Red Hat Bugzilla – Bug 983412
create tenant before the user
Last modified: 2016-04-26 12:49:39 EDT
Title: Creating an Administrator Account
Describe the issue:
When I create a user ,it doesn't have tenant id.
The command "user-role-add" have no use.
Suggestions for improvement:
1- create tenant;
2- create user with tenant id.
(In reply to liziyan from comment #0)
> Title: Creating an Administrator Account
> Describe the issue:
> When I create a user ,it doesn't have tenant id.
> The command "user-role-add" have no use.
> Suggestions for improvement:
> 1- create tenant;
> 2- create user with tenant id.
> Additional information:
Can you please provide some more information? Looking at the "Creating an Administrator Account" section ( https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Creating_Roles1.html ) tenant creation occurs in step 5, the user is created in step 6.
Yes,I follow the steps as this section says,but the step 6 can't give user the tenant_id.
what I did:
1- keystone user-create --name admin --pass admin
2- keystone role-create --name admin
3- keystone tenant-create --name admin
4- keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID
(userid\roleid\tenantid get from step 1-3)
Now in my database(MySQL)
mysql>select * from user;
Then I can't login dashboard,so I think we can create tenant first.
1- keystone tenant-create --name admin
2- keystone user-create --tenant-id TENANTID --name admin --pass admin
To me if this command fails:
keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID
Then I think that is an issue with Keystone or the client, not something we should be trying to work around in the documentation. Moving to the python-keystoneclient component for further analysis.
This bug is invalid as reported.
user-role-add must be executed by an administrator. It should give the user a role on a project. This has nothing to do with the origianal creation of the user: it would be an additional role.
When you create a user, you can specify the default tenant/project ID for the user, but it has to be a pre-existing project.
If you desire any functionality above what is listed above, please open it as a upstream bug as a wishlist item, and link to the remote report from here.