Create the user role:

openstack role create user Add the user role to the demo project and user:

openstack role add --project demo --user demo user

Verify operation

1.For security reasons, disable the temporary authentication token mechanism:

Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api],[pipeline:admin_api], and [pipeline:api_v3] sections. 2.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable:

unset OS_AUTH_URL OS_PASSWORD 3.As the admin user, request an authentication token:

$openstack --os-auth-url http://controller:35357/v3 \\ --os-project-domain-name default --os-user-domain-name default \\ --os-project-name admin --os-username admin token issue

Creating the scripts

1.Edit the admin-openrc file and add the following content:

exportOS_PROJECT_DOMAIN_NAME=default exportOS_USER_DOMAIN_NAME=default exportOS_PROJECT_NAME=admin exportOS_USERNAME=admin exportOS_PASSWORD=ADMIN_PASS exportOS_AUTH_URL=http://controller:35357/v3 exportOS_IDENTITY_API_VERSION=3 exportOS_IMAGE_API_VERSION=2 执行

[root@controller ~]# . admin-openrc [root@controller~]#openstack --os-project-domain-name

--os-auth-url default

http://controller:35357/v3

default

--os-user-domain-name

--os-project-name admin --os-username admin token issue

Using the scripts

1.Load the admin-openrc file to populate environment variables with the location of the

Identity service and the adminproject and user credentials:

$ . admin-openrc 2.Request an authentication token:

openstack token issue Image service

1.To create the database, complete these steps:

Use the database access client to connect to the database server as the root user:

mysql -u root -p Create the glance database:

mysql> CREATE DATABASE glance; Grant proper access to the glance database:

mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS';

3. To create the service credentials, complete these steps: $openstack user create --domain default --password-prompt glance Add the admin role to the glance user and service project:

openstack role add --project service --user glance admin Create the glance service entity:

openstack service create --name glance \\ --description \ Create the Image service API endpoints:

openstack endpoint create --region RegionOne\\ image public http://controller:9292