OSM Multi-tenancy: Difference between revisions
From OSM Public Wiki
m (initial skeleton) |
|||
Line 9: | Line 9: | ||
==Enabling PAM authentication== | ==Enabling PAM authentication== | ||
PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only. | |||
1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc" | |||
... | |||
# set this to any options you want passed to launchpad.py | |||
LP_OPTS=" --start-pam-svc " | |||
... | |||
2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.) | |||
rm -rf /usr/rift/var/rift | |||
3. Restart the service | |||
systemctl stop launchpad | |||
systemctl start launchpad | |||
4. Create the local user database inside the SO container | |||
adduser user_a | |||
... | |||
adduser user_b | |||
... | |||
==Managing SO Projects== | ==Managing SO Projects== |
Revision as of 19:21, 26 January 2018
This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.
The required steps are:
- Enable PAM authentication at SO, to support multiple users.
- Create the required users and projects in SO, assigning the required privileges.
- Map each SO project with a new RO tenant, with its corresponding VIMs.
- [Optional] Create a separate Juju controller for each SO project.
Enabling PAM authentication
PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.
1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"
... # set this to any options you want passed to launchpad.py LP_OPTS=" --start-pam-svc " ...
2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)
rm -rf /usr/rift/var/rift
3. Restart the service
systemctl stop launchpad systemctl start launchpad
4. Create the local user database inside the SO container
adduser user_a ... adduser user_b ...
Managing SO Projects
Managing RO Tenants
Working with multiple Juju controllers
[work in progress]