Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Rocky Multi Domain external network editing

Hi, i have a juju/maas rocky installation. I trying to simulate Domains isolation. I used the policy.v3cloudsample.json to replace policy.json on both Horizon and Keystone. I can create a domain, project and an admin for this domain. However a Domain admin can still edit the external network which is shared and holds the floating IP subnet. This means that any domain admin can affect external access for any other domain. This is a huge caveats. I am doing something wrong ? Is there a way to propegate the cloud admin role to other services (neutron, glance, ...)

Thank you for your help. Rony