<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Dan+Nguyen</id>
		<title>OpenStack - User contributions [en]</title>
		<link rel="self" type="application/atom+xml" href="https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Dan+Nguyen"/>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/wiki/Special:Contributions/Dan_Nguyen"/>
		<updated>2026-07-08T17:56:56Z</updated>
		<subtitle>User contributions</subtitle>
		<generator>MediaWiki 1.28.2</generator>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=85990</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=85990"/>
				<updated>2015-07-14T19:40:52Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Dig the admin token out of keystone.conf&lt;br /&gt;
  grep -i 'admin_token' /etc/keystone/keystone.conf&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;ADMIN_TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
Note:  If you are having trouble finding the ADMIN_ID, you can find it with this command:&lt;br /&gt;
  mysql -D keystone -e 'select id from user where name = &amp;quot;admin&amp;quot;;'&lt;br /&gt;
Note:  If you are having trouble finding the ADMIN_ROLE_ID, you can find it with this command:&lt;br /&gt;
  mysql -D keystone -e 'select id from role where name = &amp;quot;admin&amp;quot;;'&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
Remember:  He who laughs last had a backup!&lt;br /&gt;
&lt;br /&gt;
old:&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
new:&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
Copy the keystone devstack's policy file: /etc/keyston/policy.json into your horizon directory:&lt;br /&gt;
horizon/openstack_dashboard/conf/keystone_policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Determine the default role name:&lt;br /&gt;
  mysql -D keystone -e 'select name from role where name like &amp;quot;%ember&amp;quot;;'&lt;br /&gt;
In my case it has changed from &amp;quot;_member_&amp;quot; to &amp;quot;Member&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = &amp;quot;Member&amp;quot;&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'&lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
 POLICY_FILES = {&lt;br /&gt;
 #'identity': 'keystone_policy.json',&lt;br /&gt;
 'identity': 'keystone_policy.v3cloudsample.json',&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== horizon ====&lt;br /&gt;
You'll need to pull down this patch in your horizon repo for horizon to understand multi-domain setups.&lt;br /&gt;
https://review.openstack.org/#/c/148082/&lt;br /&gt;
&lt;br /&gt;
==== keystone ====&lt;br /&gt;
Allows a Domain Admin to list role assignments without a project token&lt;br /&gt;
https://review.openstack.org/#/c/180846/ &lt;br /&gt;
&lt;br /&gt;
==== keystone client ====&lt;br /&gt;
Allows a Domain Admin to list role assignments without a project token&lt;br /&gt;
https://review.openstack.org/#/c/188184/&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
 TODO(esp): Add use cases for Cloud Admin and Domain Admin&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
==== Set up the cloud admin user ====&lt;br /&gt;
* Convert the admin user to be a Cloud Admin&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;ADMN_TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/&amp;lt;DEFAULT DOMAIN&amp;gt;/users/&amp;lt;ADMIN USER ID&amp;gt;/roles/&amp;lt;ADMIN ROLE ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85850</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85850"/>
				<updated>2015-07-14T00:06:04Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Next Steps */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains.&lt;br /&gt;
 Project Admin is restricted to quota mgmt and listing roles, role_assignments by the current keystone v3 policy file.&lt;br /&gt;
 Project Admin can not currently manage the members of it's project due to permissions for list_users.&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
=== Known Issues ===&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
 - Pure Domain Admin Create Project will not have a quotas tab. (will need Cloud Admin to adjust if not using default values)&lt;br /&gt;
&lt;br /&gt;
=== Horizon Bugs ===&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
=== Next Steps ===&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
&lt;br /&gt;
=== Test Cases ===&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85849</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85849"/>
				<updated>2015-07-14T00:05:39Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Horizon Bugs */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains.&lt;br /&gt;
 Project Admin is restricted to quota mgmt and listing roles, role_assignments by the current keystone v3 policy file.&lt;br /&gt;
 Project Admin can not currently manage the members of it's project due to permissions for list_users.&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
=== Known Issues ===&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
 - Pure Domain Admin Create Project will not have a quotas tab. (will need Cloud Admin to adjust if not using default values)&lt;br /&gt;
&lt;br /&gt;
=== Horizon Bugs ===&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
=== Next Steps ===&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Test Cases ===&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85848</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=85848"/>
				<updated>2015-07-14T00:04:44Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Project Admin should be deprecated */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains.&lt;br /&gt;
 Project Admin is restricted to quota mgmt and listing roles, role_assignments by the current keystone v3 policy file.&lt;br /&gt;
 Project Admin can not currently manage the members of it's project due to permissions for list_users.&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
