Openstack(Kilo)安装系列之Keystone(四)
创建租间、用户、角色
一、To configure prerequisites
1.Configure the authentication token:
export OS_TOKEN=ADMIN_TOKEN
Replace ADMIN_TOKEN
with the authentication token
2.Configure the endpoint URL:
export OS_URL=http://controller:35357/v2.0
二、To create the service entity and API endpoint
1.The Identity service manages a catalog of services in your OpenStack environment. Services use this catalog to determine the other services available in your environment.
openstack service create --name keystone --description "OpenStack Identity" identity
2.The Identity service manages a catalog of API endpoints associated with the services in your OpenStack environment. Services use this catalog to determine how to communicate with other services in your environment.
openstack endpoint create \ --publicurl http://controller:5000/v2.0 \ --internalurl http://controller:5000/v2.0 \ --adminurl http://controller:35357/v2.0 \ --region RegionOne \ identity
三、To create tenants, users, and roles
1.Create an administrative project, user, and role for administrative operations in your environment:
a.Create the admin
project:
openstack project create --description "Admin Project" admin
b.Create the admin
user:
openstack user create --password-prompt admin
c.Create the admin
role:
openstack role create admin
d.Add the admin
role to the admin
project and user:
openstack role add --project admin --user admin admin
2.This guide uses a service project that contains a unique user for each service that you add to your environment.
a.Create the service
project:
openstack project create --description "Service Project" service
3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the demo
project and user.
a.Create the demo
project:
openstack project create --description "Demo Project" demo
b.Create the demo
user:
openstack user create --password-prompt demo
c.Create the user
role:
openstack role create user
d.Add the user
role to the demo
project and user:
openstack role add --project demo --user demo user