OSM Multi-tenancy: Difference between revisions
mNo edit summary |
|||
| Line 7: | Line 7: | ||
* [Optional] Create a separate Juju controller for each SO project. | * [Optional] Create a separate Juju controller for each SO project. | ||
==Prerequisites== | |||
Since all the existing data will be cleared from SO as part of enabling PAM authentication, be sure to: | |||
1. Backup any relevant descriptors. | |||
2. Delete any existing instances. | |||
3. Retrieve the current config-agent password, using the OSM client: | |||
osm config-agent list | |||
==Enabling PAM authentication== | ==Enabling PAM authentication== | ||
| Line 36: | Line 48: | ||
==Managing SO Projects== | ==Managing SO Projects== | ||
From the UI, go to Administration --> User Management, and clic on Add User. Fill the form with the users created at the previous stage, making sure to specify 'localhost' in the 'DOMAIN' field. | |||
==Managing RO Tenants== | ==Managing RO Tenants== | ||
Revision as of 19:29, 26 January 2018
This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.
The required steps are:
- Enable PAM authentication at SO, to support multiple users.
- Create the required users and projects in SO, assigning the required privileges.
- Map each SO project with a new RO tenant, with its corresponding VIMs.
- [Optional] Create a separate Juju controller for each SO project.
Prerequisites
Since all the existing data will be cleared from SO as part of enabling PAM authentication, be sure to:
1. Backup any relevant descriptors.
2. Delete any existing instances.
3. Retrieve the current config-agent password, using the OSM client:
osm config-agent list
Enabling PAM authentication
PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.
1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"
... # set this to any options you want passed to launchpad.py LP_OPTS=" --start-pam-svc " ...
2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)
rm -rf /usr/rift/var/rift
3. Restart the service
systemctl stop launchpad systemctl start launchpad
4. Create the local user database inside the SO container
adduser user_a ... adduser user_b ...
Managing SO Projects
From the UI, go to Administration --> User Management, and clic on Add User. Fill the form with the users created at the previous stage, making sure to specify 'localhost' in the 'DOMAIN' field.
Managing RO Tenants
Working with multiple Juju controllers
[work in progress]