Creating and assigning the quota manager role

To create a domain administrator that can manage projects, you need to create the quota manager role and assign it to a domain administrator. Do the following:

1. Connect to the OpenStack command-line interface as a system administrator to authorize further OpenStack commands (refer to Connecting to OpenStack command-line interface).

   # kolla-ansible post-deploy
   # source /etc/kolla/admin-openrc.sh

2. Create the quota_manager role:

   # openstack --insecure role create 'quota_manager'

3. Create a domain and a domain administrator by using the vinfra tool. For example:

   # vinfra domain create test
   +----------------+----------------------------------+
   | Field          | Value                            |
   +----------------+----------------------------------+
   | description    |                                  |
   | enabled        | True                             |
   | id             | b41c5bd8ca1e43f19f9720390c2869d5 |
   | name           | test                             |
   | projects_count | 0                                |
   +----------------+----------------------------------+
   # vinfra domain user create --domain test --domain-permissions domain_admin testuser
   Password:
   +--------------------+----------------------------------+
   | Field              | Value                            |
   +--------------------+----------------------------------+
   | assigned_domains   | []                               |
   | assigned_projects  | []                               |
   | description        |                                  |
   | domain_id          | b41c5bd8ca1e43f19f9720390c2869d5 |
   | domain_permissions | - domain_admin                   |
   | email              |                                  |
   | enabled            | True                             |
   | id                 | 73a8420bf2fc49998704701c6d36c255 |
   | name               | testuser                         |
   | role               | domain_admin                     |
   | system_permissions | []                               |
   | tags               | []                               |
   +--------------------+----------------------------------+

4. Assign the quota_manager role to the new user:

   # openstack --insecure role add --user-domain test --user testuser \
   --domain test quota_manager
   # openstack --insecure role add --user-domain test --user testuser \
   --domain test quota_manager --inherited

5. Prepare an environment file for the new user. For example:

   # vi domain-admin.sh
   export OS_PROJECT_DOMAIN_NAME=test
   export OS_USER_DOMAIN_NAME=test
   export OS_DOMAIN_NAME=test
   export OS_USERNAME=testuser
   export OS_PASSWORD=1q2w3e
   export OS_AUTH_URL=https://127.0.0.1:5000/v3
   export OS_IDENTITY_API_VERSION=3
   export OS_AUTH_TYPE=password
   export OS_INSECURE=true
   export PYTHONWARNINGS="ignore:Unverified HTTPS request is being made"
   export NOVACLIENT_INSECURE=true
   export NEUTRONCLIENT_INSECURE=true
   export CINDERCLIENT_INSECURE=true
   export OS_PLACEMENT_API_VERSION=1.22