Verify operation

Verify operation This section describes how to verify operation of the Identity service. Unset the temporary OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables: $ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT As the admin tenant and user, request an authentication token: $ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 token-get Replace ADMIN_PASS with the password you chose for the admin user in the Identity service. You might need to use single quotes (') around your password if it includes special characters. Lengthy output that includes a token value verifies operation for the admin tenant and user. As the admin tenant and user, list tenants to verify that the admin tenant and user can execute admin-only CLI commands and that the Identity service contains the tenants that you created in : As the admin tenant and user, list tenants to verify that the admin tenant and user can execute admin-only CLI commands and that the Identity service contains the tenants created by the configuration tool: $ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 tenant-list +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | 6f4c1e4cbfef4d5a8a1345882fbca110 | admin | True | | 4aa51bb942be4dd0ac0555d7591f80a6 | demo | True | | 6b69202e1bf846a4ae50d65bc4789122 | service | True | +----------------------------------+----------+---------+ Because OpenStack generates IDs dynamically, you will see different values from this example command output. As the admin tenant and user, list users to verify that the Identity service contains the users that you created in : As the admin tenant and user, list users to verify that the Identity service contains the users created by the configuration tool: $ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 user-list +----------------------------------+---------+---------+---------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+---------------------+ | ea8c352d253443118041c9c8b8416040 | admin | True | admin@example.com | | 7004dfa0dda84d63aef81cf7f100af01 | demo | True | demo@example.com | +----------------------------------+---------+---------+---------------------+ As the admin tenant and user, list roles to verify that the Identity service contains the role that you created in : As the admin tenant and user, list roles to verify that the Identity service contains the role created by the configuration tool: $ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | bff3a6083b714fa29c9344bf8930d199 | admin | +----------------------------------+----------+ As the demo tenant and user, request an authentication token: $ keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \ --os-auth-url http://controller:35357/v2.0 token-get +-----------+----------------------------------+ | Property | Value | +-----------+----------------------------------+ | expires | 2014-10-10T12:51:33Z | | id | 1b87ceae9e08411ba4a16e4dada04802 | | tenant_id | 4aa51bb942be4dd0ac0555d7591f80a6 | | user_id | 7004dfa0dda84d63aef81cf7f100af01 | +-----------+----------------------------------+ Replace DEMO_PASS with the password you chose for the demo user in the Identity service. As the demo tenant and user, attempt to list users to verify that you cannot execute admin-only CLI commands: $ keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \ --os-auth-url http://controller:35357/v2.0 user-list You are not authorized to perform the requested action, admin_required. (HTTP 403) Each OpenStack service references a policy.json file to determine the operations available to a particular tenant, user, or role. For more information, see the Operations Guide - Managing Projects and Users.