regarding custom role creation

Abhishek Kekane akekane at redhat.com
Fri Apr 29 13:35:41 UTC 2022 

Hi Adivya,

You can follow below steps;

I am assuming you are using devstack based setup;

1. Source openrc file from devstack repo on your local machine.

2. Create new project with below command;
openstack project create --description 'project-x' project-x --domain
default

3. Create new users with below command;
openstack user create admin --password admin
openstack user create normal-user --password normal-user

4. Assign respective roles to user-project pair with above created users:
openstack role add --user normal-user --project project-x member
openstack role add --user admin --project project-x admin

5. Create admin-rc, member-rc files with below contents;
(Note: Don't forget to change password, username, OS_PROJECT_NAME and
OS_AUTH_URL)

# member-rc file
# Clear any old environment that may conflict.
for key in $( set | awk -F= '/^OS_/ {print $1}' ); do unset "${key}" ; done

export OS_AUTH_TYPE=password
export OS_PASSWORD=normal-user
export OS_AUTH_URL=http://xx.yy.zz.aa/identity
export OS_USERNAME=normal-user
export OS_PROJECT_NAME=project-x
export COMPUTE_API_VERSION=1.1
export NOVA_VERSION=1.1
export OS_NO_CACHE=True
export OS_CLOUDNAME=project-x
export OS_IDENTITY_API_VERSION='3'
export OS_PROJECT_DOMAIN_NAME='Default'
export OS_USER_DOMAIN_NAME='Default'
export OS_CACERT="/etc/pki/ca-trust/source/anchors/cm-local-ca.pem"
# Add OS_CLOUDNAME to PS1
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
    export PS1=${PS1:-""}
    export PS1=\${OS_CLOUDNAME:+"(\$OS_CLOUDNAME)"}\ $PS1
    export CLOUDPROMPT_ENABLED=1
fi
~

6. Similar to above you can create admn-rc file for admin user

7. source respective rc files and run glance/nova/or any other commands;

If you want to add a new role to an existing project then ignore step 2 and
follow from step 3.

Thanks & Best Regards,

Abhishek Kekane


On Fri, Apr 29, 2022 at 6:51 PM Adivya Singh <adivya1.singh at gmail.com>
wrote:

> Hi Team,
>
> i want to create a custom role in openstack,  with privilege being
>
> 1> to allow them to make image public
> 2> to modify/change the flavor
>
> how can i do this, I have openstack installed with XENA
>
> regards
> Adivya Singh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220429/337661c5/attachment.htm>

More information about the openstack-discuss mailing list