«Domains» tab

Domains in OpenStack allow to organize projects into independent groups. This method allows to restrict rights of project administrators within the same domain. This implements the functionality of giving user administrator rights in several projects without the ability to manage entire cloud.

../../../../_images/identity_domians.png

Domains list

List contains the following information:
Field name Description
Name Domain name, set during creation. The number of characters should not exceed 64. It may be changed during editing and is a link to go to detailed information about a specific domain.
Domain ID Domain identifier.
Enabled Domain status. It may be changed in the general list.

No delete or rename actions are available for the default domain default.

Sort tool is available for all displayed fields. Fields are sorted in ascending and descending order. It is also possible to sort the objects marked with check mark.

Also, the user can view detailed information about the domain. Detailed information about the object opens in separate block on the right side of the page when you click on the domain name link. This does not close the list of objects and is displayed on the left side of the page.To close block of detailed information use the details_button1 button, to open a block of detailed information use the button details_button2.

Detailed information about the domain is presented in several internal tabs.

«Overview» tab

Tab displays detailed information about the selected domain:

../../../../_images/identity_domians_overview.png

Detailed domain information

«Action log» tab

Tab displays information about the history of operations on domain objects within the current project:

../../../../_images/identity_domians_action_log.png

Action log on domain objects

List contains the following information:
Field name Description
Request ID Request identifier.
Parent request Identifier of the request, which is the parent of this one, for example, if an action was performed on a request from RSclient or Scheduler. If the action is performed on request from the Dashboard, then there is no parent request.
Action Action name.
Start time Date and time of the task start in the format: dd.mm.yyyy, hh.mm.ss.
User Name of the user who initiated the action.
Subject type Type of object on which the action was performed.
Subject name Name of object on which the action was performed.
Result

Result of the action. Possible values are:

  • Success;
  • Error;
  • Unknown.
Result details Detailed description of the result. Also, if the action was performed during the execution of scheduled task, the task identifier is indicated.

Sorting and filtering tools are available for journal. Fields are sorted in ascending and descending order. Filtering tool works on all fields.

Following actions are available:
N Action Description
1 Add configuration Adding domain configuration.
2 Load configuration Loading domain configuration from config file to database.
3 Disable domain Disabling access rights to the selected domain. Domain status will change from «Enabled» to «Disabled».
4 Modify groups Editing the list of domain groups.
5 Edit domain Domain configuration changing.
6 Set up backup Configuring backup for domain instances.
7 Enable domain Enabling access rights to the selected domain. Domain status will change from «Disabled» to «Enabled».
8 Create domain Adding new domain with given parameters.
9 Delete domain Deleting the selected domain. It is possibly only in the inactive state.
10 Set domain context Going to the selected domain.
11 Manage members Editing the list of domain members.

Listed actions are available for performing with respect to one selected domain - by selecting the required action in the “Actions” field of the corresponding entry in the general list.

../../../../_images/identity_domians_action.png

Individual actions on domains

You can also perform actions on group of pre-selected domains. To do this, you must mark necessary ones and select group action:

../../../../_images/identity_domians_group_action.png

Group actions on domain

Features of work

Domain creation

In the general list on the control panel using the “Create domain” button, open the wizard window for creating domain:

../../../../_images/identity_domians_create_domain.png

Domain creation window

In the window that opens, specify:

  • Name is domain name in the format ASCII. Optional field, if the value is empty, the name is generated automatically;
  • Description is brief information about the domain;
  • Active is the flag defines the state of domain after creation.

Completion of the creation procedure is performed by clicking «Create domain» button.

Adding configuration

Function is available in the general list of all domains. It allows to add configuration to the selected domain. After calling the action in the window that opens, set the required parameters:

../../../../_images/identity_domians_add_configuration.png

Domain configuration change window

  • url is ldap server address;
  • user is user name;
  • user_name_attribute is user name attribute;
  • user_objectclass is user objectclass attribute;
  • user_tree_dn is user directory;
  • password is server password.

Complete the procedure with the «Submit» button.

Loading configuration

Note

Action is available only if the parameter domain_configurations_from_database = True in identity section on Keystone config file.

Function is available in the general list of all domains. It allows loading the domain configuration into the database from the configuration file located in /etc/keystone/domains/ directory. Confirm loading of the configuration in the window that opens:

../../../../_images/identity_domians_load_configuration.png

Domain configuration loading confirmation window

Modifying groups

Function is available in the list of actions for the required domain. After calling action in the window that opens, set required domain groups:

../../../../_images/identity_domians_edit_groups.png

Domain group management window

Complete the procedure with the confirmation button.

Domain changing

Function is available in the list of actions for the required domain. After calling action in the window that opens, set required parameters:

../../../../_images/identity_domians_edit_domian.png

Domain parameters changing window

  • Name is domain name in the format ASCII. Optional field, if the value is empty, the name is generated automatically;
  • Description is brief information about the domain;
  • Active is the flag defines the state of domain after creation.
  • Domain members, adding domain members;
  • Domain groups, adding groups.

Complete the procedure with the confirmation button.

Setting up backup

Note

Action is available only for user with administrator rights.

Function is available in the list of actions for the required domain. After calling action in the window that opens, set required parameters:

../../../../_images/identity_domians_setup_backup.png

Backup settings window

  • Backup system is software that will be used for backing up. Possible values are:

    This field is required.

  • Hostname is the backup system host. This field is required;

  • Password is password for access to the backup system. This password is used when the backup clients connect to the backup server. This field is required;

  • Private key is private key to access the backup system. In this field, you need to copy contents of the private key file used for SSH access to the media server. Prerequisite is the controller’s ability to SSH access to the backup server. This field is required.

Membership management

Function is available in the list of actions for the required domain. Function allows changing domain members.

../../../../_images/identity_domians_manage_members.png

Domain member management window

In the window that opens, select required users and set their roles in the domain. Complete the procedure with the «Save» button.