OSM Multi-tenancy: Difference between revisions

This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.

The required steps are:

• Enable PAM authentication at SO, to support multiple users.
• Create the required users and projects in SO, assigning the required privileges.
• Map each SO project with a new RO tenant, with its corresponding VIMs.
• [Optional] Create a separate Juju controller for each SO project.

Prerequisites

Since all the existing data will be cleared from SO as part of enabling PAM authentication, be sure to:

1. Backup any relevant descriptors.

2. Delete any existing instances.

3. Retrieve the current config-agent password, using the OSM client:

osm config-agent list

Enabling PAM authentication

PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.

1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"

...
# set this to any options you want passed to launchpad.py
LP_OPTS=" --start-pam-svc "
...

2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)

rm -rf /usr/rift/var/rift

3. Restart the service

systemctl stop launchpad
systemctl start launchpad

4. Create the local user database inside the SO container

adduser user_a
...
adduser user_b
...

Managing SO Projects

From the UI, go to Administration --> User Management, and clic on Add User.

Fill the form with the users created at the previous stage, making sure to specify 'localhost' in the 'DOMAIN' field.

Managing RO Tenants

Working with multiple Juju controllers

[work in progress]