Tenant and user management
by Tony Campbell, Egle Sigler, Cody Bunch, Kevin Jackson, Sunil Sarat, Alok Shrivas
OpenStack: Building a Cloud Environment
- OpenStack: Building a Cloud Environment
- Table of Contents
- OpenStack: Building a Cloud Environment
- OpenStack: Building a Cloud Environment
- Credits
- Preface
- 1. Module 1
- 1. An Introduction to OpenStack
- 2. Authentication and Authorization Using Keystone
- Identity concepts in Keystone
- Architecture and subsystems
- Installing common components
- Installing Keystone
- Verifying the installation
- Troubleshooting the installation and configuration
- Summary
- 3. Storing and Retrieving Data and Images using Glance, Cinder, and Swift
- Introducing storage services
- Working with Glance
- Working with Cinder
- Working with Swift
- Troubleshooting steps
- Summary
- 4. Building Your Cloud Fabric Controller Using Nova
- 5. Technology-Agnostic Network Abstraction Using Neutron
- The software-defined network paradigm
- Neutron
- Installing Neutron
- Troubleshooting Neutron
- Summary
- 6. Building Your Portal in the Cloud
- 7. Your OpenStack Cloud in Action
- 8. Taking Your Cloud to the Next Level
- Working with Heat
- Ceilometer
- Installing Ceilometer
- Installing Ceilometer on the compute node
- Installing Ceilometer on the storage node
- Testing the installation
- Billing and usage reporting
- Summary
- 9. Looking Ahead
- A. New Releases
- 2. Module 2
- 1. Keystone – OpenStack Identity Service
- Introduction
- Installing the OpenStack Identity Service
- Configuring OpenStack Identity for SSL communication
- Creating tenants in Keystone
- Configuring roles in Keystone
- Adding users to Keystone
- Defining service endpoints
- Creating the service tenant and service users
- Configuring OpenStack Identity for LDAP Integration
- 2. Glance – OpenStack Image Service
- Introduction
- Installing OpenStack Image Service
- Configuring OpenStack Image Service with OpenStack Identity Service
- Configuring OpenStack Image Service with OpenStack Object Storage
- Managing images with OpenStack Image Service
- Registering a remotely stored image
- Sharing images among tenants
- Viewing shared images
- Using image metadata
- Migrating a VMware image
- Creating an OpenStack image
- 3. Neutron – OpenStack Networking
- Introduction
- Installing Neutron and Open vSwitch on a dedicated network node
- Configuring Neutron and Open vSwitch
- Installing and configuring the Neutron API service
- Creating a tenant Neutron network
- Deleting a Neutron network
- Creating an external floating IP Neutron network
- Using Neutron networks for different purposes
- Configuring Distributed Virtual Routers
- Using Distributed Virtual Routers
- 4. Nova – OpenStack Compute
- Introduction
- Installing OpenStack Compute controller services
- Installing OpenStack Compute packages
- Configuring database services
- Configuring OpenStack Compute
- Configuring OpenStack Compute with OpenStack Identity Service
- Stopping and starting nova services
- Installation of command-line tools on Ubuntu
- Using the command-line tools with HTTPS
- Checking OpenStack Compute services
- Using OpenStack Compute
- Managing security groups
- Creating and managing key pairs
- Launching our first cloud instance
- Fixing a broken instance deployment
- Terminating your instances
- Using live migration
- Working with nova-schedulers
- Creating flavors
- Defining host aggregates
- Launching instances in specific Availability Zones
- Launching instances on specific Compute hosts
- Removing Nova nodes from a cluster
- 5. Swift – OpenStack Object Storage
- Introduction
- Configuring Swift services and users in Keystone
- Installing OpenStack Object Storage services – proxy server
- Configuring OpenStack Object Storage – proxy server
- Installing OpenStack Object Storage services – storage nodes
- Configuring physical storage for use with Swift
- Configuring Object Storage replication
- Configuring OpenStack Object Storage – storage services
- Making the Object Storage rings
- Stopping and starting OpenStack Object Storage
- Setting up SSL access
- 6. Using OpenStack Object Storage
- 7. Administering OpenStack Object Storage
- 8. Cinder – OpenStack Block Storage
- 9. More OpenStack
- Introduction
- Using cloud-init to run post-installation commands
- Using cloud-config to run the post-installation configuration
- Installing OpenStack Telemetry
- Using OpenStack Telemetry to interrogate usage statistics
- Installing Neutron LBaaS
- Using Neutron LBaaS
- Configuring Neutron FWaaS
- Using Neutron FWaaS
- Installing the Heat OpenStack Orchestration service
- Using Heat to spin up instances
- 10. Using the OpenStack Dashboard
- Introduction
- Installing OpenStack Dashboard
- Using OpenStack Dashboard for key management
- Using OpenStack Dashboard to manage Neutron networks
- Using OpenStack Dashboard for security group management
- Using OpenStack Dashboard to launch instances
- Using OpenStack Dashboard to terminate instances
- Using OpenStack Dashboard to connect to instances using a VNC
- Using OpenStack Dashboard to add new tenants – projects
- Using OpenStack Dashboard for user management
- Using OpenStack Dashboard with LBaaS
- Using OpenStack Dashboard with OpenStack Orchestration
- 11. Production OpenStack
- Introduction
- Installing the MariaDB Galera cluster
- Configuring HA Proxy for the MariaDB Galera cluster
- Configuring HA Proxy for high availability
- Installing and configuring Pacemaker with Corosync
- Configuring OpenStack services with Pacemaker and Corosync
- Bonding network interfaces for redundancy
- Automating OpenStack installations using Ansible – host configuration
- Automating OpenStack installations using Ansible – Playbook configuration
- Automating OpenStack installations using Ansible – running Playbooks
- 1. Keystone – OpenStack Identity Service
- 3. Module 3
- 1. The Troubleshooting Toolkit
- 2. Troubleshooting OpenStack Identity
- 3. Troubleshooting the OpenStack Image Service
- 4. Troubleshooting OpenStack Networking
- 5. Troubleshooting OpenStack Compute
- 6. Troubleshooting OpenStack Block Storage
- 7. Troubleshooting OpenStack Object Storage
- 8. Troubleshooting the OpenStack the Orchestration Service
- 9. Troubleshooting the OpenStack Telemetry Service
- 10. OpenStack Performance, Availability, and Reliability
- A. Bibliography
- Index
The first task will be to create the new tenant/project in Keystone and add the users, Jane and John Doe, as users and members. We will also be adding our admin account as an admin on the new tenant, so we can support them in the future.
We can perform these actions in two ways, the command line and the GUI; you can choose either of the methods depending on your preference (please remember that only one of them needs to be followed).
Log in to Horizon, by going to http://<controllernodeIP>/horizon, which in our case is http://172.22.6.95/horizon. Authenticate using the admin credentials that we have been using, admin/h33l0world
To create the project, follow these steps:
- Click on Identity | Projects (On the left pane)
You would already see the existing tenants, admin and service tenant that we created in the beginning.
- Now click on Create Project, as seen in the following screenshot:
- We can modify the quota for this project by going to the Quota tab, but since the project manager was fine with the defaults, we don't update the values. Click on Create Project.
The project is now created, as shown here:
To add users, follow these steps:
- Navigate to Identity | Users.
- You should be able to see the currently created admin and the service users; let's click on Create User, and then we can create the accounts for Jane Doe and John Doe and give them the password,
Pa55word. We will also associate them with a new tenant and give themmemberpermissions.
Repeat the preceding steps for the second user, and now both the users have been created in the system.
The users that we have created are already associated with the project as members, but we need to add our admin user as an admin to the project, and potentially other users that were created before could be added by this method, or we can change the role mapping of the user using this method. To do this, follow these steps:
We can choose to give more roles to Jane and John from this screen, or remove them from the project.
So, the first part of setting up the project is done. You can test this by logging out of the portal and logging in as Jane or John, as shown in the following screenshot:
If a user is assigned to multiple projects, they can change the current project from the top of the screen as shown in the previous screenshot.
In order to do the same things we did using the GUI while using the CLI, all it takes is a bunch of commands:
We log in to the controller node, and as with all the CLI commands, we export the authentication parameters in the command line using the source command or individually using the export command. We have stored it in the os.txt file in our home folder.
source ~alokas/os.txt
To create a project, we execute the create tenant command:
keystone tenant-create --name TestingCloud --description ""
This should create the project.
We create the users in the project using the user-create command:
keystone user-create --name johnd --pass Pa55word --email [email protected] keystone user-create --name janed --pass Pa55word --email [email protected]
We now associate the users to the tenant and map them to the member roles, using the following commands:
keystone user-role-add --user johnd --tenant TestingCloud --role member keystone user-role-add --user janed --tenant TestingCloud --role member keystone user-role-add --user admin --tenant TestingCloud --role admin
-
No Comment