Manage OpenStack Identity (keystone) users, projects, roles, and endpoints.
# Create an admin project
- keystone:
command: "ensure_project"
project_name: "admin"
domain_name: "Default"
description: "Admin project"
# Create a service project
- keystone:
command: "ensure_project"
project_name: "service"
description: "Service project"
# Create an admin user
- keystone:
command: "ensure_user"
user_name: "admin"
project_name: "admin"
password: "secrete"
email: "admin@some-domain.com"
# Create an admin role
- keystone:
command: "ensure_role"
role_name: "admin"
# Create a user
- keystone:
command: "ensure_user"
user_name: "glance"
project_name: "service"
password: "secrete"
domain_name: "Default"
email: "glance@some-domain.com"
# Add a role to a user
- keystone:
command: "ensure_user_role"
user_name: "glance"
project_name: "service"
role_name: "admin"
# Add a project role to a group
- keystone:
command: "ensure_group_role"
group_name: "fedgroup"
project_name: "fedproject"
role_name: "_member_"
# Create a service
- keystone:
command: "ensure_service"
service_name: "glance"
service_type: "image"
description: "Glance Image Service"
# Create an endpoint
- keystone:
command: "ensure_endpoint"
region_name: "RegionOne"
service_name: "glance"
service_type: "image"
endpoint_list:
- url: "http://127.0.0.1:9292"
interface: "public"
- url: "http://127.0.0.1:9292"
interface: "admin"
- url: "http://127.0.0.1:9292"
interface: "internal"
# Get project id
- keystone:
command: "get_project"
project_name: "admin"
# Get user id
- keystone:
command: "get_user"
user_name: "admin"
# Get role id
- keystone:
command: "get_role"
user_name: "admin"
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.