Creating and assigning the quota manager role

To create a domain administrator that can manage projects, you need to create the quota manager role and assign it to a domain administrator. Do the following:

  1. Connect to the OpenStack command-line interface as a system administrator to authorize further OpenStack commands (refer to Connecting to OpenStack command-line interface).

    # kolla-ansible post-deploy
    # source /etc/kolla/admin-openrc.sh
  2. Create the quota_manager role:

    # openstack --insecure role create 'quota_manager'
  3. Create a domain and a domain administrator by using the vinfra tool. For example:

    # vinfra domain create test
    +----------------+----------------------------------+
    | Field          | Value                            |
    +----------------+----------------------------------+
    | description    |                                  |
    | enabled        | True                             |
    | id             | b41c5bd8ca1e43f19f9720390c2869d5 |
    | name           | test                             |
    | projects_count | 0                                |
    +----------------+----------------------------------+
    # vinfra domain user create --domain test --domain-permissions domain_admin testuser
    Password:
    +--------------------+----------------------------------+
    | Field              | Value                            |
    +--------------------+----------------------------------+
    | assigned_domains   | []                               |
    | assigned_projects  | []                               |
    | description        |                                  |
    | domain_id          | b41c5bd8ca1e43f19f9720390c2869d5 |
    | domain_permissions | - domain_admin                   |
    | email              |                                  |
    | enabled            | True                             |
    | id                 | 73a8420bf2fc49998704701c6d36c255 |
    | name               | testuser                         |
    | role               | domain_admin                     |
    | system_permissions | []                               |
    | tags               | []                               |
    +--------------------+----------------------------------+
  4. Assign the quota_manager role to the new user:

    # openstack --insecure role add --user-domain test --user testuser \
    --domain test quota_manager
    # openstack --insecure role add --user-domain test --user testuser \
    --domain test quota_manager --inherited
  5. Prepare an environment file for the new user. For example:

    # vi domain-admin.sh
    export OS_PROJECT_DOMAIN_NAME=test
    export OS_USER_DOMAIN_NAME=test
    export OS_DOMAIN_NAME=test
    export OS_USERNAME=testuser
    export OS_PASSWORD=1q2w3e
    export OS_AUTH_URL=https://127.0.0.1:5000/v3
    export OS_IDENTITY_API_VERSION=3
    export OS_AUTH_TYPE=password
    export OS_INSECURE=true
    export PYTHONWARNINGS="ignore:Unverified HTTPS request is being made"
    export NOVACLIENT_INSECURE=true
    export NEUTRONCLIENT_INSECURE=true
    export CINDERCLIENT_INSECURE=true
    export OS_PLACEMENT_API_VERSION=1.22