openstack/keystone
Code Issues Proposed changes
Files
07bc97f82c92dc51b85a8305b65e20416b8f70b4
keystone/doc/source/install/common/keystone-users.inc
Gage Hugo 04515333f4 Copy specific distro pages for install guide 
This change breaks the get-started-identity, keystone-users,
and keystone-openrc pages into multiple copies for each distribution
release in the keystone install guides. Before this change, sphinx
would not render the links correctly and these pages would be skipped
in both the RDO and Ubuntu guides.

To avoid unneccessary duplication of the same text, the files were
moved into common/ and are simply included into the newly created
files for each release.

Change-Id: I7b478504f1e68034ea993c0214705045da86bb6e
Closes-Bug: #1712335
2017-08-29 16:27:52 -05:00

134 lines
4.6 KiB
ReStructuredText
Raw Blame History

.. -*- rst -*-
Create a domain, projects, users, and roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Identity service provides authentication services for each OpenStack
service. The authentication service uses a combination of domains,
projects, users, and roles.
#. Although the "default" domain already exists from the `keystone-manage
bootstrap` step in this guide, a formal way to create a new domain would be:
.. code-block:: console
$ openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
+-------------+----------------------------------+
.. end
#. This guide uses a service project that contains a unique user for each
service that you add to your environment. Create the ``service``
project:
.. code-block:: console
$ openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
.. end
#. Regular (non-admin) tasks should use an unprivileged project and user.
As an example, this guide creates the ``demo`` project and user.
* Create the ``demo`` project:
.. code-block:: console
$ openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
.. end
.. note::
Do not repeat this step when creating additional users for this
project.
* Create the ``demo`` user:
.. code-block:: console
$ openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
.. end
* Create the ``user`` role:
.. code-block:: console
$ openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | user |
+-----------+----------------------------------+
.. end
* Add the ``user`` role to the ``demo`` project and user:
.. code-block:: console
$ openstack role add --project demo --user demo user
.. end
.. note::
This command provides no output.
.. note::
You can repeat this procedure to create additional projects and
users.
View Git Blame Copy Permalink