docs/doc/source/security/kubernetes/establish-keystone-credentials-from-a-linux-account.rst

For StarlingX and Platform OpenStack CLIs from a Local LDAP Linux Account Login

You can establish Keystone credentials for executing StarlingX and Platform OpenStack for a local user, if required; this is not setup by default.

For more information about ldapusersetup, see Create LDAP Linux Accounts <create-ldap-linux-accounts>.

User accounts created using ldapusersetup have access to the StarlingX (system, fm, sw-patch, dcmanager, etc.) and the platform 'OpenStack' CLI as part of the shell.

• You must have a platform Keystone user account. For more information about creating Keystone users, managing keystone projects, users and roles, see https://docs.openstack.org/keystone/pike/admin/cli-manage-projects-users-and-roles.html.
• It is recommended to use the same username for both your local user and your Keystone user.

You can establish Keystone credentials, in order to use the StarlingX and Platform OpenStack , using one of the following methods:

1. (Method 1) When you have logged into the Horizon Web interface with your Keystone user credentials, download an OpenStack RC file (openrc.sh), and use it to source the required environment within your local LDAP user shell . For more information on downloading your OpenStack RC file from Horizon, see, http://docs.openstack.org.
2. (Method 2) Add the required environment variables manually into a wrcprc.sh file and use this to source the required environment within your local user shell.

Note

For security and reliability, add all the variables.

OS_USERNAME

the Keystone user name

OS_USER_DOMAIN_NAME

the default domain for the user

OS_PROJECT_NAME

the tenant name

OS_PROJECT_DOMAIN_NAME

the default domain for the project

OS_PASSWORD

a clear text representation of the Keystone password

OS_AUTH_URL

the Keystone Authentication URL

OS_IDENTITY_API_VERSION

the identity API version

OS_INTERFACE

the interface

OS_REGION_NAME

the Keystone Region Name