OpenStack Add Project and Users

Use the openstack CLI to create projects, users, and assign roles via Keystone.

Prerequisites

OpenStack 2024.2 Dalmatian with Keystone operational.
Admin credentials sourced: source admin-openrc.sh.

Step 1: Create a Project

openstack project create \
  --domain default \
  --description "Web application team" \
  --enable \
  webapp-team

Verify creation:

openstack project show webapp-team

Step 2: Create Users

openstack user create \
  --domain default \
  --password SecurePass123 \
  --email alice@example.com \
  --enable \
  alice

openstack user create \
  --domain default \
  --password SecurePass456 \
  --email bob@example.com \
  --enable \
  bob

Step 3: Assign Roles

openstack role add --project webapp-team --user alice admin
openstack role add --project webapp-team --user bob member

Verify assignments:

openstack role assignment list --project webapp-team --names

Step 4: Set Project Quotas

openstack quota set --project webapp-team \
  --instances 20 \
  --cores 40 \
  --ram 81920 \
  --floating-ips 5 \
  --networks 5 \
  --routers 3 \
  --volumes 50 \
  --gigabytes 1000

View current quotas:

openstack quota show webapp-team

Step 5: Create an openrc File for the Project

cat > webapp-openrc.sh <<EOF
export OS_AUTH_URL=http://controller:5000/v3
export OS_PROJECT_NAME=webapp-team
export OS_PROJECT_DOMAIN_NAME=default
export OS_USERNAME=alice
export OS_PASSWORD=SecurePass123
export OS_USER_DOMAIN_NAME=default
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

Test the configuration:

source webapp-openrc.sh
openstack token issue
openstack server list

Managing Projects

List all projects:

openstack project list --long

Disable a project:

openstack project set --disable webapp-team

Re-enable:

openstack project set --enable webapp-team

Troubleshooting

User cannot create VMs: Verify role assignment and check openstack quota show.
Not authorized error: Ensure the user has a role assigned to the target project.
Token issue fails: Verify OS_AUTH_URL, credentials, and systemctl status openstack-keystone.
Quota exceeded: Increase quota via openstack quota set or delete unused resources.

Create a project to organize resources, then add users and assign them roles like admin or member to control access. Set resource limits using quotas and generate credential files so users can log in and manage their specific environment.