Before you begin, ensure that the OpenStack Compute and Image services are installed and connect all databases prior to configuring the Identity Service endpoints. Create tenants first. Here is an example set. ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME) DEMO_TENANT=$(get_id keystone tenant-create --name=demo) INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin) Next, create users. ADMIN_USER=$(get_id keystone user-create --name=admin \ --pass="$ADMIN_PASSWORD" \ --email=admin@example.com) DEMO_USER=$(get_id keystone user-create --name=demo \ --pass="$ADMIN_PASSWORD" \ --email=demo@example.com) Here are some roles to create. ADMIN_ROLE=$(get_id keystone role-create --name=admin) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin) NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin) Add Roles to Users in Tenants keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT Also, the Member role is used by Horizon and Swift so we need to continue creating it: MEMBER_ROLE=$(get_id keystone role-create --name=Member) keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT

Now that all your starter tenants, users, and roles have been created, let's move on to endpoints. First add all the services you want to have the Identity service connected with. Here's an example using all the available services in this example. keystone service-create --name=keystone \ --type=identity \ --description="Keystone Identity Service" keystone service-create --name=nova \ --type=compute \ --description="Nova Compute Service" NOVA_USER=$(get_id keystone user-create --name=nova \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ --email=nova@example.com) keystone user-role-add --tenant_id $SERVICE_TENANT \ --user $NOVA_USER \ --role $ADMIN_ROLE keystone service-create --name=ec2 \ --type=ec2 \ --description="EC2 Compatibility Layer" keystone service-create --name=glance \ --type=image \ --description="Glance Image Service" GLANCE_USER=$(get_id keystone user-create --name=glance \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ --email=glance@example.com) keystone user-role-add --tenant_id $SERVICE_TENANT \ --user $GLANCE_USER \ --role $ADMIN_ROLE The Identity Service, Keystone, is now configured and ready to accept requests.