I have installed Swift and Keystone. Now I want to create several users
with different permissions:
reader - can read from the next containers: "video", "audio", "subtitles",
media_manager - can do anything in the next containers: "video", "audio",
crypt_manager - can not do anything in Swift but can get tokens directly
from keystone (it is for other usage).
There are a lot of things in keystone (user, role, project, service,
endpoint, region-id, admin-url, public-url, internal-url) and it is little
bit confusing. Can somebody explain me how to configure such users with
I haven't bootstrap the keystone, so I haven't the admin role yet. I am
worried about security with an administrator user. Do we need to define it?
I have read examples which says that firstly you have to bootstrap your
keystone and it will create the admin user with the admin role:
keystone-manage bootstrap --bootstrap-password s3cr3t
Also the full command for define all things is:
keystone-manage bootstrap \
--bootstrap-password s3cr3t \
--bootstrap-username admin \
--bootstrap-project-name admin \
--bootstrap-role-name admin \
--bootstrap-service-name keystone \
--bootstrap-region-id RegionOne \
--bootstrap-admin-url http://localhost:35357 \
--bootstrap-public-url http://localhost:5000 \
What is "role"? It is little bit confusing because it has name "admin".
Which roles we can use except admin? What permissions they can give to the
Also we can create additional roles:
keystone role-create --name my_new_role
But what this role mean? How to set some permissions on this role (i.e. if
I want to set readonly permission for all in swift but write only for some
What we should specify in a region-id?
What we should specify in admin,public,internal url? What they mean?
Sorry for a lot of questions
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : firstname.lastname@example.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack