The first task will be to create the new tenant/project in Keystone and add the users, Jane and John Doe, as users and members. We will also be adding our admin account as an admin on the new tenant, so we can support them in the future.
We can perform these actions in two ways, the command line and the GUI; you can choose either of the methods depending on your preference (please remember that only one of them needs to be followed).
Log in to Horizon, by going to http://<controllernodeIP>/horizon
, which in our case is http://172.22.6.95/horizon
. Authenticate using the admin credentials that we have been using, admin/h33l0world
To create the project, follow these steps:
You would already see the existing tenants, admin and service tenant that we created in the beginning.
The project is now created, as shown here:
To add users, follow these steps:
Pa55word
. We will also associate them with a new tenant and give them member
permissions.Repeat the preceding steps for the second user, and now both the users have been created in the system.
The users that we have created are already associated with the project as members, but we need to add our admin user as an admin to the project, and potentially other users that were created before could be added by this method, or we can change the role mapping of the user using this method. To do this, follow these steps:
We can choose to give more roles to Jane and John from this screen, or remove them from the project.
So, the first part of setting up the project is done. You can test this by logging out of the portal and logging in as Jane or John, as shown in the following screenshot:
If a user is assigned to multiple projects, they can change the current project from the top of the screen as shown in the previous screenshot.
In order to do the same things we did using the GUI while using the CLI, all it takes is a bunch of commands:
We log in to the controller node, and as with all the CLI commands, we export the authentication parameters in the command line using the source
command or individually using the export
command. We have stored it in the os.txt
file in our home folder.
source ~alokas/os.txt
To create a project, we execute the create tenant
command:
keystone tenant-create --name TestingCloud --description ""
This should create the project.
We create the users in the project using the user-create
command:
keystone user-create --name johnd --pass Pa55word --email [email protected] keystone user-create --name janed --pass Pa55word --email [email protected]
We now associate the users to the tenant and map them to the member
roles, using the following commands:
keystone user-role-add --user johnd --tenant TestingCloud --role member keystone user-role-add --user janed --tenant TestingCloud --role member keystone user-role-add --user admin --tenant TestingCloud --role admin