Custom Search

Wednesday, May 21, 2014

OpenStack Horizon Enable Identity Dashboard for non admin user

http://docs.openstack.org/developer/keystone/architecture.html#approach-to-authorization-policy

http://docs.openstack.org/developer/keystone/configuration.html#keystone-api-protection-with-role-based-access-control-rbac <===

http://www.mirantis.com/blog/manage-openstack-projects-using-domains-havana/ <===

1)
* List all Roles

#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list

2)
* Create a new role named "test-role1"

#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name test-role1

* The name of the role can't be arbitrary/random. The "test-role1" role has been set in /etc/keystone/policy.json.
http://my.safaribooksonline.com/book/operating-systems-and-server-administration/virtualization/9781849517324/3dot-keystone-openstack-identity-service/id286763411

3)
* List all Roles

#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list

4)
vim /etc/keystone/policy.json







5)
At the moment the Identity panel is only available for users with the admin role, once https://blueprints.launchpad.net/horizon/+spec/separate-identity-dash is implemented in Juno it will be possible to allow more finer grained permissions






No comments:

Post a Comment