Is Horizon/Dashboard not fully domain capable in mitaka?
I've got a up2date mitaka installation with dashboard configured for multidomain support. I can login to all my three domains (default+2), and admin user accounts in all three, can manage with administrative rights/roles.
But my admins can only see the domain they login/belong to? Regardless if the user has roles on just the projects in the domain, or admin role on the domains as well, horizon will only show one domain.
(I am not yet using the domain-version of the policy.json for keystone though, since that doesnt seem to work for local-domain admins, only domain-wide admins) Check this output:
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# SOS
OS_AUTH_URL=http://172.16.15.100:35357/v3
OS_DOMAIN_NAME=MasterCloud
OS_IDENTITY_API_VERSION=3
OS_IMAGE_API_VERSION=2
OS_PASSWORD=cloudMaster
OS_USERNAME=cloudAdmin
OS_USER_DOMAIN_NAME=MasterCloud
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack role assignment list --user cloudAdmin | $UUID
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| admin_Role | cloudAdmin_User | | Zion_Prj | | False |
| admin_Role | cloudAdmin_User | | | MasterCloud_Dom | False |
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack domain list
+----------------------------------+--------------+---------+--------------------------+
| ID | Name | Enabled | Description |
+----------------------------------+--------------+---------+--------------------------+
| 224263ec11a04d0e8976634a3c755fce | StudentCloud | True | |
| a349e339b62c408b8c737dc609b526b0 | MasterCloud | True | |
| b64019c89a17425eac89957f0c00c0f6 | heat | True | Stack projects and users |
| default | Default | True | The default domain |
+----------------------------------+--------------+---------+--------------------------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack project list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 0e534cf64c664ea1a5e82d49dd251417 | headoffice |
| 1039aea87bde4963993cab5d8692b51a | demo |
| 2a5071ae9a994b7bb02df776859db0cb | Zion |
| 2ef0ba9bcfc343ebae634887c603bae7 | StackLab2 |
| 419899ac97d84959a9b477c67807eb98 | StackLab5 |
| 58c73d62199241e3852704b072831c7f | StackLab6 |
| 5a5c918908d34779aed5ccfd9d893b44 | services |
| 8cc512ce5b83485993cd1133d0de40e6 | StackLab4 |
| 9d8ca4fafc4f4d6fb0b904b54a7a956b | StackLab3 |
| b7f286f467c645caa20f74f4b722fab8 | StackLab1 |
| d7789e69d06b43d1b4c7b06ab364f175 | StackLab0 |
| f50c155b713f4d09816104904884e7a8 | admin |
+----------------------------------+------------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack project list --domain Default
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| f50c155b713f4d09816104904884e7a8 | admin |
| 1039aea87bde4963993cab5d8692b51a | demo |
| 5a5c918908d34779aed5ccfd9d893b44 | services |
+----------------------------------+----------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]#
No problems listing, or showing in different domains. But the list in horizon, only shows the MasterCloud domain, and the single project Zion, inside. And I am NOT using the button for Domain Context.
Should I not be able to see all domains?
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# yum repolist
repo id repo name status
base/7/x86_64 CentOS-7 - Base 9,007
centos-ceph-hammer/7/x86_64 CentOS-7 - Ceph Hammer 40
centos-openstack-mitaka/x86_64 CentOS-7 - OpenStack mitaka 1,582
centos-qemu-ev/7/x86_64 CentOS-7 - QEMU EV 52
extras/7/x86_64 CentOS-7 - Extras 393
openstack-mitaka/x86_64 OpenStack Mitaka Repository 1,582
updates/7/x86_64 CentOS-7 - Updates 2,560
repolist: 15,216
MasterCloud[lab5]:cloudAdmin@ [root@ctrl ~(cloudAdmin)]#
Note that the role output is reg-exped to simply reading, instead of listing UUIDs.