[Openstack] Openstack Mitaka Domain question

Brad Pokorny Brad_Pokorny at symantec.com
Mon Jun 20 16:55:59 UTC 2016 

Could you attach copies of your Keystone policy.json file and your Horizon
keystone_policy.json file?

What method did you use to find out the ID of the domain named Default?

What method did you use to check whether the cloud_admin user has the
admin role on the Default domain?

Thanks,
Brad

On 6/20/16, 8:05 AM, "Eugen Block" <eblock at nde.ag> wrote:

>Referring to the invisible domain field in the sidebar-accordion, I
>tried to investigate Horizon with Firebug. If I get it right, the
>identity panel is constructed in
>/usr/lib/python2.7/site-packages/horizon/templates/horizon/_sidebar.html.
>But  
>only four panels are built, projects, users, groups and roles. How can
>I find out why the domain panel is not built here?
>
>I'm logged in as the cloud_admin, in the apache logs I don't see
>permission errors or anything, so that shouldn't be an issue.
>
>Here's some information on the dashboard version I'm using:
>
>control1:/etc/keystone # rpm -qi
>openstack-dashboard-9.0.2~a0~dev6-1.1.noarch
>Name        : openstack-dashboard
>Version     : 9.0.2~a0~dev6
>Release     : 1.1
>Architecture: noarch
>Install Date: Fr 17 Jun 2016 16:08:08 CEST
>Group       : Development/Languages/Python
>Size        : 50738471
>License     : Apache-2.0
>Signature   : RSA/SHA256, Fr 17 Jun 2016 05:08:31 CEST, Key ID
>893a90dad85f9316
>Source RPM  : openstack-dashboard-9.0.2~a0~dev6-1.1.src.rpm
>Build Date  : Fr 17 Jun 2016 05:07:19 CEST
>Build Host  : build33
>Relocations : (not relocatable)
>Vendor      : obs://build.opensuse.org/Cloud:OpenStack
>URL         : http://wiki.openstack.org/OpenStackDashboard
>Summary     : OpenStack Dashboard (Horizon)
>
>
>Any idea what goes wrong here?
>
>Regards,
>Eugen
>
>
>Zitat von Brad Pokorny <Brad_Pokorny at symantec.com>:
>
>> I added a "Common Issues" section to this blog post with some things
>>I've
>> seen that have tripped people up:
>> http://www.symantec.com/connect/blogs/domain-support-horizon-here
>>
>> Resolving those things should at least get the Domains dashboard to show
>> up in Horizon. If everything is properly set up, it will show up under
>>the
>> Identity left nav.
>>
>> That may also resolve your second issue with CLI commands. If not, it
>> could be that you're getting a project scoped token when you should be
>> getting a domain scoped token. Info on token scopes:
>> http://docs.openstack.org/admin-guide/keystone_tokens.html
>>
>> Thanks,
>> Brad
>>
>>
>> On 6/9/16, 2:48 AM, "Eugen Block" <eblock at nde.ag> wrote:
>>
>>> Hi,
>>>
>>> I've managed to enable multi-domain support for my Mitaka environment,
>>> but there are still some things to configure properly. I have two
>>> questions regarding domains.
>>>
>>>> Log in as admin under the default domain, go to the Domains dashboard
>>>
>>> 1. How can I enable the domain view in Horizon? I can't see that tab
>>> in the dashboard, I'm not sure where to look anymore.
>>>
>>> 2. Has anyone a working separation of cloud_admin and domain_admin? I
>>> used the v3-policy file mentioned in the last response, changed the
>>> admin_domain_id to default as suggested, updated the keystone
>>> endpoints to v3, but now I can't execute some actions like list
>>> projects, list users etc. The logs say
>>>
>>>      You are not authorized to perform the requested action:
>>> identity:list_domains
>>>
>>> So I take a look into the policy.json:
>>>
>>>     "cloud_admin": "rule:admin_required and domain_id:default",
>>>     "identity:list_domains": "rule:cloud_admin"
>>>
>>> As far as I understand, I assigend the domain "default" to
>>> cloud_admin, so I assume that I should be able to list domains,
>>> projects etc.
>>> Until now I simply used the default config files for identity, can
>>> anyone advise how to configure that file properly?
>>>
>>> Regards,
>>> Eugen
>>>
>>>
>>> Zitat von Brad Pokorny <Brad_Pokorny at symantec.com>:
>>>
>>>> 1. Yes, you can create new users in the "labA" domain via Horizon.
>>>> Log in as admin under the default domain, go to the Domains
>>>> dashboard, and click the "Set Domain Context" button for the "labA"
>>>> domain. Then when you go back to the create user workflow, the
>>>> "labA" domain will be automatically filled in for the user.
>>>> 2. Go to the Domains tab, click the "Set Domain Context" button for
>>>> the other domain, and go back to the Users dashboard.
>>>>
>>>> If you later need to think about using a domain admin via Horizon,
>>>> take a look at this blog post:
>>>> http://www.symantec.com/connect/blogs/domain-support-horizon-here
>>>>
>>>> Thanks,
>>>> Brad
>>>>
>>>> From: zhihao wang
>>>> <wangzhihaocom at hotmail.com<mailto:wangzhihaocom at hotmail.com>>
>>>> Date: Tuesday, May 31, 2016 at 8:40 AM
>>>> To:
>>>> "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>"
>>>> <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
>>>> Subject: [Openstack] Openstack Mitaka Domain question
>>>>
>>>> Hi All
>>>>
>>>> I setup the openstack Mitaka, and beside the "default" domain, I
>>>> create another domain called "labA".
>>>>
>>>> I login using labA domain.
>>>>
>>>> My question are
>>>> 1. Can I create different users and assign to different domain from
>>>> Horizon dashboard GUI? or do i have to do it from a command line?
>>>> 2. If I login as admin user under default domain, How can I see all
>>>> the users with all different domain in horizon dashboard GUI?
>>>> .
>>>>
>>>> Thanks a lot
>>>> wally
>>>
>>>
>>> --
>>> Eugen Block                             voice   : +49-40-559 51 75
>>> NDE Netzdesign und -entwicklung AG      fax     : +49-40-559 51 77
>>> Postfach 61 03 15
>>> D-22423 Hamburg                         e-mail  : eblock at nde.ag
>>>
>>>         Vorsitzende des Aufsichtsrates: Angelika Mozdzen
>>>           Sitz und Registergericht: Hamburg, HRB 90934
>>>                   Vorstand: Jens-U. Mozdzen
>>>                    USt-IdNr. DE 814 013 983
>>>
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>-- 
>Eugen Block                             voice   : +49-40-559 51 75
>NDE Netzdesign und -entwicklung AG      fax     : +49-40-559 51 77
>Postfach 61 03 15
>D-22423 Hamburg                         e-mail  : eblock at nde.ag
>
>         Vorsitzende des Aufsichtsrates: Angelika Mozdzen
>           Sitz und Registergericht: Hamburg, HRB 90934
>                   Vorstand: Jens-U. Mozdzen
>                    USt-IdNr. DE 814 013 983
>

More information about the Openstack mailing list