Define Users, Tenants and Roles Using keystone Command:
Once you have installed and configured the keystone service , setup the users , tenants(Projects) and roles for your environment. Before running any keystone related commands, define the environment variables “ADMIN_TOKEN”, “OS_SERVICE_TOKEN” and “OS_SERVICE_ENDPOINT” instead of giving these parameters in each keystone command. These environment variable helps to reduce command length.
- Set the environment variable for for keystone service.
root@OSCTRL-UA:~#export ADMIN_TOKEN=a5d5bc4c4f358460ddc0 root@OSCTRL-UA:~#export OS_SERVICE_TOKEN=$ADMIN_TOKEN root@OSCTRL-UA:~#export OS_SERVICE_ENDPOINT=http://OSCTRL-UA:35357/v2.0
Refer step 6 to know the ADMIN_TOKEN value.
2. Create the user “admin” using the keystone command.
root@OSCTRL-UA:~# keystone user-create --name=admin --pass=admin123 --email=lingeshwaran.rangasamy@gmail.com +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | lingeshwaran.rangasamy@gmail.com | | enabled | True | | id | d154aa743ab4405c80055236c47ed98f | | name | admin | | username | admin | +----------+----------------------------------+ root@OSCTRL-UA:~#
3. Create a new role called “admin”.
root@OSCTRL-UA:~# keystone role-create --name=admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 58d6701963044a609f9d3724295effcd | | name | admin | +----------+----------------------------------+ root@OSCTRL-UA:~#
4. Create a new tenant called “admin”.
root@OSCTRL-UA:~# keystone tenant-create --name=admin --description="Admin Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | d14d6a07f862482398b3e3e4e8d581c6 | | name | admin | +-------------+----------------------------------+ root@OSCTRL-UA:~#
5. Link the admin user, admin role, and admin tenant together using the user-role-add option.
root@OSCTRL-UA:~# keystone user-role-add --user=admin --tenant=admin --role=admin root@OSCTRL-UA:~#
6. By default, the Identity Service creates a special _member_ role. The OpenStack dashboard automatically grants access to users with this role. You will give the admin user access to this role in addition to the admin role. Link the admin user, _member_ role, and admin tenant.
root@OSCTRL-UA:~# keystone user-role-add --user=admin --role=_member_ --tenant=admin root@OSCTRL-UA:~#
7. Let’s create the normal user.
root@OSCTRL-UA:~# keystone user-create --name=lingesh --pass=ling123 --email=lingeshwaran.rangasamy@gmail.com +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | lingeshwaran.rangasamy@gmail.com | | enabled | True | | id | 3f01d4f7aa9e477cb885334ab9c5929d | | name | lingesh | | username | lingesh | +----------+----------------------------------+ root@OSCTRL-UA:~#
8.Create the tenant called “lingesh”.
root@OSCTRL-UA:~# keystone tenant-create --name=lingesh --description="UnixArena Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | UnixArena Tenant | | enabled | True | | id | abe3af30f46b446fbae35a102457890c | | name | lingesh | +-------------+----------------------------------+ root@OSCTRL-UA:~#
9. Link the tenant lingesh with user “lingesh” . Here we are just assigning role as member.
root@OSCTRL-UA:~# keystone user-role-add --user=lingesh --role=_member_ --tenant=lingesh root@OSCTRL-UA:~#
Click on Page 3 to continue …….
Alex says
Hi,
Please, could you check the part2?
Error: Internal Server Error
BR
Lingeswaran R says
Could you please check it now?
Thank you
Lingesh
Alex says
Thank you, Perfect!
obfuscatu says
I get No role with a name or ID of ‘_member_’ exists.
hat possible cause be for this ?!
bowen says
it is the same with me , no _member_ user exists . But, it seems still work well until now.
Can anyone explain that ?