Identity Service (keystone) domains are additional namespaces you can create in keystone. You would use keystone domains to partition users, groups, and projects. These separate domains can also be configured to authenticate users in different LDAP or Active Directory environments. For more information see Integrate with Identity Service .
Identity Service includes a built-in domain called Default. It is suggested you reserve this domain only for service accounts, and create a separate domain for user accounts.
You can view a list of domains using openstack domain list. For example:
openstack domain list
+----------------------------------+------------------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+------------------+---------+--------------------+
| 3abefa6f32c14db9a9703bf5ce6863e1 | TestDomain | True | |
| 69436408fdcb44ab9e111691f8e9216d | corp | True | |
| a4f61a8feb8d4253b260054c6aa41adb | federated_domain | True | |
| default | Default | True | The default domain |
+----------------------------------+------------------+---------+--------------------+
$ openstack domain list
+----------------------------------+------------------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+------------------+---------+--------------------+
| 3abefa6f32c14db9a9703bf5ce6863e1 | TestDomain | True | |
| 69436408fdcb44ab9e111691f8e9216d | corp | True | |
| a4f61a8feb8d4253b260054c6aa41adb | federated_domain | True | |
| default | Default | True | The default domain |
+----------------------------------+------------------+---------+--------------------+
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
If this command is not available, check you have enabled keystone v3 for your command line session.
You can create a new domain using openstack domain create. For example:
openstack domain create TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
$ openstack domain create TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
You can view the details of a domain using openstack domain show. For example:
openstack domain show TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
$ openstack domain show TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
You can disable a domain using --disable. For example:
openstack domain set TestDomain --disable
$ openstack domain set TestDomain --disable
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Confirm the domain has been disabled:
openstack domain show TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | False |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
$ openstack domain show TestDomain
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | False |
| id | 3abefa6f32c14db9a9703bf5ce6863e1 |
| name | TestDomain |
+-------------+----------------------------------+
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
You can then re-enable the domain, if required:
openstack domain set TestDomain --enable
$ openstack domain set TestDomain --enable
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Red Hat Summit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}