openstack/openstack-manuals
Code Issues Proposed changes
Files
stable/ocata
openstack-manuals/doc/install-guide/source/keystone-users.rst
Chen 929af1d3e4 Make description more precise 
After reading about identity-concepts on page
https://docs.openstack.org/admin-guide/identity-concepts.html,
I believe rewriting the line in this way makes it more precise and
easier to be understood.

Change-Id: Ia904f164a6b553cf68c12b651ebe68ae81024e77
2017-07-04 09:06:09 +00:00

3.9 KiB
Raw Permalink Blame History

Create a domain, projects, users, and roles

The Identity service provides authentication services for each OpenStack service. The authentication service uses a combination of domains <domain>, projects<project>, users<user>, and roles<role>.

  1. This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project:

    $ openstack project create --domain default \
  --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+

  2. Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the demo project and user.

    • Create the demo project:

      $ openstack project create --domain default \
  --description "Demo Project" demo

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+

      Note

      Do not repeat this step when creating additional users for this project.

    • Create the demo user:

      $ openstack user create --domain default \
  --password-prompt demo

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aeda23aa78f44e859900e22c24817832 |
| name                | demo                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

    • Create the user role:

      $ openstack role create user

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 997ce8d05fc143ac97d83fdfb5998552 |
| name      | user                             |
+-----------+----------------------------------+

    • Add the user role to the demo user of the demo project:

      $ openstack role add --project demo --user demo user

      Note

      This command provides no output.

Note

You can repeat this procedure to create additional projects and users.

View Git Blame Copy Permalink