Creating and assigning the quota manager role
To create a domain administrator that can manage projects, you need to create the quota manager role and assign it to a domain administrator. Do the following:
-
Connect to the OpenStack command-line interface as a system administrator to authorize further OpenStack commands (refer to Connecting to OpenStack command-line interface).
# kolla-ansible post-deploy
# source /etc/kolla/admin-openrc.sh -
Create the
quota_manager
role:# openstack --insecure role create 'quota_manager'
-
Create a domain and a domain administrator by using the
vinfra
tool. For example:# vinfra domain create test +----------------+----------------------------------+ | Field | Value | +----------------+----------------------------------+ | description | | | enabled | True | | id | b41c5bd8ca1e43f19f9720390c2869d5 | | name | test | | projects_count | 0 | +----------------+----------------------------------+ # vinfra domain user create --domain test --domain-permissions domain_admin testuser Password: +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | assigned_domains | [] | | assigned_projects | [] | | description | | | domain_id | b41c5bd8ca1e43f19f9720390c2869d5 | | domain_permissions | - domain_admin | | email | | | enabled | True | | id | 73a8420bf2fc49998704701c6d36c255 | | name | testuser | | role | domain_admin | | system_permissions | [] | | tags | [] | +--------------------+----------------------------------+
-
Assign the
quota_manager
role to the new user:# openstack --insecure role add --user-domain test --user testuser \ --domain test quota_manager # openstack --insecure role add --user-domain test --user testuser \ --domain test quota_manager --inherited
-
Prepare an environment file for the new user. For example:
# vi domain-admin.sh export OS_PROJECT_DOMAIN_NAME=test export OS_USER_DOMAIN_NAME=test export OS_DOMAIN_NAME=test export OS_USERNAME=testuser export OS_PASSWORD=1q2w3e export OS_AUTH_URL=https://127.0.0.1:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_AUTH_TYPE=password export OS_INSECURE=true export PYTHONWARNINGS="ignore:Unverified HTTPS request is being made" export NOVACLIENT_INSECURE=true export NEUTRONCLIENT_INSECURE=true export CINDERCLIENT_INSECURE=true export OS_PLACEMENT_API_VERSION=1.22