Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Users for a Customer

    Creating the Service Provider Administrator

    The service provider administrator has the name admin and the role admin. This user has full privileges for all operations and access to all customers.

    This procedure uses the following Identity and Access Manager APIs.

    • Obtain the project identifier:
      http://server-IP-address:5000/v3/projects?name=customer-name
    • Obtain the Identifier of the user admin:
      http://server-IP-address:5000/v3/users?name?admin
    • Obtain the Identifier of a role:
      http://server-IP-address:5000/v3/roles?name?role-name
    • Add a specific user to a specific project with a specific role:
      http://server-IP-address:5000/v3/projects/project-identifier/users/
      user-identifier/roles/role-identifier

    To create an administrator for the service provider:

    1. Issue a REST call to obtain the project identifier from Identity and Access Manager.

      The API returns details about the project, including the identifier of the customer and the identifier of the project.
      For example:

      ubuntu@vm1:~$curl -X GET -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/projects?name=Buddhi
      {
      
          "links": {
              "next": null,
              "previous": null,
              "self": "http://10.102.56.40:5000/v3/projects"
          },
          "projects": [
              {
                  "customer_uuid": "d1a671b0-cb18-4975-be60-03057f1056de",
                  "description": "",
                  "domain_id": "default",
                  "enabled": true,
                  "id": "26be7cb81c8c4c96a0fa97a36a4deaca",
                  "links": {
                      "self": "http://10.102.56.40:5000/v3/projects/26be7cb81c8c4c96a0fa97a36a4deaca"
                  },
                  "name": "Buddhi",
                  "tenant_type": "c431d788-9ccf-4001-90f2-cff29dfc399e"
              }
      
    2. Issue a REST call to obtain the identifier for the user admin from Identity and Access Manager.

      The API returns details about the user admin, including its identifier.
      For example:

      ubuntu@vm1:~$curl -X GET -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/users?name=admin
      {
          "links": {
              "next": null,
              "previous": null,
              "self": "http://10.102.56.40:5000/v3/users"
          },
          "users": [
              {
                  "default_project_id": "5bea17d434184502ae7b304cca372ba0",
                  "domain_id": "default",
                  "email": "test@orgname.com",
                  "enabled": true,
                  "id": "51da7bb3661c4f5097bfdd7b4314a686",
                  "links": {
                      "self": "http://10.102.56.40:5000/v3/users/51da7bb3661c4f5097bfdd7b4314a686"
                  },
                  "name": "admin"
              }
          ]
      }
      
    3. Issue a REST call to obtain the identifier for the role admin from Identity and Access Manager.

      The API returns details about the role admin, including its identifier.
      For example:

      ubuntu@vm1:~$curl -X GET -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/roles?name=admin
      {
          "links": {
              "next": null,
              "previous": null,
              "self": "http://10.102.56.40:5000/v3/roles"
          },
          "roles": [
              {
                  "id": "2ecbf038fbb1483b89e82a5d18f3b52d",
                  "links": {
                      "self": "http://10.102.56.40:5000/v3/roles/2ecbf038fbb1483b89e82a5d18f3b52d"
                  },
                  "name": "admin"
              }
          ]
      }
      
    4. Issue a REST call to obtain the identifier for the role member from Identity and Access Manager.

      The API returns details about the role, including its identifier.
      For example:

      ubuntu@vm1:~$curl -X GET -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/
      v3/roles?name=_member_
      {
          "links": {
              "next": null,
              "previous": null,
              "self": "http://10.102.56.40:5000/v3/roles"
          },
          "roles": [
              {
                  "description": "Default role for project membership",
                  "enabled": "True",
                  "id": "9fe2ff9ee4384b1894a90878d3e92bab",
                  "links": {
                      "self": "http://10.102.56.40:5000/v3/roles/9fe2ff9ee4384b1894a90878d3e92bab"
                  },
                  "name": "_member_"
              }
          ]
      }
      
    5. Issue a REST call to add the user admin to the project Buddhi with the role admin.
      For example:
      curl -X PUT -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/projects/
      26be7cb81c8c4c96a0fa97a36a4deaca/users/51da7bb3661c4f5097bfdd7b4314a686/
      roles/2ecbf038fbb1483b89e82a5d18f3b52d

    Creating a Customer Administrator

    You configure an administrator for each customer that accesses network services through the service provider’s centralized cloud.

    This procedure uses the following Identity and Access Manager APIs:

    • Create a customer administrator: http://server-IP-address:5000/v3/users
    • Add the customer administrator to the customer project with the role admin:
      http://server-IP-address:5000/v3/projects/project-identifier/users/user-identifier/roles/role-identifier

    Table 1 shows the fields that you must specify for this procedure.

    Table 1: Required Fields for Creating a Customer Administrator

    Field

    Description

    Example

    default_project_id

    Project identifier in OpenStack, which is the same as the customer identifier in CSAS.

    26be7cb81c8c4c96a0fa97a36a4deaca

    tenantId

    Identifier of the customer in CSAS, which is the same as the project identifier in OpenStack.

