AJNOURI
commented
7 years ago It looks like there is some operations that can be performed without specifying the domain argument
--domain {domain}, for example:
- list domains
- list projects
- list services
- list endpoints
- ...
But not listing users or assigning a role to a user, these need to be done by indicating the corresponding domain:
openstack user list
The request you have made requires authentication. (HTTP 401) (Request-ID: req-0064e8ea-d53e-480c-b790-c02d5db3386f)
openstack user list --domain default
+----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 7de845c81c414272ab91c1c033fdb2a7 | admin | | 73381ac4501348afbaaa36d71815d8b4 | demo | +----------------------------------+-------+
Afterward, the log could provide a hint when talking about "Couldn't find the auth context."
tail /var/log/keystone/keystone-wsgi-admin.log
2016-11-10 00:15:14.516 2182 WARNING keystone.common.utils [req-7545fec8-f5c0-4df4-8c3c-9836821fb93f - - - - -] Couldn't find the auth context. 2016-11-10 00:15:14.516 2182 WARNING keystone.common.wsgi [req-7545fec8-f5c0-4df4-8c3c-9836821fb93f - - - - -] Authorization failed. The request you have made requires authentication. from 10.0.2.11
On domain-specific Openstack installation (Liberty), following installation documentation: identity I can list all domains, projects, roles.
But cannot list users or assign a role "admin" to a user "admin" (during identity service installation)
openstack user listopenstack role add --project admin --user admin adminopenstack role add --domain default --user admin admin