CentOS 7.x Cloudstack 4.11 Terminology
Cloudstack has following non-infrastructure (non - hosts, pods, zone) terminology:
- Root administrator
- Root administrators have complete access to the system, including managing templates, service offerings, etc.
- Entire cloudstack resources can be divided into domains. Domains have tree structure. So it is possible to have root, root/internal, root/external etc. domains and all three can be used simultaneously. It is possible to repeat usernames across multiple domains.
- Domain administrator
- Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains.
- It is possible to group multiple accounts together. This can help in allowing all members (Accounts/users) of project to access resources created by other members of the same project. It also allows resource limiting based on project. Accounts/users can create resources as part of project or independently outside project. An account/user can belong to multiple projects.
- Resource limits can be tracked at account level (No. of public IPs, CPU, RAM, etc.). Accounts are as such lowest unit from resource tracking/ownership perspective. All users belong to account. Any resource created by user (eg VM) is actually owned by account. Users do not have any ownership.
- If only one user is created per account then users and account can be treated as same thing. However, it is possible to create multiple users for the account. This only provides multiple ways to authenticate for the account. All users in belonging to same account have same resources. The advantage of having users is that roles are assigned to users and not to accounts. So while one user belonging to an account can be resource admin other can be domain admin or normal user. Thus, only user with required privileges can performed required operations on their account.
- For roles, accounts, users and domains - http://docs.cloudstack.apache.org/en/184.108.40.206/adminguide/accounts.html
- For Projects - http://docs.cloudstack.apache.org/en/220.127.116.11/adminguide/projects.html