Keystone domains can be deleted if there are no users associated with them. If there are any users associated with the domain when trying to delete it, an error will be shown. In this example, we will show how to delete a domain that is no longer being used, called olddomain
.
Ensure that you are logged on to a correctly configured OpenStack client and can access the OpenStack environment as a user with admin privileges.
Refer to Chapter 2, The OpenStack Client, for details of setting up your environment to use OpenStack command-line client.
In order to delete a domain, execute the following commands:
olddomain
domain that we will be deleting:openstack user list --domain olddomain
This list should be empty before proceeding. If it is not, delete all the users before proceeding to the next step.
openstack domain set --disable olddomain
This command will have no output.
openstack domain delete olddomain
If successful, this command will have no output.
Deleting unnecessary domains requires that domains have no users associated with them.
Verify that there are no users attached to this domain:
openstack user list --domain <domain>
Deleting a domain requires that it first be disabled. A domain can be disabled even if there are users attached to it:
openstack domain set --disable <domain>
Only after a domain is disabled and no longer has any users associated with it, will you be able to delete a domain:
openstack domain delete <domain>
If you need to delete users, refer to the Deleting users recipe, earlier in this chapter.
18.226.165.70