Defining users, projects, and roles in Keystone

Once the installation of Keystone is complete, it is necessary to set up domains, users, projects, roles, and endpoints that will be used by various OpenStack services.

In this installation, the default domain will be used.

In Keystone, a project (or tenant) represents a logical group of users to which resources are assigned. The terms project and tenant are used interchangeably throughout various OpenStack services, but project is the preferred term. Resources are assigned to projects and not directly to users. An admin project, user, and role were created during the Keystone bootstrap process. Create a demo project for regular users and a service project for other OpenStack services to use:

    # openstack project create --description "Service Project" service
    # openstack project create --description "Demo Project" demo

Next, create a regular user called demo. Specify a secure password for the demo user:

    # openstack user create demo --password=demo

Create the user role:

    # openstack role create user

Lastly, add the user role to the demo user in the demo project:

    # openstack role add --project demo --user demo user
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset