3.8. Validate the Identity Service Installation

Procedure 3.12. Validating the Identity Service Installation

1. Set up the shell to access keystone as the adminstrative user:

   # source ~/keystonerc_admin

   Copy to Clipboard Toggle word wrap
2. List the users defined in the system:

   [(keystone_admin)]# openstack user list
   +----------------------------------+-------+
   | ID                               | Name  |
   +----------------------------------+-------+
   | 23c56d02d3bc4b88b034e0b3720fcd1b | admin |
   | 246b1342a8684bf39d7cc5165ef835d4 | USER  |
   +----------------------------------+-------+

   Copy to Clipboard Toggle word wrap
   The list of users defined in the system is displayed. If the list is not displayed, there is an issue with the installation.
   1. If the message returned indicates a permissions or authorization issue, check that the administrative user account, tenant, and role were created properly. Also ensure that the three objects are linked correctly.
   2. If the message returned indicates a connectivity issue (Connection refused), verify that the openstack-keystone service is running and that the firewall service is configured to allow connections on ports 5000 and 35357.
3. Set up the shell to access keystone as the regular Identity service user:

   # source ~/keystonerc_user

   Copy to Clipboard Toggle word wrap
4. Attempt to list the users defined in the system:

   [(keystone_user)]# openstack user list
   You are not authorized to perform the requested action: admin_required (HTTP 403) (Request-ID: req-1cfd3869-ac97-424d-bd00-f835a6ab9be6)

   Copy to Clipboard Toggle word wrap
   An error message is displayed indicating that the user is not an administrator. If the error message is not displayed, but the user list appears instead, then the regular user account was incorrectly attached to the admin role.