I have installed Swift and Keystone. Now I want to create several users
with different permissions:

reader - can read from the next containers: "video", "audio", "subtitles",
media_manager - can do anything in the next containers: "video", "audio",
"subtitles", "photos"
crypt_manager - can not do anything in Swift but can get tokens directly
from keystone (it is for other usage).

There are a lot of things in keystone (user, role, project, service,
endpoint, region-id, admin-url, public-url, internal-url) and it is little
bit confusing. Can somebody explain me how to configure such users with
those roles?

I haven't bootstrap the keystone, so I haven't the admin role yet. I am
worried about security with an administrator user. Do we need to define it?
I have read examples which says that firstly you have to bootstrap your
keystone and it will create the admin user with the admin role:

keystone-manage bootstrap --bootstrap-password s3cr3t

Also the full command for define all things is:

keystone-manage bootstrap \
    --bootstrap-password s3cr3t \
    --bootstrap-username admin \
    --bootstrap-project-name admin \
    --bootstrap-role-name admin \
    --bootstrap-service-name keystone \
    --bootstrap-region-id RegionOne \
    --bootstrap-admin-url http://localhost:35357 \
    --bootstrap-public-url http://localhost:5000 \
    --bootstrap-internal-url http://localhost:5000

What is "role"? It is little bit confusing because it has name "admin".
Which roles we can use except admin? What permissions they can give to the
Also we can create additional roles:
keystone role-create --name my_new_role

But what this role mean? How to set some permissions on this role (i.e. if
I want to set readonly permission for all in swift but write only for some

What we should specify in a region-id?

What we should specify in admin,public,internal url? What they mean?

Sorry for a lot of questions

Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to