystone user-create --name=${1} --pass=${2} --email=${3} --tenant-id=${tenant_id} | ||
| + | else | ||
| + | tenant_id=`keystone tenant-list | grep ${4} | awk -F' ' '{print $2}'` | ||
| + | if [ -z ${tenant_id} ]; then | ||
| + | keystone tenant-create --name=${4} | ||
| + | tenant_id=`keystone tenant-list | grep ${4} | awk -F' ' '{print $2}'` | ||
| + | fi | ||
| + | keystone user-create --name=${1} --pass=${2} --email=${3} --tenant-id=${tenant_id} | ||
| + | fi | ||
| + | fi | ||
| + | </pre> | ||
| + | </code> | ||
That's the simplest way to get a user onboarded. | That's the simplest way to get a user onboarded. | ||
Latest revision as of 08:40, 21 February 2013
There are multiple ways to onboard users, and though the preferred method might be to tie into the corporate or organization's LDAP or AD service, often it is necessary or desired to set up users against Keystone local authentication methods. This process can be done manually via API calls or with the keystone CLI tools, but I find a simple script makes this much more efficient, and reduces the chance of grabbing the wrong id when the number of users and projects starts to grow.
#!/bin/bash
source ~/openrc
echo Argv: $#
if [[ $# -lt 3 ]]
then
echo -e "Usage:\n${0} user password e-mail@address [tenant=openstack]"
else
user_id=`keystone user-list | grep ${1} | awk -F' ' '{print $2}'`
if [ ! -z ${user_id} ]
then
echo "error! username already exists"
exit 1
fi
if [[ $# -eq 3 ]]
then
tenant_id=`keystone tenant-list | grep openstack | awk -F' ' '{print $2}'`
keystone user-create --name=${1} --pass=${2} --email=${3} --tenant-id=${tenant_id}
else
tenant_id=`keystone tenant-list | grep ${4} | awk -F' ' '{print $2}'`
if [ -z ${tenant_id} ]; then
keystone tenant-create --name=${4}
tenant_id=`keystone tenant-list | grep ${4} | awk -F' ' '{print $2}'`
fi
keystone user-create --name=${1} --pass=${2} --email=${3} --tenant-id=${tenant_id}
fi
fi
That's the simplest way to get a user onboarded.
