Ask Your Question

why are domains part of the COA (certified openstack admin) exam? They are very seldom used?

asked 2016-09-21 02:41:13 -0500

Fredrick.Beste gravatar image

updated 2016-09-21 15:33:23 -0500

rbowen gravatar image
edit retag flag offensive close merge delete


What makes you think they are seldom used? I would say that domains are essential for public clouds and still useful for private clouds. AFAIK (might be wrong), domains are needed to implement federation.

Bernd Bausch gravatar imageBernd Bausch ( 2016-11-06 18:51:44 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2016-11-05 23:52:49 -0500

updated 2016-11-07 17:23:45 -0500

Good question, as the current (exam) version (november 2016), Liberty, doesn't fully implement domains, and only from mitaka and onward CLI commands exists to manage domains.

Openstack unified client authenticating to Identity v3 offers optional arguments to indicate domains, so maybe we will have to manage user in already existing domains.

Looking forward for more inf. from people who passed the exam! (of course with respect to exam agreement....)

edit flag offensive delete link more


This answer is not correct. The current version is Newton. The CLI does support domains in Liberty, e.g. openstack --os-auth-url="https://<ip address>:5000/v3" help domain. Domains exist since Grizzly or so (except for the CLI client); not sure what is meant by "full support".

Bernd Bausch gravatar imageBernd Bausch ( 2016-11-06 18:49:12 -0500 )edit

@Bernd Baush: And do you have it working fine, with policies, in mitaka, without any magical tweaks? "They" have been claiming domains/identityv3 support since Kilo, but I cant get admin policies to work in centos-release-mitaka, with the official domains-enabled policy.json(updated my domainid)

theque42 gravatar imagetheque42 ( 2016-11-07 02:49:45 -0500 )edit

I haven't had particular problems. As a cloud admin I can create domains, projects and domain admins, who in turn can create projects and users. I think you need the special policy file policy.v3cloudsample.json. Admittedly I don't run a real cloud, only PoC/training ones.

Bernd Bausch gravatar imageBernd Bausch ( 2016-11-07 04:34:31 -0500 )edit

I am also running test clouds. I have no problem with creating a cloud-wide admin. But when I enable the domains-enable policy file(v3cloudsample), all "local" admins stop working. INCLUDING all service-users which have admin in services project in default domain.

theque42 gravatar imagetheque42 ( 2016-11-07 04:51:59 -0500 )edit

To me, the whole point of domains, is that I can give a user local admin-rights in an isolated domain. In that, he can create users, projects, etc. But touch NOTHING outside that domain. Without the policies for domains, I dont see the use of domains, since everyone is admin everywhere.

theque42 gravatar imagetheque42 ( 2016-11-07 04:58:14 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-09-21 02:41:13 -0500

Seen: 320 times

Last updated: Nov 07 '16