How to Create the Service Tenant and Service Users

[Harish]

Creating the Service Tenant and Service Users

After you install the Identity service, create tenants 
(projects), users and roles for your environment to authenticate 
against. Without users, OpenStack cloud does not have much value 
as they allow access to services and endpoints.
With the service endpoints already created, we can now configure 
them so that our OpenStack services can utilize them. To do this, 
each service is configured with a username and password within a 
special service tenant. Configuring each service to have their 
own username and password allows for greater security, 
troubleshooting and, auditing within our environment. For each 
service that uses an OpenStack Identity service for 
authentication and authorization, we specify these details in 
their relevant configuration file, when setting up that service. 
Each service itself has to authenticate with keystone in order 
for it to be available within OpenStack. The configuration of 
that service is then done using these credentials. For example, 
for ‘glance’ we specify the following in /etc/ 
glance/glance-registry-api.ini, when used with OpenStack Identity 
service, which matches what we have created previously:

[filter:authtoken]
paste.filter_factory =
keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.16.0.200
service_port = 5000
auth_host = 172.16.0.200
auth_port = 35357
auth_protocol = http
auth_uri = https:// 172.16.0.200: 5000/
admin_tenant_name = service
admin_user = glance
admin_password = glance

Getting started
To begin with, ensure you’re logged into our OpenStack Controller 
host— where OpenStack Identity service has been installed— or an 
appropriate Ubuntu client that has access to where OpenStack 
Identity service is installed.
To log on to our OpenStack Controller host that was created using 
Vagrant, issue the following command:

vagrant ssh controller

If the keystone client tool isn’t available, this can be 
installed on an Ubuntu client to manage our OpenStack Identity 
service, by issuing the following command:

sudo apt-get update
sudo apt-get -y install python-keystoneclient

Ensure that we have our environment set correctly to access our 
OpenStack environment:

export ENDPOINT = 1172.16.0.200
export SERVICE_TOKEN = ADMIN
export
SERVICE_ENDPOINT = https:// ${ ENDPOINT}: 35357/ v2.0

How to achieve it…
To configure an appropriate service tenant, carry out the 
following steps:
1) Create the service tenant (these are the organizational units 
in cloud to which you can assign users) as follows:

keystone tenant-create
–name service
–description “Service Tenant”
–enabled true

Read More 
-https://mindmajix.com/openstack/description-for-creating-service-tenant-and-service-users