diff --git a/manifests/keystone/domain.pp b/manifests/keystone/domain.pp
index 5d9a25d..3fa17fa 100644
--- a/manifests/keystone/domain.pp
+++ b/manifests/keystone/domain.pp
@@ -5,19 +5,48 @@
 # === Parameters
 #
 # [*cluster_user_trust*]
-#   enable creation of a user trust for clusters.  Defaults to $::os_service_default.
+#   enable creation of a user trust for clusters.
+#   Defaults to $::os_service_default.
 #
 # [*domain_name*]
-#   magnum domain name. Defaults to 'magnum'.
+#   magnum domain name.
+#   Defaults to 'magnum'.
+#
+# [*domain_id*]
+#   id of the domain to create trustee for clusters.
+#   Defaults to $::os_service_default.
 #
 # [*domain_admin*]
-#   Keystone domain admin user which will be created. Defaults to 'magnum_admin'.
+#   Keystone domain admin user which will be created.
+#   Defaults to 'magnum_admin'.
+#
+# [*domain_admin_id*]
+#   Id of the admin with roles sufficient to manage users in the trustee_domain.
+#   Defaults to $::os_service_default.
+#
+# [*domain_admin_domain_name*]
+#   Name of the domain admin user's domain.
+#   Defaults to $domain_name.
+#
+# [*domain_admin_domain_id*]
+#   Id of the domain admin user's domain.
+#   Defaults to $::os_service_default.
 #
 # [*domain_admin_email*]
-#   Keystone domain admin user email address. Defaults to 'magnum_admin@localhost'.
+#   Keystone domain admin user email address.
+#   Defaults to 'magnum_admin@localhost'.
 #
 # [*domain_password*]
-#   Keystone domain admin user password. Defaults to 'changeme'.
+#   Keystone domain admin user password.
+#   Defaults to 'changeme'.
+#
+# [*roles*]
+#   The roles which are delegated to the trustee by the trustor.
+#   Defaults to $::os_service_default.
+#
+# [*keystone_interface*]
+#   Auth interface used by instances/trustee.
+#   Defaults to 'public'.
 #
 # [*manage_domain*]
 #   Whether manage or not the domain creation.
@@ -34,14 +63,20 @@
 #   Defaults to 'true'.
 #
 class magnum::keystone::domain (
-  $cluster_user_trust = $::os_service_default,
-  $domain_name        = 'magnum',
-  $domain_admin       = 'magnum_admin',
-  $domain_admin_email = 'magnum_admin@localhost',
-  $domain_password    = 'changeme',
-  $manage_domain      = true,
-  $manage_user        = true,
-  $manage_role        = true,
+  $cluster_user_trust       = $::os_service_default,
+  $domain_name              = 'magnum',
+  $domain_id                = $::os_service_default,
+  $domain_admin             = 'magnum_admin',
+  $domain_admin_id          = $::os_service_default,
+  $domain_admin_email       = 'magnum_admin@localhost',
+  $domain_password          = 'changeme',
+  $domain_admin_domain_name = $::os_service_default,
+  $domain_admin_domain_id   = $::os_service_default,
+  $manage_domain            = true,
+  $manage_user              = true,
+  $manage_role              = true,
+  $roles                    = $::os_service_default,
+  $keystone_interface       = 'public'
 ) {
 
   include ::magnum::deps
@@ -73,10 +108,16 @@ class magnum::keystone::domain (
   }
 
   magnum_config {
-    'trust/cluster_user_trust':            value => $cluster_user_trust;
-    'trust/trustee_domain_name':           value => $domain_name;
-    'trust/trustee_domain_admin_name':     value => $domain_admin;
-    'trust/trustee_domain_admin_password': value => $domain_password, secret => true;
+    'trust/cluster_user_trust':                value => $cluster_user_trust;
+    'trust/trustee_domain_name':               value => $domain_name;
+    'trust/trustee_domain_id':                 value => $domain_id;
+    'trust/trustee_domain_admin_name':         value => $domain_admin;
+    'trust/trustee_domain_admin_id':           value => $domain_admin_id;
+    'trust/trustee_domain_admin_domain_name':  value => $domain_admin_domain_name;
+    'trust/trustee_domain_admin_domain_id':    value => $domain_admin_domain_id;
+    'trust/trustee_domain_admin_password':     value => $domain_password, secret => true;
+    'trust/roles':                             value => $roles;
+    'trust/trustee_keystone_interface':        value => $keystone_interface;
   }
 
 }
diff --git a/releasenotes/notes/add-trustee-options-a5377495406328bb.yaml b/releasenotes/notes/add-trustee-options-a5377495406328bb.yaml
new file mode 100644
index 0000000..b7f6cbb
--- /dev/null
+++ b/releasenotes/notes/add-trustee-options-a5377495406328bb.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Add domain_id, domain_admin_id, domain_admin_domain_name, domain_admin_domain_id,
+    roles, keystone_interface parameters in magnum::keystone::domain to manage related
+    options in [trust] section.
diff --git a/spec/classes/magnum_keystone_domain_spec.rb b/spec/classes/magnum_keystone_domain_spec.rb
index 5f12ce5..62149f6 100644
--- a/spec/classes/magnum_keystone_domain_spec.rb
+++ b/spec/classes/magnum_keystone_domain_spec.rb
@@ -3,11 +3,17 @@ require 'spec_helper'
 describe 'magnum::keystone::domain' do
 
   let :params do {
-    :cluster_user_trust => true,
-    :domain_name        => 'magnum',
-    :domain_admin       => 'magnum_admin',
-    :domain_admin_email => 'magnum_admin@localhost',
-    :domain_password    => 'domain_passwd'
+    :cluster_user_trust       => true,
+    :domain_name              => 'magnum',
+    :domain_id                => '16264508d9b6476da952a3971ca9d4b4',
+    :domain_admin             => 'magnum_admin',
+    :domain_admin_id          => '16264508d9b6476da952a3971ca9d4b4',
+    :domain_admin_domain_name => 'magnum',
+    :domain_admin_domain_id   => '16264508d9b6476da952a3971ca9d4b4',
+    :domain_admin_email       => 'magnum_admin@localhost',
+    :domain_password          => 'domain_passwd',
+    :roles                    => 'admin,',
+    :keystone_interface       => 'public'
     }
   end
 
@@ -15,9 +21,15 @@ describe 'magnum::keystone::domain' do
     it 'configure magnum.conf' do
       is_expected.to contain_magnum_config('trust/cluster_user_trust').with_value(params[:cluster_user_trust])
       is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin])
+      is_expected.to contain_magnum_config('trust/trustee_domain_admin_id').with_value(params[:domain_admin_id])
       is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
       is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)
+      is_expected.to contain_magnum_config('trust/trustee_domain_admin_domain_name').with_value(params[:domain_admin_domain_name])
+      is_expected.to contain_magnum_config('trust/trustee_domain_admin_domain_id').with_value(params[:domain_admin_domain_id])
       is_expected.to contain_magnum_config('trust/trustee_domain_name').with_value(params[:domain_name])
+      is_expected.to contain_magnum_config('trust/trustee_domain_id').with_value(params[:domain_id])
+      is_expected.to contain_magnum_config('trust/roles').with_value(params[:roles])
+      is_expected.to contain_magnum_config('trust/trustee_keystone_interface').with_value(params[:keystone_interface])
     end
 
     it 'should create keystone domain' do