=== Known Issues ===&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
 - Pure Domain Admin Create Project will not have a quotas tab. (will need Cloud Admin to adjust if not using default values)&lt;br /&gt;
&lt;br /&gt;
=== Horizon Bugs ===&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manage members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
=== Next Steps ===&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Test Cases ===&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82947</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82947"/>
				<updated>2015-06-08T23:38:47Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Steps */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://wiki.openstack.org/wiki/Merlin &lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd horizon/openstack_dashboard/local/&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;br /&gt;
[[File:Mistral1.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral2.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral3.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82946</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82946"/>
				<updated>2015-06-08T23:38:22Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Steps */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://wiki.openstack.org/wiki/Merlin &lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd horizon/openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;br /&gt;
[[File:Mistral1.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral2.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral3.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82907</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82907"/>
				<updated>2015-06-08T18:38:38Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://wiki.openstack.org/wiki/Merlin &lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;br /&gt;
[[File:Mistral1.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral2.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral3.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82906</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82906"/>
				<updated>2015-06-08T18:36:28Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Screen Shots */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;br /&gt;
[[File:Mistral1.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral2.png]]&lt;br /&gt;
&lt;br /&gt;
[[File:Mistral3.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82905</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82905"/>
				<updated>2015-06-08T18:35:51Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Screen Shots */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;br /&gt;
[[File:Mistral1.png|frameless]]&lt;br /&gt;
[[File:Mistral2.png|frameless]]&lt;br /&gt;
[[File:Mistral3.png|frameless]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Mistral3.png&amp;diff=82904</id>
		<title>File:Mistral3.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Mistral3.png&amp;diff=82904"/>
				<updated>2015-06-08T18:33:42Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Mistral2.png&amp;diff=82903</id>
		<title>File:Mistral2.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Mistral2.png&amp;diff=82903"/>
				<updated>2015-06-08T18:33:27Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Mistral1.png&amp;diff=82902</id>
		<title>File:Mistral1.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Mistral1.png&amp;diff=82902"/>
				<updated>2015-06-08T18:32:47Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82901</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82901"/>
				<updated>2015-06-08T18:29:58Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Merlin Horizon Integration */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;br /&gt;
&lt;br /&gt;
=== Screen Shots ===&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82899</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82899"/>
				<updated>2015-06-08T18:17:57Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Heading text */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Useful Links ===&lt;br /&gt;
 https://github.com/stackforge/merlin&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82897</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82897"/>
				<updated>2015-06-08T17:49:42Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Merlin Horizon Integration */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Heading text ===&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82895</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82895"/>
				<updated>2015-06-08T17:47:27Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Steps */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir &amp;lt;workspace&amp;gt;&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
2b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
3. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
4. Create symlinks to from Merlin to Horizon&lt;br /&gt;
 $ cd .venv/lib/python2.7/site-packages/&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/merlin/ .&lt;br /&gt;
 $ ln -s &amp;lt;workspace&amp;gt;/merlin/extensions/mistral .&lt;br /&gt;
&lt;br /&gt;
5. Add Mistral Panel to Horizon&lt;br /&gt;
 $ cd &amp;lt;workspace&amp;gt;/openstack_dashboard/enabled/_50_add_mistral_panel.py .&lt;br /&gt;
&lt;br /&gt;
6. Sync the database&lt;br /&gt;
 $  cd &amp;lt;workspace&amp;gt;/horizon/&lt;br /&gt;
 $  source .venv/bin/activate&lt;br /&gt;
 $ python manage.py syncdb&lt;br /&gt;
&lt;br /&gt;
7. Start Horizon dev server&lt;br /&gt;
 $ ./run_test.sh --runserver&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82888</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82888"/>
				<updated>2015-06-08T17:37:07Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir workspace&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
