3.8. Create an Administrator Account

Executing the following procedure will result in the creation of an administrative user as well as an associated tenant and role.
The steps listed in this procedure must be performed while logged in to the system hosting the Identity service as a user who has access to a file containing the administration token.

Procedure 3.10. Creating an Administrator account

  1. Set the SERVICE_TOKEN environment variable to the value of the administration token. This is done by reading the token file created when setting the administration token: 
    # export SERVICE_TOKEN=`cat ~/ks_admin_token`
  2. Set the SERVICE_ENDPOINT environment variable to point to the server hosting the Identity service: 
    # export SERVICE_ENDPOINT="http://IP:35357/v2.0"
    Replace IP with the IP address or host name of your Identity server.
  3. Use the keystone user-create command to create an admin user: 
    # keystone user-create --name admin --pass PASSWORD
+----------+-----------------------------------+
| Property |              Value                |
+----------+-----------------------------------+ 
| email    |                                   | 
| enabled  |              True                 |
| id       | 94d659c3c9534095aba5f8475c87091a  |
| name     |              admin                | 
| tenantId |                                   | 
+----------+-----------------------------------+
    Replace PASSWORD with a secure password for the account.
  4. Use the keystone role-create command to create an admin role: 
    # keystone role-create --name admin     
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| id       | 78035c5d3cd94e62812d6d37551ecd6a |
| name     |              admin               |
+----------+----------------------------------+
  5. Use the keystone tenant-create command to create an admin tenant: 
    # keystone tenant-create --name admin   
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
| enabled     |              True                |
| id          | 6f8e3e36c4194b86b9a9b55d4b722af3 |
| name        |              admin               |
+-------------+----------------------------------+
  6. Now that the user account, role, and tenant have been created, the relationship between them must be explicitly defined using the keystone user-role-add command: 
    # keystone user-role-add --user admin --role admin --tenant admin
  7. The newly created admin account will be used for future management of the Identity service. To facilitate authentication, create a keystonerc_admin file in a secure location such as the home directory of the root user.
    Add these lines to the file to set the environment variables that will be used for authentication: 
    export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://IP:35357/v2.0/               
export PS1='[\u@\h \W(keystone_admin)]\$ '
    Replace PASSWORD with the password of the admin user and replace IP with the IP address or host name of the Identity server.
  8. Run the source command on the file to load the environment variables used for authentication: 
    # source ~/keystonerc_admin
An administration user account, role, and tenant have been defined in the Identity server. The keystonerc_admin file has also been created for authenticating as the admin user.