OSM Multi-tenancy

From OSM Public Wiki
Jump to: navigation, search

This is an experimental feature which allows to use a single instance of OSM for a set of different projects and users. Full support will be available in Release FOUR.

The required steps are:

  • Enable PAM authentication at SO, to support multiple users.
  • Create the required users and projects in SO, assigning the required privileges.
  • Map each SO project with a new RO tenant, with its corresponding VIMs.
  • [Optional] Create a separate Juju controller for each SO project.


Enabling PAM authentication

PAM can use a local user database, as well as external ones, like for example LDAP. This example covers the interaction with a local user database only.

1. Edit /usr/rift/etc/default/launchpad, replacing "--start-auth-svc" for "--start-pam-svc" 

...
# set this to any options you want passed to launchpad.py
LP_OPTS=" --start-pam-svc "
...

2. Clear the existing SO configuration, please note that this will delete all the data (descriptors, accounts, instances, etc.) 

rm -rf /usr/rift/var/rift

3. Restart the service 

systemctl stop launchpad
systemctl start launchpad

4. Create the local user database inside the SO container 

adduser user_a
...
adduser user_b
...

Managing SO Projects

Managing RO Tenants

Working with multiple Juju controllers

[work in progress]

Retrieved from "http:///wikipub/index.php?title=OSM_Multi-tenancy&oldid=2183"