3a. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
&lt;br /&gt;
3b. Add sqlite database&lt;br /&gt;
 $ vi local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 DATABASES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
       'ENGINE': 'django.db.backends.sqlite3',&lt;br /&gt;
       'NAME': 'horizon.sqlite3'&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 ...&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82884</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82884"/>
				<updated>2015-06-08T17:02:55Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Merlin Horizon Integration */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir workspace&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;br /&gt;
&lt;br /&gt;
2. Create Horizon's .venv&lt;br /&gt;
 $ cd horizon/&lt;br /&gt;
 $ ./run_test.sh&lt;br /&gt;
&lt;br /&gt;
3. Update Horizons local_settings.py&lt;br /&gt;
 $ cd ../openstack_dashboard/local&lt;br /&gt;
 $ cp local_settings.py.example local_settings.py&lt;br /&gt;
 $ vi local_settings.py&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82883</id>
		<title>Horizon/MerlinEval</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/MerlinEval&amp;diff=82883"/>
				<updated>2015-06-08T16:33:41Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: Created page with &amp;quot;== Merlin Horizon Integration == This page walks through the instructions of how to install Merlin into Horizon.  === Steps === 1. Create a workspace for horizon and merlin pr...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Merlin Horizon Integration ==&lt;br /&gt;
This page walks through the instructions of how to install Merlin into Horizon.&lt;br /&gt;
&lt;br /&gt;
=== Steps ===&lt;br /&gt;
1. Create a workspace for horizon and merlin projects&lt;br /&gt;
 $ mkdir workspace&lt;br /&gt;
 $ git clone https://github.com/openstack/horizon.git&lt;br /&gt;
 $ git clone https://github.com/stackforge/merlin.git&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=80675</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=80675"/>
				<updated>2015-05-07T16:56:53Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Known Issues */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
=== Known Issues ===&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
 - Pure Domain Admin Create Project will not have a quotas tab. (will need Cloud Admin to adjust if not using default values)&lt;br /&gt;
&lt;br /&gt;
=== Horizon Bugs ===&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manage members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
=== Next Steps ===&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Test Cases ===&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79139</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79139"/>
				<updated>2015-05-01T22:55:14Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
=== Known Issues ===&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
=== Horizon Bugs ===&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manage members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
=== Next Steps ===&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Test Cases ===&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Future ===&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79134</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79134"/>
				<updated>2015-05-01T22:52:04Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
===== Known Issues =====&lt;br /&gt;
 - User with Domain Admins and Project Member&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
===== Horizon Bugs =====&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manage members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
==== Next Steps =====&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===== Test Cases =====&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===== Future =====&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota management&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79129</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=79129"/>
				<updated>2015-05-01T22:43:00Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Best Practices */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota inheritance&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78738</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78738"/>
				<updated>2015-05-01T01:25:10Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Domain Support (Work In Progress) */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==  (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Members should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Member is not recommended (even in the same domain)&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;br /&gt;
 - quota inheritance&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78737</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78737"/>
				<updated>2015-05-01T01:21:38Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Domain Admins and Project Admins should be mutually exclusive. */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Members should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Member is not recommended (even in the same domain)&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78736</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78736"/>
				<updated>2015-05-01T01:21:23Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Best Practices */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be deprecated ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended &lt;br /&gt;
 &lt;br /&gt;
==== Domain Admins and Project Members should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Member is not recommended (even in the same domain)&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78735</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78735"/>
