To ensure services that you add to the catalog know about the users, tenants, and roles, you must create an admin token and create service users. These sections walk through those requirements.
For a default installation of Keystone, before you can
use the REST API, you need to define an authorization token.
This is configured in keystone.conf file
under the section [DEFAULT]. In the
sample file provided with the keystone project, the line
defining this token is
[DEFAULT] admin_token = ADMIN
This configured token is a "shared secret" between keystone and other OpenStack services, and is used by the client to communicate with the API to create tenants, users, roles, etc.
You need to minimally define a tenant, user, and role to link the tenant and user as the most basic set of details to get other services authenticating and authorizing with keystone.
You will also want to create service users for Compute (nova), Image (glance),
Object Storage (swift), etc. to be able to use to authenticate users against
the Identity service (keystone). The auth_token middleware supports
using either the shared secret described above as `admin_token`
or users for each service.
See the configuration section for a walk through on how to create tenants, users, and roles.
