Ask Your Question
0

Why don't we have nova subcommands for user and project creation.

asked 2012-03-20 04:49:42 -0600

Why don't we have nova subcommands for user and project creation. Right now, nova-manage is used with 'user create' and 'project create' subcommands. The problem is: a. nova-manage doesn't accept tokens, probably because its meant only for the server side, not client side. Please correct me if wrong. a. As a tenant admin I should be able to create users using my token-id and nova cli. Its possible with keystone but how about without it.

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted
0

answered 2012-03-20 15:28:36 -0600

Thanks, John

edit flag offensive delete link more
0

answered 2012-03-20 11:47:38 -0600

johngarbutt gravatar image

Are these not now operations you should do using the keystone API (and keystone-manage)?

I think you only use nova-manage when you use the "legacy" non-keystone auth system, so no real point in implementing nova-api calls for all that stuff.

edit flag offensive delete link more
0

answered 2012-03-20 11:56:24 -0600

johngarbutt gravatar image

Also, if you use horizon, that will let you do most of the user managmenet you will need. I assume those operations are backed by keystone.

Not sure I read your question correctly the first time. Why do you need a way to do the opearations that don't involve keystone?

edit flag offensive delete link more
0

answered 2012-03-20 12:39:42 -0600

Yes, Horizon is backed by Keystone. There are two workflows people follow: a. Get token from Keystone, Send the command to Keystone with the token, Keystone verifies and send it to the appropriate service. b. Get token from Keystone, Get the catalog of endpoints, Use nova/swift/quantum cli with token, The service in turn verifies the token with the auth system, and execute the cmd

Its the second workflow that won't be fulfilled in this case. Its probably because, user and tenants (projects) creation is now supposed to be only using Keystone.

edit flag offensive delete link more
0

answered 2012-03-20 14:22:30 -0600

johngarbutt gravatar image

Yes, user and tenants should only be crated using Keystone. At least that is my understanding.

Only use the old method when you are using the legacy system (not tried using that one myself, can't remember what state it is in).

I think http://docs.openstack.org describes that correctly now, as far as I could tell. Worth a check though.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-03-20 04:49:42 -0600

Seen: 23 times

Last updated: Mar 20 '12