				<updated>2015-05-01T01:07:45Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Best Practices */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be avoided ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 Domain Admin + Project Admin is not recommended &lt;br /&gt;
 Domain Admin + Project Member is not recommended&lt;br /&gt;
&lt;br /&gt;
==== Only Cloud Admin(s) should have a role on an admin domain ====&lt;br /&gt;
 Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78734</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78734"/>
				<updated>2015-05-01T01:05:15Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* An new admin domain should be created */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 - Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be avoided ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 - Domain Admin + Project Admin is not recommended &lt;br /&gt;
 - Domain Admin + Project Member is not recommended&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78733</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78733"/>
				<updated>2015-05-01T00:15:57Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Domain Admins and Project Admins should be mutually exclusive. */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 - Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
 - Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be avoided ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
 - Domain Admin + Project Admin is not recommended &lt;br /&gt;
 - Domain Admin + Project Member is not recommended&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78732</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78732"/>
				<updated>2015-04-30T23:37:02Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Avoid mixing User Type roles */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 - Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
 - Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be avoided ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Domain Admins and Project Admins should be mutually exclusive. ====&lt;br /&gt;
- Domain Admin + Project Admin is not supported &lt;br /&gt;
- Domain Admin + Project Member is not supported&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78731</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78731"/>
				<updated>2015-04-30T23:34:14Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Domain Support (Work In Progress) ==&lt;br /&gt;
&lt;br /&gt;
=== Use Cases ===&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
=== Best Practices ===&lt;br /&gt;
&lt;br /&gt;
==== Keystone v3 policy files ==== &lt;br /&gt;
 Horizon should use the same keystone v3 policy file as the keystone API&lt;br /&gt;
&lt;br /&gt;
==== An new admin domain should be created ====&lt;br /&gt;
 - Cloud Admin should have an admin role in a domain specifically created for Identity management of the system.&lt;br /&gt;
 - Non-Cloud Admin users should not have a role on the default admin domain&lt;br /&gt;
&lt;br /&gt;
==== Project Admin should be avoided ==== &lt;br /&gt;
 Cloud Admin and Domain Admin are the preferred &amp;quot;admin&amp;quot; personas in the context of domains&lt;br /&gt;
&lt;br /&gt;
==== Avoid mixing User Type roles ====&lt;br /&gt;
 - Domain Admin + Project Member is not supported&lt;br /&gt;
 - Domain Admin + Project Admin is not supported&lt;br /&gt;
&lt;br /&gt;
=== Definitions ===&lt;br /&gt;
&lt;br /&gt;
==== User Types / Personas ====&lt;br /&gt;
&lt;br /&gt;
===== Cloud Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the ‘default’ domain. This is assuming that user have the ‘admin’ role assigned to him for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Domain Admin ===== &lt;br /&gt;
 domain-scoped token, scoped to the given domain. This is assuming that user have the ‘admin’ role assigned to him for the given domain. Cloud Admin is also the Domain Admin for the ‘default’ domain.&lt;br /&gt;
&lt;br /&gt;
===== Project Admin ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
===== Project User ===== &lt;br /&gt;
 project-scoped token, scoped to the given project. This is assuming that user have at least one role assigned to him for the given project. Project User is also Project Admin only if user also have the ‘admin’ role assigned to him for the given project.&lt;br /&gt;
&lt;br /&gt;
''Note:'' &lt;br /&gt;
 Domain-scoped token should NOT have access to Nova. Only project-scoped token have access to the services. Cloud Admin and Domain Admin are Keystone-specific personas and therefore only have access to Keystone APIs.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78730</id>
		<title>Horizon/DomainSupport</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainSupport&amp;diff=78730"/>
				<updated>2015-04-30T23:05:36Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: Created page with &amp;quot;'''Domain Support (Work In Progress)'''  '''Use Cases'''  - LDAP, AD, MySQL support  '''Best Practices'''  - Use the same policy files all around  - Create a separate domain a...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''Domain Support (Work In Progress)'''&lt;br /&gt;
&lt;br /&gt;
'''Use Cases'''&lt;br /&gt;
 - LDAP, AD, MySQL support&lt;br /&gt;
&lt;br /&gt;
'''Best Practices'''&lt;br /&gt;
 - Use the same policy files all around&lt;br /&gt;
 - Create a separate domain as the default Admin domain&lt;br /&gt;
 - Discourage use of Project Admin&lt;br /&gt;
 - Discourage use of Mixed roles (Domain Admin + Project Member)&lt;br /&gt;
&lt;br /&gt;
'''Definitions'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Known Issues'''&lt;br /&gt;
 - Mixing Domain Admin + Project Admin&lt;br /&gt;
