OSM Multi-tenancy: Difference between revisions

From OSM Public Wiki
Jump to: navigation, search
mNo edit summary
Line 7: Line 7:
* [Optional] Create a separate Juju controller for each SO project.
* [Optional] Create a separate Juju controller for each SO project.


==Prerequisites==
Since all the existing data will be cleared from SO as part of enabling PAM authentication, be sure to:
1. Backup any relevant descriptors.
2. Delete any existing instances.
3. Retrieve the current config-agent password, using the OSM client:
osm config-agent list


==Enabling PAM authentication==
==Enabling PAM authentication==
Line 36: Line 48:


==Managing SO Projects==
==Managing SO Projects==
From the UI, go to Administration --> User Management, and clic on Add User.  Fill the form with the users created at the previous stage, making sure to specify 'localhost' in the 'DOMAIN' field.


==Managing RO Tenants==
==Managing RO Tenants==

Revision as of 19:29, 26 January 2018

This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.

The required steps are:

  • Enable PAM authentication at SO, to support multiple users.
  • Create the required users and projects in SO, assigning the required privileges.
  • Map each SO project with a new RO tenant, with its corresponding VIMs.
  • [Optional] Create a separate Juju controller for each SO project.


Prerequisites

Since all the existing data will be cleared from SO as part of enabling PAM authentication, be sure to:

1. Backup any relevant descriptors.

2. Delete any existing instances.

3. Retrieve the current config-agent password, using the OSM client:

osm config-agent list

Enabling PAM authentication

PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.

1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"

...
# set this to any options you want passed to launchpad.py
LP_OPTS=" --start-pam-svc "
...

2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)

rm -rf /usr/rift/var/rift

3. Restart the service

systemctl stop launchpad
systemctl start launchpad

4. Create the local user database inside the SO container

adduser user_a
...
adduser user_b
...

Managing SO Projects

From the UI, go to Administration --> User Management, and clic on Add User. Fill the form with the users created at the previous stage, making sure to specify 'localhost' in the 'DOMAIN' field.

Managing RO Tenants

Working with multiple Juju controllers

[work in progress]