Is Horizon/Dashboard not fully domain capable in mitaka?

asked 2016-11-22 03:52:43 -0500

theque42 gravatar image

I've got a up2date mitaka installation with dashboard configured for multidomain support. I can login to all my three domains (default+2), and admin user accounts in all three, can manage with administrative rights/roles.

But my admins can only see the domain they login/belong to? Regardless if the user has roles on just the projects in the domain, or admin role on the domains as well, horizon will only show one domain.

(I am not yet using the domain-version of the policy.json for keystone though, since that doesnt seem to work for local-domain admins, only domain-wide admins) Check this output:

MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# SOS
OS_AUTH_URL=http://172.16.15.100:35357/v3
OS_DOMAIN_NAME=MasterCloud
OS_IDENTITY_API_VERSION=3
OS_IMAGE_API_VERSION=2
OS_PASSWORD=cloudMaster
OS_USERNAME=cloudAdmin
OS_USER_DOMAIN_NAME=MasterCloud
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack role assignment list  --user cloudAdmin | $UUID
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| Role                             | User                             | Group | Project                          | Domain                           | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| admin_Role                       | cloudAdmin_User                  |       | Zion_Prj                         |                                  | False     |
| admin_Role                       | cloudAdmin_User                  |       |                                  | MasterCloud_Dom                  | False     |
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack domain list
+----------------------------------+--------------+---------+--------------------------+
| ID                               | Name         | Enabled | Description              |
+----------------------------------+--------------+---------+--------------------------+
| 224263ec11a04d0e8976634a3c755fce | StudentCloud | True    |                          |
| a349e339b62c408b8c737dc609b526b0 | MasterCloud  | True    |                          |
| b64019c89a17425eac89957f0c00c0f6 | heat         | True    | Stack projects and users |
| default                          | Default      | True    | The default domain       |
+----------------------------------+--------------+---------+--------------------------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack project list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 0e534cf64c664ea1a5e82d49dd251417 | headoffice |
| 1039aea87bde4963993cab5d8692b51a | demo       |
| 2a5071ae9a994b7bb02df776859db0cb | Zion       |
| 2ef0ba9bcfc343ebae634887c603bae7 | StackLab2  |
| 419899ac97d84959a9b477c67807eb98 | StackLab5  |
| 58c73d62199241e3852704b072831c7f | StackLab6  |
| 5a5c918908d34779aed5ccfd9d893b44 | services   |
| 8cc512ce5b83485993cd1133d0de40e6 | StackLab4  |
| 9d8ca4fafc4f4d6fb0b904b54a7a956b | StackLab3  |
| b7f286f467c645caa20f74f4b722fab8 | StackLab1  |
| d7789e69d06b43d1b4c7b06ab364f175 | StackLab0  |
| f50c155b713f4d09816104904884e7a8 | admin      |
+----------------------------------+------------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]# openstack project list --domain Default
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| f50c155b713f4d09816104904884e7a8 | admin    |
| 1039aea87bde4963993cab5d8692b51a | demo     |
| 5a5c918908d34779aed5ccfd9d893b44 | services |
+----------------------------------+----------+
MasterCloud[lab5]:cloudAdmin@
[root@ctrl ~(cloudAdmin)]#

No problems listing, or showing in different domains. But the list in horizon, only shows the MasterCloud domain, and the single project Zion, inside. And I am NOT using the button for Domain Context.

Should I not be able to see all domains?

MasterCloud[lab5]:cloudAdmin@

[root@ctrl ~(cloudAdmin)]# yum repolist
repo id                                                                                  repo name                                                                              status
base/7/x86_64                                                                            CentOS-7 - Base                                                                        9,007
centos-ceph-hammer/7/x86_64                                                              CentOS-7 - Ceph Hammer                                                                    40
centos-openstack-mitaka/x86_64                                                           CentOS-7 - OpenStack mitaka                                                            1,582
centos-qemu-ev/7/x86_64                                                                  CentOS-7 - QEMU EV                                                                        52
extras/7/x86_64                                                                          CentOS-7 - Extras                                                                        393
openstack-mitaka/x86_64                                                                  OpenStack Mitaka Repository                                                            1,582
updates/7/x86_64                                                                         CentOS-7 - Updates                                                                     2,560
repolist: 15,216

MasterCloud[lab5]:cloudAdmin@ [root@ctrl ~(cloudAdmin)]#

edit retag flag offensive close merge delete

Comments

Note that the role output is reg-exped to simply reading, instead of listing UUIDs.

theque42 gravatar imagetheque42 ( 2016-11-22 03:53:33 -0500 )edit