 - Creating Members in the Default Admin domain&lt;br /&gt;
 - Project Admin, hide Admin Dash on purpose&lt;br /&gt;
&lt;br /&gt;
'''Horizon Bugs'''&lt;br /&gt;
 - luigi (project member, invalid Catalog Service:compute)&lt;br /&gt;
 - list_role_assignments (pure domain admin)&lt;br /&gt;
 - Group manange members (pure domain admin)&lt;br /&gt;
 - Project details (pure project admin, member)&lt;br /&gt;
 - checkboxes and actions when no actions available (member)&lt;br /&gt;
&lt;br /&gt;
'''Next Steps'''&lt;br /&gt;
 - DOA patch&lt;br /&gt;
 - Keystone patch&lt;br /&gt;
 - Fix Horzon Bugs&lt;br /&gt;
 - UX/UI - project picker, set domain context changes &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Test Cases'''&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
'''Future'''&lt;br /&gt;
 - angular goodness&lt;br /&gt;
 - persona driven workflows&lt;br /&gt;
 - keystone changes&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=74662</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=74662"/>
				<updated>2015-02-27T21:25:09Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* keystone v3 */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Dig the admin token out of keystone.conf&lt;br /&gt;
  grep -i 'admin_token' /etc/keystone/keystone.conf&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
Note:  If you are having trouble finding the ADMIN_ROLE_ID, you can find it with this command:&lt;br /&gt;
  mysql -D keystone -e 'select id from role where name = &amp;quot;admin&amp;quot;;'&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
Remember:  He who laughs last had a backup!&lt;br /&gt;
&lt;br /&gt;
old:&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
new:&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
Copy the keystone devstack's policy file: /etc/keyston/policy.json into your horizon directory:&lt;br /&gt;
horizon/openstack_dashboard/conf/keystone_policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Determine the default role name:&lt;br /&gt;
  mysql -D keystone -e 'select name from role where name like &amp;quot;%ember&amp;quot;;'&lt;br /&gt;
In my case it has changed from &amp;quot;_member_&amp;quot; to &amp;quot;Member&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = &amp;quot;Member&amp;quot;&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'&lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
 POLICY_FILES = {&lt;br /&gt;
 #'identity': 'keystone_policy.json',&lt;br /&gt;
 'identity': 'keystone_policy.v3cloudsample.json',&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== horizon ====&lt;br /&gt;
You'll need to pull down this patch in your horizon repo for horizon to understand multi-domain setups.&lt;br /&gt;
https://review.openstack.org/#/c/148082/&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
 TODO(esp): Add use cases for Cloud Admin and Domain Admin&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
==== Set up the cloud admin user ====&lt;br /&gt;
* Convert the admin user to be a Cloud Admin&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/&amp;lt;DEFAULT DOMAIN&amp;gt;/users/&amp;lt;ADMIN USER ID&amp;gt;/roles/&amp;lt;ADMIN ROLE ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72236</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72236"/>
				<updated>2015-01-22T19:14:38Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Authenticate to keystone and retrieve admin token from the v2 API&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
 TODO(esp): Add use cases for Cloud Admin and Domain Admin&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72235</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72235"/>
				<updated>2015-01-22T19:14:06Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Users */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Authenticate to keystone and retrieve admin token from the v2 API&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
TODO(esp): Add use cases for Cloud Admin and Domain Admin&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72229</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72229"/>
				<updated>2015-01-22T18:23:39Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Cloud Admin impersonates a Domain or switches Domain context */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Authenticate to keystone and retrieve admin token from the v2 API&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72119</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72119"/>
				<updated>2015-01-20T23:38:17Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* keystone policy.json file */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Authenticate to keystone and retrieve admin token from the v2 API&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72118</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72118"/>
				<updated>2015-01-20T23:37:10Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Cloud Admin account in keystone */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
* Authenticate to keystone and retrieve admin token from the v2 API&lt;br /&gt;
* Grant the admin access to the cloud admin domain&lt;br /&gt;
  curl -s -H &amp;quot;X-Auth-Token: &amp;lt;TOKEN&amp;gt;&amp;quot; -X PUT http://127.0.0.1:5000/v3/domains/default/users/&amp;lt;ADMIN_ID&amp;gt;/roles/&amp;lt;ADMIN_ROLE_ID&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72117</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72117"/>
				<updated>2015-01-20T23:32:15Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
If a user has an 'admin' role and access to the Cloud Admin domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72116</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72116"/>
				<updated>2015-01-20T23:27:16Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* keystone policy.json file */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
