Learning OpenStack Networking
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Defining users, projects, and roles in Keystone

Once the installation of Keystone is complete, it is necessary to set up domains, users, projects, roles, and endpoints that will be used by various OpenStack services.

In this installation, the default domain will be used.

In Keystone, a project (or tenant) represents a logical group of users to which resources are assigned. The terms project and tenant are used interchangeably throughout various OpenStack services, but project is the preferred term. Resources are assigned to projects and not directly to users. An admin project, user, and role were created during the Keystone bootstrap process. Create a demo project for regular users and a service project for other OpenStack services to use:

    # openstack project create --description "Service Project" service
    # openstack project create --description "Demo Project" demo

Next, create a regular user called demo. Specify a secure password for the demo user:

    # openstack user create demo --password=demo

Create the user role:

    # openstack role create user

Lastly, add the user role to the demo user in the demo project:

    # openstack role add --project demo --user demo user
上一章目录下一章