3.5. Create an Administrator Account


The following procedure creates an administrative user and an associated tenant and role.
All steps in this procedure must be performed on the system hosting the Identity service, while logged in as a user who has access to a file containing the administration token.

Procedure 3.9. Creating an Administrator Account

  1. Set the OS_SERVICE_TOKEN environment variable to the value of the administration token. This is done by reading the token file created when setting the administration token:
    # export OS_SERVICE_TOKEN=`cat ~/ks_admin_token`
  2. Set the OS_SERVICE_ENDPOINT environment variable to point to the server hosting the Identity service:
    # export OS_SERVICE_ENDPOINT="http://IP:35357/v2.0"
    Replace IP with the IP address or host name of your Identity server.
  3. Create an admin user:
    # keystone user-create --name admin --pass PASSWORD
    +----------+-----------------------------------+
    | Property |              Value                |
    +----------+-----------------------------------+ 
    | email    |                                   | 
    | enabled  |              True                 |
    | id       | 94d659c3c9534095aba5f8475c87091a  |
    | name     |              admin                | 
    | tenantId |                                   | 
    +----------+-----------------------------------+
    Replace PASSWORD with a secure password for the account.
  4. Create an admin role:
    # keystone role-create --name admin     
    +----------+----------------------------------+
    | Property |              Value               |
    +----------+----------------------------------+
    | id       | 78035c5d3cd94e62812d6d37551ecd6a |
    | name     |              admin               |
    +----------+----------------------------------+
  5. Create an admin tenant:
    # keystone tenant-create --name admin   
    +-------------+----------------------------------+
    |   Property  |              Value               |
    +-------------+----------------------------------+
    | description |                                  |
    | enabled     |              True                |
    | id          | 6f8e3e36c4194b86b9a9b55d4b722af3 |
    | name        |              admin               |
    +-------------+----------------------------------+
  6. Link the admin user and the admin role together in the context of the admin tenant:
    # keystone user-role-add --user admin --role admin --tenant admin
  7. The newly-created admin account will be used for future management of the Identity service. To facilitate authentication, create a keystonerc_admin file in a secure location such as the home directory of the root user.
    Add these lines to the file to set the environment variables that will be used for authentication:
    unset OS_SERVICE_TOKEN
    unset OS_SERVICE_ENDPOINT
    export OS_USERNAME=admin
    export OS_TENANT_NAME=admin
    export OS_PASSWORD=PASSWORD
    export OS_AUTH_URL=http://IP:35357/v2.0/               
    export PS1='[\u@\h \W(keystone_admin)]\$ '
    Replace PASSWORD with the password of the admin user, and replace IP with the IP address or host name of the Identity server.
  8. Load the environment variables used for authentication:
    # source ~/keystonerc_admin
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.