Ask Your Question

Revision history [back]

The purpose of the domain concept is identity management. In fact, as far as I know, the only OpenStack service that is aware of domains is Keystone.

I suppose the underlying philosophy is roughly this: Domains are a way to give customers of a public cloud control over their users and projects. Flavors and images on the other hand impact areas like billing, performance and security; only cloud admins can be allowed to manage them.

The purpose of the domain concept is identity management. In fact, as far as I know, the only OpenStack service that is aware of domains is Keystone.

I suppose the underlying philosophy is roughly this: Domains are a way to give customers of a public cloud control over their users and projects. Flavors and images on the other hand impact areas like billing, performance and security; only cloud admins can be allowed to manage them.

Having said that, perhaps it’s possible to tweak Nova and Glance policies to use domains as factors in handling flavor and images.