A role is nothing but a personality that a user assumes while performing a specific set of operations. A role includes a set of rights and privileges. A user assumes that role inherits those rights and privileges in it. One can create, edit and delete a OpenStack role.
If you would like to build your career with an OpenStack certified professional, then visit Mindmajix - A Global online training platform:“OpenStack Online Training”Course. This course will help you to achieve excellence in this domain.
Roles are the permissions given to the users within a tenant, Openstack uses Role based access control (RBAC). Here we will configure two roles, an admin role that allows for administration of our environment and a Member role that is given to ordinary users who will be using the cloud environment.
In a default OpenStack setup, the two roles are created:
Getting started
To begin with, ensure that you’re logged into our OpenStack Controller host— where OpenStack Identity service has been installed— or an appropriate Ubuntu client that has access to where OpenStack Identity service is installed.
Frequently Asked OpenStack Interview Questions & Answers
To log on to our OpenStack Controller host that was created using Vagrant, issue the following command:
vagrant ssh controller
If the keystone client tool isn’t available, this can be installed on any Ubuntu client that has access to manage our OpenStack Identity service by issuing the following commands:
sudo apt-get update
sudo apt-get -y install python-keystoneclient
To configure the OpenStack Identity service, we use super-user privileges in the form of a permanently set admin token set in the /etc/ keystone/ keystone.conf file, along with setting the correct environment variables for this purpose as shown:
export ENDPOINT = 172.16.0.200
export SERVICE_TOKEN = ADMIN
export
SERVICE_ENDPOINT = https:// $ { ENDPOINT}: 35357/v2.0
How to achieve it:
To create the required roles in our OpenStack environment, perform the following steps:
1. Create of the admin role is as follows:
# admin role
keystone role-create –name admin
When successful, it results in an output as:
2. To create the Member role we repeat the step, specifying the Member role:
#Member role
keystone role-create –name Member
How it works
Creation of the roles is simply achieved by using the keystone client, specifying the role-create option with the following syntax:
keystone role-create –name role_name
The role_name attributes can’t be arbitrary. The admin role has been set in /etc/ keystone/ policy.json has its own administrative rights. Any roles that you create must map to roles specified in the policy.json file in the configuration file directory of each OpenStack service. The default policy for most services grants administrative access to the admin role.
{
“admin_required”: [[” role:admin”],
[” is_admin: 1″]]
}
And when we configure the OpenStack Dashboard, Horizon, it has the Member role configured as default when users are created in that interface.
On creation of the role, this returns an ID associated with it that we use when assigning roles to users. To see a list of roles and the associated IDs in our environment, we can issue the following command:
keystone role-list
Name | Dates | |
---|---|---|
OpenStack Training | Nov 02 to Nov 17 | View Details |
OpenStack Training | Nov 05 to Nov 20 | View Details |
OpenStack Training | Nov 09 to Nov 24 | View Details |
OpenStack Training | Nov 12 to Nov 27 | View Details |
Ravindra Savaram is a Technical Lead at Mindmajix.com. His passion lies in writing articles on the most popular IT platforms including Machine learning, DevOps, Data Science, Artificial Intelligence, RPA, Deep Learning, and so on. You can stay up to date on all these technologies by following him on LinkedIn and Twitter.