openstack team mailing list archive

Thread
Date

Re: confuse about keystone rule

To: WilliamHerryChina@xxxxxxxxx
From: Luis Gervaso <luis@xxxxxxxxx>
Date: Mon, 21 May 2012 04:00:59 +0200
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAO1cLnyRmeLjLaOEa7qBEKLMk9MiWG3JwpLP8kbYZxy3nLtYUA@mail.gmail.com>
Sender: luis.gervaso@xxxxxxxxx

Hi,

You can name them as you want.

You have to match the users in the *-paste.ini files for each service you
want to integrate with keystone for the authentication.

Each service has a policy.json where you configure the authorization stuff.

For example in devstack nova, glance, swift users belongs to the "service"
pseudo-tenant for integration with keystone

Regards

On Mon, May 21, 2012 at 3:19 AM, William Herry <
william.herry.china@xxxxxxxxx> wrote:

> Hi,
> I am a little confuse about keystone roles, there are several role like
> admin, Member, KeystoneAdmin, KeystoneServiceAdmin, sysadmin, netadmin, I
> want to know does those name have special means, or just a name and I can
> name my role with any name I like, if they have special means, why should I
> create them manually?
>
> can some one explain to me or give me some links?
>
> Thanks
>
> --
>
> ===========================
> William Herry
>
> WilliamHerryChina@xxxxxxxxx
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
-------------------------------------------
Luis Alberto Gervaso Martin
Woorea Solutions, S.L
CEO & CTO
mobile: (+34) 627983344
luis@ <luis.gervaso@xxxxxxxxx>woorea.es

References

confuse about keystone rule
From: William Herry, 2012-05-21