6. Services¶
In this area you manage the services of your clients, such as OpenStack projects.
6.1. OpenStack Service¶
6.1.1. Create OpenStack Project¶
To create an OpenStack Project for a client, please proceed as follows:
- To do this, navigate to the area of the client (1) for which you want to create an OpenStack project and then click OpenStack >> Manage projects in the navigation bar on the left.
- Now please click on the action button Create project (2), enter a name and description and click on Create.
The OpenStack Project has now been created and appears in the list. Now grant permission to the desired users for this project.
6.1.2. Manage OpenStack Client Project User permission¶
In order for a user to be granted authorization for an OpenStack project, you must first grant it. This is also a prerequisite for a user to log on to the OpenStack Management Portal (Horizon).
- To do this, navigate to the area of the client (1) for which you want to authorize users on an OpenStack project and then click OpenStack >> Manage projects (2) in the navigation on the left.
- Now click on the right side of the line of the desired OpenStack project on the action button Manage users (3)
- All users who could be authorized for this OpenStack project are now listed
- Now please click on the action button Edit roles (1) on the right side of the line of the desired User
- Now select the desired user authorizations for this OpenStack project (e.g. _member_ and creator) and confirm with the create button. Legend for the roles (see Legend OpenStack Project roles).
6.1.3. Manage OpenStack Cross-Project Enterprise Partner Users permission¶
Um Enterprise Partner-Usern Zugriff auf ein OpenStack Projects eines managed Client zu erlauben gehen Sie bitte wie folgt vor. Ebenfalls ist es hier möglich einem User von einem Client Zugriff auf ein OpenStack Project eines anderen Client zu erteilen (Cross-Project-User assignment).
- Stellen Sie sicher, dass Sie sich im Bereich des Enterprise Partner befinden (1) und klicken dann links in der Navigation OpenStack >> Manage projects (2).
- Now click on the right side of the line of the desired OpenStack project for which you want to grant permissions on the action button Manage users (3).
Note
Use the filter function to filter for the desired data
- All users which you could authorize for this OpenStack project are now listed
- Now please click on the action button Edit roles (1) on the right side of the line of the desired User
- Now select the desired user authorizations for this OpenStack project (e.g. _member_ and creator) and confirm with the create button. Legend for the roles (see Legend OpenStack Project roles).
- Repeat this procedure for all users you want to authorize for this OpenStack project.
6.1.4. Manage Cloud Service Portal Permissions for OpenStack Services¶
In order to allow users in the Cloud Service Portal© permissions for the management of OpenStack Services, such as editing user rights, or creating or deleting OpenStack projects, please proceed as follows. The permissions are limited to the OpenStack Service and the Client area of a user.
- Stellen Sie sicher, dass Sie sich im Bereich des Enterprise Partner befinden (1) und klicken dann links in der Navigation OpenStack >> Manage permissions (2).
Note
Use the filter function (3) to filter for the desired data
- Now click on the right side of the line of the desired user to whom you want to grant permissions on the action button Manage permissions (4).
- Then tick the boxes for which you wish to give authorization:
- Manage users: Authorization to manage other user data
- Edit roles: These permissions allow a user to assign or edit OpenStack roles
- Projects: With these rights a user can manage OpenStack projects (create / delete / edit)
6.1.5. Legend OpenStack Project roles¶
Rolle | Description |
---|---|
_member_ | Default role that allows access to a Project |
member | Duplicate of _member_ which is still needed for some API calls |
heat_stack_owner | Roll may create/start heat stacks |
reader | can read Secrets at Barbican |
creator | may create secrets in Barbican e.g. for server-side encryption |
load_balancer_member | May create loadbalancer |