3.9. Create a Regular User Account

Executing the following procedure will result in the creation of a regular user and tenant, and associating that user with Identity's default _member_ role.
The steps listed in this procedure must be performed while logged in to the system hosting the Identity service as a user that has access to a file containing the administration token.

Procedure 3.11. Creating a regular user account

  1. Load identity credentials from the ~/keystonerc_admin file that was generated when the administrative user was created: 
    # source ~/keystonerc_admin
  2. Use the keystone user-create to create a regular user: 
    # keystone user-create --name USER --pass PASSWORD
+----------+-----------------------------------+
| Property |              Value                |
+----------+-----------------------------------+ 
| email    |                                   | 
| enabled  |              True                 |
| id       | b8275d7494dd4c9cb3f69967a11f9765  |
| name     |              USER                 | 
| tenantId |                                   | 
+----------+-----------------------------------+
    Replace USER with the user name that you would like to use for the account. Replace PASSWORD with a secure password for the account.
  3. Use the keystone tenant-create command to create a tenant: 
    # keystone tenant-create --name TENANT   
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
| enabled     |              True                |
| id          | 6f8e3e36c4194b86b9a9b55d4b722af3 |
| name        |             TENANT               |
+-------------+----------------------------------+
    Replace TENANT with the name that you wish to give to the tenant.
  4. Now that the user account and tenant have been created, the relationship between them and the default _member_ role must be explicitly defined using the keystone user-role-add command: 
    # keystone user-role-add --user USER --role _member_ --tenant TENANT
    where:
    • USER is the same user name specified earlier during user creation.
    • TENANT is the same tenant name specified earlier during tenant creation.
  5. To facilitate authentication, create a keystonerc_user file in a secure location (for example, the home directory of the root user).
    Set these environment variables that will be used for authentication: 
    export OS_USERNAME=USER
export OS_TENANT_NAME=TENANT
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://IP:5000/v2.0/               
export PS1='[\u@\h \W(keystone_user)]\$ '
    where:
    • PASSWORD is the same password specified earlier during user creation.
    • IP is the IP address or host name of the Identity server.
A regular user account and tenant have been defined in the Identity server, and associated with the default _member_ role. A keystonerc_user file has also been created for authenticating as the created user.