OSM Multi-tenancy: Difference between revisions

From OSM Public Wiki
Jump to: navigation, search
m (initial skeleton)
Line 9: Line 9:


==Enabling PAM authentication==
==Enabling PAM authentication==
PAM can use a local user database, as well as external ones, like for example LDAP.  This example covers the interaction with a local user database only.
1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"
...
# set this to any options you want passed to launchpad.py
LP_OPTS=" --start-pam-svc "
...
2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)
rm -rf /usr/rift/var/rift
3. Restart the service
systemctl stop launchpad
systemctl start launchpad
4. Create the local user database inside the SO container
adduser user_a
...
adduser user_b
...


==Managing SO Projects==
==Managing SO Projects==

Revision as of 19:21, 26 January 2018

This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.

The required steps are:

  • Enable PAM authentication at SO, to support multiple users.
  • Create the required users and projects in SO, assigning the required privileges.
  • Map each SO project with a new RO tenant, with its corresponding VIMs.
  • [Optional] Create a separate Juju controller for each SO project.


Enabling PAM authentication

PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.

1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc"

...
# set this to any options you want passed to launchpad.py
LP_OPTS=" --start-pam-svc "
...

2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.)

rm -rf /usr/rift/var/rift

3. Restart the service

systemctl stop launchpad
systemctl start launchpad

4. Create the local user database inside the SO container

adduser user_a
...
adduser user_b
...

Managing SO Projects

Managing RO Tenants

Working with multiple Juju controllers

[work in progress]