Domains

A domain is a logical concept of a cloud management platform based on multi-tenancy. A domain contains a complete set of logical autonomy.

A domain is a logical concept of the cloud management platform based on multi-tenancy. A domain contains a complete set of logical autonomy, such as user authentication, permission management, project management, etc. which allows domain administrators to manage users, groups, projects, roles, and permissions within the domain in a fully autonomous manner based on the domain.

Domain Sources.

Synchronize the domain information on LDAP authentication sources.
Default default default domain based on sql authentication source is created by default after system deployment is completed, and new local domain based on sql authentication source is supported.

Entry: In the cloud management platform click the top left corner navigation menu, and click “IAM & Security/IAM/Domains” menu item in the left menu bar that pops up to enter the domains page.

Create Domains

This function is used to create a local domain based on sql authentication source.

Note

When the platform is not enabled for level 3 permissions, even if a new domain can be created, it will not work properly.

In the domain page, click the “Create” button at the top of the list to enter the new domain page.
Set the domain name, set the domain quota, including CPU, memory, storage, image, host, IP address, GPU, EIP, snapshot, bucket, object size, object number, security group, RDS instance, Redis instance, load balancing, cloud account, global VPC, group, permission, project, role, user, host, VPC quota.
Click the “Create” button at the top of the list to create the domain.

Adjust Quota

Description

Explanation of quota rules

Quota rules are generally divided into two parts, the first half is the application scope of the rule; the second half is the specific quota. Such as setting the number of servers in Alibaba Cloud platform 50, etc. There are also some rules that only have specific quotas, such as the number of cloud accounts, that is, the number of cloud accounts that are only allowed to be created under the domain.
Quota please fill in an integer number greater than 1 or a negative number (negative number means no limit)
When adding a quota rule, if the application scope of the new rule is duplicated with the existing rule, it will overwrite the existing rule
You can set multiple quota rules according to different conditions. When a resource is created with multiple quota rules, the one with the smallest number of quotas will be applied, e.g. the default host quota is 2, and Alibaba Cloud’s host quota limit is 5, so the number of hosts a user can create is 2.

Note

Domains do not support adjusting quotas when the platform does not have Three-level Resource Hierarchy enabled. The quota usage page will not be displayed.
When the platform is enabled for Three-level Resource Hierarchy, but the Global Settings - Quota Check switch is off, the domain does not support adjusting quota. The quota usage page will not be displayed.

On the domain page, click the “Adjust Quota” button on the right action bar of the domain to enter the Details - Quota Usage page.
The quota status is as follows.
- Server Quota: The default rule is the quota limit for the number of servers, number of CPUs, memory capacity, disk capacity, and GPU blocks under any conditions. Support to modify the specific quota number.
  - Add quota: If you need to restrict the conditions of platform, cloud account, subscription, region, zone, Server type, etc. click the Add_Quota button to add a new quota information and modify the conditions as well as the quota number, and click the “Save” button.
  - Modify quota: The default rule only supports modifying the quota number, other rules can modify the condition that is the quota number. Click the Modify button on the right column of the rule, modify the condition that is the quota number, click “Save” button.
  - Delete Quota: The default rule does not support deletion. Click the “Delete” button on the right column of the rule to delete a quota rule.
- Regional Quota: The default rule is the quota of IP address, EIP, snapshot, oss bucket, number of objects, object storage capacity, RDS instance, Redis instance, and load balancing instance under any conditions. Support modifying the specific quota number.
  - Add quota: If you need to restrict the conditions of platform, cloud account, subscription, region, etc. click the Add Quota button to add a new quota information and modify the conditions as well as the quota number, and click the “Save” button.
  - Modify quota: The default rule only supports modifying the number of quotas, other rules can modify the conditions that is the number of quotas. Click the Modify button on the right column of the rule, modify the condition that is the quota number, click “Save” button.
  - Delete Quota: The default rule does not support deletion. Click the “Delete” button on the right column of the rule to delete a quota rule.
- Project quota: Currently, only the security group quota is supported, and the specific quota number is supported to be modified.
- Image quota: The default rule is the number of images of any type, and supports modifying the specific quota number.
  - Add quota: If you want to limit the type of image, click the Add_Quota button, add a new quota information, and modify the conditions and the number of quotas, click the “Save” button.
  - Modify the quota: The default rule only supports modifying the quota number, other rules can modify the condition that is the quota number. Click the Modify button on the right column of the rule, modify the condition that is the quota number, click “Save” button.
  - Delete Quota: The default rule does not support deletion. Click the “Delete” button on the right column of the rule to delete a quota rule.
- Domain quota: Currently, only the quotas of cloud account and global VPC are supported, and the specific quota number is supported to be modified.
- Authentication quota: Currently only supports setting quotas for groups, permissions, projects, roles and users, and supports modifying the specific quota number.
- Infrastructure quota: The default rule is the number of hosts and VPCs under any conditions, and supports modifying the specific quota number.
  - Add quota: If you want to restrict the conditions of platform, cloud account, subscription, region, etc. click Add_Quota button to add a new quota information and modify the conditions as well as the quota number, click “Save” button.
  - Modify quota: The default rule only supports modifying the number of quotas, other rules can modify the conditions that is the number of quotas. Click the Modify button on the right column of the rule, modify the condition that is the quota number, click “Save” button.
  - Delete Quota: The default rule does not support deletion. Click the “Delete” button on the right column of the rule to delete a quota rule.

