Difference between revisions of "Horizon/DomainWorkFlow"
< Horizon
Dan Nguyen (talk | contribs) m |
Dan Nguyen (talk | contribs) m |
||
Line 3: | Line 3: | ||
=== Prerequisites === | === Prerequisites === | ||
− | |||
==== devstack ==== | ==== devstack ==== | ||
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon. | You'll need to have keystone running in a VM or somewhere you can reach it from Horizon. | ||
Line 15: | Line 14: | ||
*The memcached client library needs to be installed in horizon's venv (python-memcached==1.53) | *The memcached client library needs to be installed in horizon's venv (python-memcached==1.53) | ||
*Horizon needs to be configured to use memcached | *Horizon needs to be configured to use memcached | ||
+ | |||
+ | local_settings.py | ||
+ | ... | ||
+ | # We recommend you use memcached for development; otherwise after every reload | ||
+ | # of the django development server, you will have to login again. To use | ||
+ | # memcached set CACHES to something like | ||
+ | CACHES = { | ||
+ | 'default': { | ||
+ | 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', | ||
+ | 'LOCATION': '127.0.0.1:11211', | ||
+ | } | ||
+ | } | ||
+ | SESSION_ENGINE = 'django.contrib.sessions.backends.cache' | ||
+ | ... | ||
==== keystone v3 ==== | ==== keystone v3 ==== | ||
Line 24: | Line 37: | ||
==== Cloud Admin account in keystone ==== | ==== Cloud Admin account in keystone ==== | ||
+ | One way to enable this account to grant your admin user access to the 'default' domain. | ||
+ | If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin. | ||
+ | |||
+ | |||
+ | === Users === | ||
+ | This page only considers three users | ||
+ | * Cloud Admin | ||
+ | * Domain Admin | ||
+ | * User (_member_ role) |
Revision as of 00:22, 13 January 2015
Contents
Intro
This wiki describes how to enable Domain Scoped Token support in Horizon and how to navigate the existing work flows.
Prerequisites
devstack
You'll need to have keystone running in a VM or somewhere you can reach it from Horizon.
keystone policy.json file
You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file: https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json
memcached
- Memcached should be installed and running (perhaps on the same host as horizon to keep things simple)
- The memcached client library needs to be installed in horizon's venv (python-memcached==1.53)
- Horizon needs to be configured to use memcached
local_settings.py
... # We recommend you use memcached for development; otherwise after every reload # of the django development server, you will have to login again. To use # memcached set CACHES to something like CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } SESSION_ENGINE = 'django.contrib.sessions.backends.cache' ...
keystone v3
Horizon needs to be configured
django-openstack-auth
You'll need to pull down this patch to be able to retrieve a domain scoped token from the http session. https://review.openstack.org/#/c/141153/
Cloud Admin account in keystone
One way to enable this account to grant your admin user access to the 'default' domain. If a user has an 'admin' role and access to the 'default' domain then they are considered to be a Cloud Admin.
Users
This page only considers three users
- Cloud Admin
- Domain Admin
- User (_member_ role)