Skip to content

Openstack domains

Users and Projects in OpenStack

In OpenStack, users and projects are assigned to specific domains. The following domains are available:

  • Default: Domain for users authenticated locally through the Keystone service.
  • PCSS: Domain for PCSS employees, authenticated through the corporate LDAP (ou=People,dc=man,dc=poznan,dc=pl,dc=world).
  • EOSC: Domain for users of the EOSC federation, authenticated through external IDPs.

Authentication via CLI/API Client

The project and user account may reside in different domains, which is important when authenticating with OpenStack services through the API and CLI tools. In the Horizon panel, it is possible to download an RC or YAML file containing all necessary information for authentication (API Access tab).

After downloading the RC file, you can check which domain a particular project belongs to. For example:

  • For the PCSS domain:

export OS_PROJECT_DOMAIN_ID="e5fab5684f3241d080e900d04ad06bb8"

  • For the Default domain:

export OS_PROJECT_DOMAIN_ID="default"

Information about the domain in which the user is located:

  • For the PCSS domain:

export OS_USER_DOMAIN_NAME="PCSS"

  • For the Default domain:

export OS_USER_DOMAIN_NAME="Default"