Enable Domain

This function is used to enable domains with “disabled” status.

Enable

On the domain page, click the “Enable” button on the right action bar of the “disabled” domain to bring up the action confirmation dialog.
Click the “OK” button to enable the domain.

Batch Enable.

Select one or more domains with “Disabled” status in the domain list, click “Enable” button to bring up the action confirmation dialog.
Click the “OK” button to enable the domains in batch.

Disable Domains

This function is used to disable the domain in “enabled” status. After disabling, users and groups cannot be created under the domain, and users under the domain cannot be used to log in to the cloud management platform. Please operate with caution.

Disable

On the domain page, click the “Disable” button on the right column of the domain with “Enabled” status to bring up the action confirmation dialog.
Click the “OK” button to disable the domain.

Batch Disable.

Select one or more “enabled” domains in the domain list, click the “Disable” button to bring up the action confirmation dialog.
Click “OK” button to disable the domains.

Delete Domain

This function is used to delete a domain. It can be deleted only when the domain is disabled and there are no users, projects and roles under the domain. default domain cannot be deleted.

Delete

On the domain page, click the “More” button on the right action bar of the disabled domain, select the drop-down menu “Delete” menu item to bring up the action confirmation dialog.
Click the “OK” button to complete the operation.

Batch Delete

Select one or more “disabled” domains in the domain list, click the “Delete” button at the top of the list to bring up the operation confirmation dialog.
Click “OK” button to finish the operation.

View Domain Details

This function is used to view the details of the domain.

Description

Resource statistics are not updated in real time, and the data is updated once every 15 minutes.
Click the Refresh button to refresh the resource statistics in real time.

On the domain page, click the domain name item to enter the domain details page.
The top menu item of the details page supports to manage the domain operations.
View the following information.
- Basic Information: Including Cloud ID, ID, name, status, domain, project, authentication source, enable status, created at, updated at, and description.
- Resource statistics: Including the number of VPCs, DNS resolution, authentication sources, projects, groups, users, permissions, roles under the domain.
- Multi-cloud management resource statistics: Including the number of cloud accounts, cloud users, cloud user groups, and agents under the domain.

View user information under the domain

This function is used to view the user information under the domain.

On the domain details page, click the “Users” tab to enter the users page.
View the user name, status and note information under the domain.

View item information under the domain

This function is used to view the project information under the domain.

In the domain details page, click the “Projects” tab to enter the projects page.
View the name and note information of the project under the domain.

View the role information under the domain

This function is used to view the role information under the domain.

In the Domain Details page, click the Roles tab to enter the Roles page.
View the name and notes of the roles under the domain.

View cloud account information under the domain

This feature is used to view the cloud account information in the domain. When there is an available cloud account under the domain, the users of the domain can use the cloud account to create servers in the public cloud, etc.

On the domain details page, click the “Cloud Accounts” tab to enter the cloud accounts page.
View the name, status, and note information of the cloud account under the domain.

View operation log

This feature is used to check the log information of domain related operations.

On the domain details page, click the “Operation Log” tab to enter the operation log page.
- Load More Logs: In the Operation Log page, the list shows 20 operation logs by default, if you want to view more operation logs, please click “Load More” button to get more log information.
- View Log Details: Click the “View” button on the right column of the operation log to view the log details. Copy details are supported.
- View logs of specified time period: If you want to view the operation logs of a certain time period, set the specific date in the start date and end date at the top right of the list to query the log information of the specified time period.
- Export logs: Currently, only the logs displayed on this page are supported to be exported. Click the upper-right corner of icon, set the export data column in the pop-up export data dialog, and click the “OK” button to export the logs.