Hi,
I added a "Common Issues" section to this blog post
I found one thing that I must have missed, the admin role on the
Default domain was not assigned to the admin user. But changing that
had no effect, I still can't see the domain dashboard nor can I
authenticate for any other service.
could be that you're getting a project scoped token when you should be
getting a domain scoped token
I'm not sure how to ensure which token I get. I unset all Openstack
related environment variables by logging out from my session, logged
back in and tried to execute "openstack user list" with all the
required credentials as command options, not in the environment
script, but still no successful authentication.
Is it relevant that I use fernet tokens? I upgraded from Liberty to
Mitaka and used UUID tokens before. But the cloud seems to work with
fernet... I would appreciate any other hint or idea to resolve this
issue.
Regards,
Eugen
Zitat von Brad Pokorny <[email protected]>:
I added a "Common Issues" section to this blog post with some things I've
seen that have tripped people up:
http://www.symantec.com/connect/blogs/domain-support-horizon-here
Resolving those things should at least get the Domains dashboard to show
up in Horizon. If everything is properly set up, it will show up under the
Identity left nav.
That may also resolve your second issue with CLI commands. If not, it
could be that you're getting a project scoped token when you should be
getting a domain scoped token. Info on token scopes:
http://docs.openstack.org/admin-guide/keystone_tokens.html
Thanks,
Brad
On 6/9/16, 2:48 AM, "Eugen Block" <[email protected]> wrote:
Hi,
I've managed to enable multi-domain support for my Mitaka environment,
but there are still some things to configure properly. I have two
questions regarding domains.
Log in as admin under the default domain, go to the Domains dashboard
1. How can I enable the domain view in Horizon? I can't see that tab
in the dashboard, I'm not sure where to look anymore.
2. Has anyone a working separation of cloud_admin and domain_admin? I
used the v3-policy file mentioned in the last response, changed the
admin_domain_id to default as suggested, updated the keystone
endpoints to v3, but now I can't execute some actions like list
projects, list users etc. The logs say
You are not authorized to perform the requested action:
identity:list_domains
So I take a look into the policy.json:
"cloud_admin": "rule:admin_required and domain_id:default",
"identity:list_domains": "rule:cloud_admin"
As far as I understand, I assigend the domain "default" to
cloud_admin, so I assume that I should be able to list domains,
projects etc.
Until now I simply used the default config files for identity, can
anyone advise how to configure that file properly?
Regards,
Eugen
Zitat von Brad Pokorny <[email protected]>:
1. Yes, you can create new users in the "labA" domain via Horizon.
Log in as admin under the default domain, go to the Domains
dashboard, and click the "Set Domain Context" button for the "labA"
domain. Then when you go back to the create user workflow, the
"labA" domain will be automatically filled in for the user.
2. Go to the Domains tab, click the "Set Domain Context" button for
the other domain, and go back to the Users dashboard.
If you later need to think about using a domain admin via Horizon,
take a look at this blog post:
http://www.symantec.com/connect/blogs/domain-support-horizon-here
Thanks,
Brad
From: zhihao wang
<[email protected]<mailto:[email protected]>>
Date: Tuesday, May 31, 2016 at 8:40 AM
To:
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: [Openstack] Openstack Mitaka Domain question
Hi All
I setup the openstack Mitaka, and beside the "default" domain, I
create another domain called "labA".
I login using labA domain.
My question are
1. Can I create different users and assign to different domain from
Horizon dashboard GUI? or do i have to do it from a command line?
2. If I login as admin user under default domain, How can I see all
the users with all different domain in horizon dashboard GUI?
.
Thanks a lot
wally
--
Eugen Block voice : +49-40-559 51 75
NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
Postfach 61 03 15
D-22423 Hamburg e-mail : [email protected]
Vorsitzende des Aufsichtsrates: Angelika Mozdzen
Sitz und Registergericht: Hamburg, HRB 90934
Vorstand: Jens-U. Mozdzen
USt-IdNr. DE 814 013 983
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
--
Eugen Block voice : +49-40-559 51 75
NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
Postfach 61 03 15
D-22423 Hamburg e-mail : [email protected]
Vorsitzende des Aufsichtsrates: Angelika Mozdzen
Sitz und Registergericht: Hamburg, HRB 90934
Vorstand: Jens-U. Mozdzen
USt-IdNr. DE 814 013 983
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
