[Openstack] Openstack Mitaka Domain question
Brad Pokorny
Brad_Pokorny at symantec.com
Mon Jun 20 16:55:59 UTC 2016
Could you attach copies of your Keystone policy.json file and your Horizon
keystone_policy.json file?
What method did you use to find out the ID of the domain named Default?
What method did you use to check whether the cloud_admin user has the
admin role on the Default domain?
Thanks,
Brad
On 6/20/16, 8:05 AM, "Eugen Block" <eblock at nde.ag> wrote:
>Referring to the invisible domain field in the sidebar-accordion, I
>tried to investigate Horizon with Firebug. If I get it right, the
>identity panel is constructed in
>/usr/lib/python2.7/site-packages/horizon/templates/horizon/_sidebar.html.
>But
>only four panels are built, projects, users, groups and roles. How can
>I find out why the domain panel is not built here?
>
>I'm logged in as the cloud_admin, in the apache logs I don't see
>permission errors or anything, so that shouldn't be an issue.
>
>Here's some information on the dashboard version I'm using:
>
>control1:/etc/keystone # rpm -qi
>openstack-dashboard-9.0.2~a0~dev6-1.1.noarch
>Name : openstack-dashboard
>Version : 9.0.2~a0~dev6
>Release : 1.1
>Architecture: noarch
>Install Date: Fr 17 Jun 2016 16:08:08 CEST
>Group : Development/Languages/Python
>Size : 50738471
>License : Apache-2.0
>Signature : RSA/SHA256, Fr 17 Jun 2016 05:08:31 CEST, Key ID
>893a90dad85f9316
>Source RPM : openstack-dashboard-9.0.2~a0~dev6-1.1.src.rpm
>Build Date : Fr 17 Jun 2016 05:07:19 CEST
>Build Host : build33
>Relocations : (not relocatable)
>Vendor : obs://build.opensuse.org/Cloud:OpenStack
>URL : http://wiki.openstack.org/OpenStackDashboard
>Summary : OpenStack Dashboard (Horizon)
>
>
>Any idea what goes wrong here?
>
>Regards,
>Eugen
>
>
>Zitat von Brad Pokorny <Brad_Pokorny at symantec.com>:
>
>> I added a "Common Issues" section to this blog post with some things
>>I've
>> seen that have tripped people up:
>> http://www.symantec.com/connect/blogs/domain-support-horizon-here
>>
>> Resolving those things should at least get the Domains dashboard to show
>> up in Horizon. If everything is properly set up, it will show up under
>>the
>> Identity left nav.
>>
>> That may also resolve your second issue with CLI commands. If not, it
>> could be that you're getting a project scoped token when you should be
>> getting a domain scoped token. Info on token scopes:
>> http://docs.openstack.org/admin-guide/keystone_tokens.html
>>
>> Thanks,
>> Brad
>>
>>
>> On 6/9/16, 2:48 AM, "Eugen Block" <eblock at nde.ag> wrote:
>>
>>> Hi,
>>>
>>> I've managed to enable multi-domain support for my Mitaka environment,
>>> but there are still some things to configure properly. I have two
>>> questions regarding domains.
>>>
>>>> Log in as admin under the default domain, go to the Domains dashboard
>>>
>>> 1. How can I enable the domain view in Horizon? I can't see that tab
>>> in the dashboard, I'm not sure where to look anymore.
>>>
>>> 2. Has anyone a working separation of cloud_admin and domain_admin? I
>>> used the v3-policy file mentioned in the last response, changed the
>>> admin_domain_id to default as suggested, updated the keystone
>>> endpoints to v3, but now I can't execute some actions like list
>>> projects, list users etc. The logs say
>>>
>>> You are not authorized to perform the requested action:
>>> identity:list_domains
>>>
>>> So I take a look into the policy.json:
>>>
>>> "cloud_admin": "rule:admin_required and domain_id:default",
>>> "identity:list_domains": "rule:cloud_admin"
>>>
>>> As far as I understand, I assigend the domain "default" to
>>> cloud_admin, so I assume that I should be able to list domains,
>>> projects etc.
>>> Until now I simply used the default config files for identity, can
>>> anyone advise how to configure that file properly?
>>>
>>> Regards,
>>> Eugen
>>>
>>>
>>> Zitat von Brad Pokorny <Brad_Pokorny at symantec.com>:
>>>
>>>> 1. Yes, you can create new users in the "labA" domain via Horizon.
>>>> Log in as admin under the default domain, go to the Domains
>>>> dashboard, and click the "Set Domain Context" button for the "labA"
>>>> domain. Then when you go back to the create user workflow, the
>>>> "labA" domain will be automatically filled in for the user.
>>>> 2. Go to the Domains tab, click the "Set Domain Context" button for
>>>> the other domain, and go back to the Users dashboard.
>>>>
>>>> If you later need to think about using a domain admin via Horizon,
>>>> take a look at this blog post:
>>>> http://www.symantec.com/connect/blogs/domain-support-horizon-here
>>>>
>>>> Thanks,
>>>> Brad
>>>>
>>>> From: zhihao wang
>>>> <wangzhihaocom at hotmail.com<mailto:wangzhihaocom at hotmail.com>>
>>>> Date: Tuesday, May 31, 2016 at 8:40 AM
>>>> To:
>>>> "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>"
>>>> <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
>>>> Subject: [Openstack] Openstack Mitaka Domain question
>>>>
>>>> Hi All
>>>>
>>>> I setup the openstack Mitaka, and beside the "default" domain, I
>>>> create another domain called "labA".
>>>>
>>>> I login using labA domain.
>>>>
>>>> My question are
>>>> 1. Can I create different users and assign to different domain from
>>>> Horizon dashboard GUI? or do i have to do it from a command line?
>>>> 2. If I login as admin user under default domain, How can I see all
>>>> the users with all different domain in horizon dashboard GUI?
>>>> .
>>>>
>>>> Thanks a lot
>>>> wally
>>>
>>>
>>> --
>>> Eugen Block voice : +49-40-559 51 75
>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
>>> Postfach 61 03 15
>>> D-22423 Hamburg e-mail : eblock at nde.ag
>>>
>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen
>>> Sitz und Registergericht: Hamburg, HRB 90934
>>> Vorstand: Jens-U. Mozdzen
>>> USt-IdNr. DE 814 013 983
>>>
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>--
>Eugen Block voice : +49-40-559 51 75
>NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
>Postfach 61 03 15
>D-22423 Hamburg e-mail : eblock at nde.ag
>
> Vorsitzende des Aufsichtsrates: Angelika Mozdzen
> Sitz und Registergericht: Hamburg, HRB 90934
> Vorstand: Jens-U. Mozdzen
> USt-IdNr. DE 814 013 983
>
More information about the Openstack
mailing list