    26be7cb81c8c4c96a0fa97a36a4deaca

    description

    Description of the customer administrator

    Administrator for customer Buddhi

    email

    E-mail address for the customer administrator

    admin@buddhi.org

    name

    Name of the customer administrator

    buddhi-admin

    password

    Password for the customer administrator

    contrail123

    To create a customer administrator:

    1. Create an input file.
      For example:
      ubuntu@vm1:~$cat cust_adm.json
      {
         "user":{
            "default_project_id": "26be7cb81c8c4c96a0fa97a36a4deaca",
            "tenantId": "26be7cb81c8c4c96a0fa97a36a4deaca",
            "description": "Admin for Buddhi",
            "email":"admin@buddhi.org",
            "enabled":true,
            "name":"buddhi-admin",
            "password":"contrail123"
         }
      }
      
    2. Issue a REST call to create the user.

      The API returns details for the user, including the identifier.
      For example:

      ubuntu@vm1:~$ curl -X POST -D headers -H "content-type:application/json" -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/users -d@cust_adm.json
      {
          "user": {
              "default_project_id": "26be7cb81c8c4c96a0fa97a36a4deaca",
              "description": "Admin for Buddhi",
              "domain_id": "default",
              "email": "admin@buddhi.org",
              "enabled": true,
              "id": "402897977e3848dc879aab4f766e71cf",
              "links": {
                  "self": "http://10.102.56.40:5000/v3/users/402897977e3848dc879aab4f766e71cf"
              },
              "name": "buddhi-admin",
              "tenantId": "26be7cb81c8c4c96a0fa97a36a4deaca"
          }
      }
      
    3. Issue a REST call to add the customer administrator to the project Buddhi with the role admin.
      For example:
      ubuntu@vm1:~$ curl -X PUT -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/
      v3/projects/26be7cb81c8c4c96a0fa97a36a4deaca/users/402897977e3848dc879aab4f766e71cf/
      roles/2ecbf038fbb1483b89e82a5d18f3b52d

    Adding a User for the Customer

    This procedure uses the following Identity and Access Manager APIs:

    • Create a customer user: http://server-IP-address:5000/v3/users
    • Add the customer user to the customer project with the role _member_:
      http://server-IP-address:5000/v3/projects/project-identifier/users/user-identifier/roles/role-identifier

    Table 2 shows the fields that you must specify for this procedure.

    Table 2: Required Fields for Creating a User for a Customer

    Field

    Description

    Example

    default_project_id

    Project identifier in OpenStack, which is the same as the customer identifier in CSAS.

    26be7cb81c8c4c96a0fa97a36a4deaca

    tenantId

    Identifier of the customer in CSAS, which is the same as the project identifier in OpenStack.

    26be7cb81c8c4c96a0fa97a36a4deaca

    description

    Description of the user

    User for customer Buddhi

    email

    E-mail address for the user

    user@buddhi.org

    name

    Name of the user

    buddhi-user

    password

    Password for the user

    contrail123

    To create a user for a customer:

    1. Create an input file.
      For example:
      ubuntu@vm1:~$cat cust_usr.json
      {
         "user":{
            "default_project_id": "26be7cb81c8c4c96a0fa97a36a4deaca",
            "tenantId": "26be7cb81c8c4c96a0fa97a36a4deaca",
            "description": "User for Buddhi",
            "email":"user@buddhi.org",
            "enabled":true,
            "name":"buddhi-user",
            "password":"contrail123"
         }
      }
      
    2. Issue a REST call to create the user.

      The API returns details for the user, including the identifier.
      For example:

      ubuntu@vm1:~$ curl -X POST -D headers -H "content-type:application/json" -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/users -d@cust_usr.json
      {
          "user": {
              "default_project_id": "26be7cb81c8c4c96a0fa97a36a4deaca",
              "description": "User for Buddhi",
              "domain_id": "default",
              "email": "user@buddhi.org",
              "enabled": true,
              "id": "5ff2359b07e340f8b110a82c728481b3",
              "links": {
                  "self": "http://10.102.56.40:5000/v3/users/5ff2359b07e340f8b110a82c728481b3"
              },
              "name": "buddhi-user",
              "tenantId": "26be7cb81c8c4c96a0fa97a36a4deaca"
          }
      }
      
      
    3. Add the user to the project with the role _member_.
      For example:
      ubuntu@vm1:~$ curl -X PUT -H "x-auth-token:$OS_TOKEN" http://10.102.56.40:5000/v3/projects/
      26be7cb81c8c4c96a0fa97a36a4deaca/users/5ff2359b07e340f8b110a82c728481b3/
      roles/9fe2ff9ee4384b1894a90878d3e92bab

    Verifying the Users in Contrail OpenStack

    Purpose

    Verify that the users you configured in the Contrail Service Orchestration APIs appear as project members in Contrail OpenStack.

    Action

    Follow the instructions in the OpenStack documentation to view the list of project members for a project in the OpenStack GUI.

    The service provider administrator, the customer administrator, and the user that you configured appear as members for the project that you configured.

    Modified: 2016-02-10