IBM Cloud Orchestrator, Version 2.5.0.8

Adding roles, users, and projects to Keystone

Create the roles, users, and projects that are required by IBM® Cloud Orchestrator, and add them to OpenStack Keystone.

Before you begin

Ensure that you copied the configure_ico_roles.sh script from the IBM Cloud Orchestrator server, as described in Copying the IBM Cloud Orchestrator scripts to the OpenStack servers.

Review the changes that are made by the script before running it.

About this task

You must run the configure_ico_roles.sh script on an OpenStack server where the Keystone and OpenStack command line is installed and configured. Usually, this server is the master controller server where the Keystone service is running. You must run the script only once.
The script creates the following roles, users, and projects in IBM Cloud Orchestrator:
Roles 
netadmin
sysadmin
domain_admin
catalogeditor
member
Users 
demo
domadmin
Projects demo
The access privileges are granted as follows:
  • The demo user is granted the demo role on the demo project.
  • The domadmin user is granted the domain_admin role on the admin project.
  • The user admin is granted the member role on the admin project.

In this procedure, the example scripts directory on the OpenStack Controller is /opt/ico_scripts. Replace this value with the appropriate value for your installation.

Complete the following steps:

Procedure

  1. Log on to the OpenStack Controller as a root user.
  2. Change directory to the directory where you store the IBM Cloud Orchestrator scripts: 
    cd /opt/ico_scripts
  3. Set the environment to the correct OpenStack values. Most OpenStack distributions provide an RC file containing these values, for example /root/openrc or /root/keystonerc. Run the following command: 
    source /root/openrc
    If an RC file is not provided by your OpenStack distribution, set the values manually, for example:
    export OS_USERNAME=admin
export OS_PASSWORD=openstack1
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.0.2.68:5000/v2.0
export OS_REGION_NAME=kvm-allinone2
export OS_VOLUME_API_VERSION=2
    Values might differ for your OpenStack distribution.
  4. Run the keystone role-list command to check if a Member role exists. If it exists, delete it by running the following command: 
    keystone role-delete Member
  5. Run the script: 
    ./configure_ico_roles.sh
Parent topic: Configuring an OpenStack Kilo distribution