openstack/keystone
Code Issues Proposed changes
9d366a528b
keystone/doc/source/install/common/keystone-users.inc
Harry Rybacki 4d313b72dd Update install guides 
- Ensure myproject and myuser are used throughout the guide
consistently
- Add note that connection's host in keystone.conf must be resolveable

Change-Id: Icaaf6c1b7583ed75b7a6204d7fb1f3506e4e8937
2018-04-04 11:43:32 -04:00

138 lines
4.8 KiB
ReStructuredText
Raw Blame History

.. -*- rst -*-
Create a domain, projects, users, and roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Identity service provides authentication services for each OpenStack
service. The authentication service uses a combination of domains,
projects, users, and roles.
#. Although the "default" domain already exists from the `keystone-manage
bootstrap` step in this guide, a formal way to create a new domain would be:
.. code-block:: console
$ openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
.. end
#. This guide uses a service project that contains a unique user for each
service that you add to your environment. Create the ``service``
project:
.. code-block:: console
$ openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
.. end
#. Regular (non-admin) tasks should use an unprivileged project and user.
As an example, this guide creates the ``myproject`` project and ``myuser``
user.
* Create the ``myproject`` project:
.. code-block:: console
$ openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
.. end
.. note::
Do not repeat this step when creating additional users for this
project.
* Create the ``myuser`` user:
.. code-block:: console
$ openstack user create --domain default \
--password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
.. end
* Create the ``myrole`` role:
.. code-block:: console
$ openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | myrole |
+-----------+----------------------------------+
.. end
* Add the ``myrole`` role to the ``myproject`` project and ``myuser`` user:
.. code-block:: console
$ openstack role add --project myproject --user myuser myrole
.. end
.. note::
This command provides no output.
.. note::
You can repeat this procedure to create additional projects and
users.
View Git Blame Copy Permalink