 ...&lt;br /&gt;
 # use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72115</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=72115"/>
				<updated>2015-01-20T23:26:32Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json&lt;br /&gt;
 ... &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:admin_domain_id&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
 ...&lt;br /&gt;
# use 'default' or whatever your cloud admin domain id is &lt;br /&gt;
 &amp;quot;cloud_admin&amp;quot;: &amp;quot;rule:admin_required and domain_id:default&amp;quot;,&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71676</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71676"/>
				<updated>2015-01-13T00:47:47Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin sets a Domain Context ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin Logs in ====&lt;br /&gt;
[[File:1. Log In.png]]&lt;br /&gt;
==== Cloud Admin navigates to the Identity Dashboard and Domain panel ====&lt;br /&gt;
[[File:2. Identity-Domains.png]]&lt;br /&gt;
==== Cloud Admin impersonates a Domain or switches Domain context ====&lt;br /&gt;
[[File:3. Set Domain Context.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:3._Set_Domain_Context.png&amp;diff=71674</id>
		<title>File:3. Set Domain Context.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:3._Set_Domain_Context.png&amp;diff=71674"/>
				<updated>2015-01-13T00:41:49Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:2._Identity-Domains.png&amp;diff=71673</id>
		<title>File:2. Identity-Domains.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:2._Identity-Domains.png&amp;diff=71673"/>
				<updated>2015-01-13T00:39:25Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:1._Log_In.png&amp;diff=71672</id>
		<title>File:1. Log In.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:1._Log_In.png&amp;diff=71672"/>
				<updated>2015-01-13T00:38:58Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71671</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71671"/>
				<updated>2015-01-13T00:36:28Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Workflow 1. Cloud Admin creates a new Domain and Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin creates a new Domain and Resources ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71669</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71669"/>
				<updated>2015-01-13T00:34:00Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* Workflow 1. Cloud Admin creates a new Domain and Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin creates a new Domain and Resources ===&lt;br /&gt;
[[File:Switch-domain-workflow-1.png|frameless]]&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Switch-domain-workflow-1.png&amp;diff=71667</id>
		<title>File:Switch-domain-workflow-1.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Switch-domain-workflow-1.png&amp;diff=71667"/>
				<updated>2015-01-13T00:32:24Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71666</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71666"/>
				<updated>2015-01-13T00:27:26Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;br /&gt;
&lt;br /&gt;
=== Workflow 1. Cloud Admin creates a new Domain and Resources ===&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71665</id>
		<title>Horizon/DomainWorkFlow</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Horizon/DomainWorkFlow&amp;diff=71665"/>
				<updated>2015-01-13T00:24:26Z</updated>
		
		<summary type="html">&lt;p&gt;Dan Nguyen: /* keystone v3 */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Intro ==&lt;br /&gt;
 This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.&lt;br /&gt;
&lt;br /&gt;
=== Prerequisites ===&lt;br /&gt;
==== devstack ====&lt;br /&gt;
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.&lt;br /&gt;
&lt;br /&gt;
==== keystone policy.json file====&lt;br /&gt;
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file:&lt;br /&gt;
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json&lt;br /&gt;
&lt;br /&gt;
==== memcached ====&lt;br /&gt;
*Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)&lt;br /&gt;
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)&lt;br /&gt;
*Horizon needs to be configured to use memcached&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 # We recommend you use memcached for development; otherwise after every reload&lt;br /&gt;
 # of the django development server, you will have to login again. To use&lt;br /&gt;
 # memcached set CACHES to something like&lt;br /&gt;
 CACHES = {&lt;br /&gt;
    'default': {&lt;br /&gt;
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',&lt;br /&gt;
        'LOCATION': '127.0.0.1:11211',&lt;br /&gt;
    }&lt;br /&gt;
 }&lt;br /&gt;
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== keystone v3  ====&lt;br /&gt;
Horizon needs to be configured to use keystone v3 and multi domain support&lt;br /&gt;
&lt;br /&gt;
local_settings.py&lt;br /&gt;
 ...&lt;br /&gt;
 OPENSTACK_API_VERSIONS = { &amp;quot;identity&amp;quot;: 3, }&lt;br /&gt;
 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True &lt;br /&gt;
 OPENSTACK_KEYSTONE_URL = &amp;quot;http://%s:5000/v3&amp;quot; % OPENSTACK_HOST&lt;br /&gt;
 ...&lt;br /&gt;
&lt;br /&gt;
==== django-openstack-auth ====&lt;br /&gt;
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session.&lt;br /&gt;
https://review.openstack.org/#/c/141153/&lt;br /&gt;
&lt;br /&gt;
==== Cloud Admin account in keystone ====&lt;br /&gt;
One way to enable this account to grant your admin user access to the 'default' domain.&lt;br /&gt;
If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Users ===&lt;br /&gt;
This page only considers three users&lt;br /&gt;
* Cloud Admin&lt;br /&gt;
* Domain Admin&lt;br /&gt;
* User (_member_ role)&lt;/div&gt;</summary>
		<author><name>Dan Nguyen</name></author>	</entry>

	</feed>