<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>Hi Vikas,</div>
<div><br>
</div>
<div>> >The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal</div>
<div>
<p dir="ltr">> >server then Kuryr already support this. (by tenant credential configuration)<br>
> <br>
> I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on <br>
> the bare-metal server, it need admin account… <br>
<br>
</p>
<p dir="ltr">> Vikas-- If kuryr is configured with admin credentials same credentials will be passed to neutron client APIs and thus eventually to openvswitch agent.<br>
> Can you please elaborate "need admin account"?<br>
</p>
</div>
<div>Let me try to make me clear:</div>
<div>AFAIK, docker runs in Bare-metal Server case, we need to install kuryr and neutron-openvswitch-agent in the bare metal server.</div>
<div>We can configure tenant account in this kuryr. And I think all the neutron resource which created in this server will belong this tenant(not admin tenant).</div>
<div>But in neutron-openvswitch-agent, we still need to configure admin account in keystone_authtoken:</div>
<div>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;">
[keystone_authtoken]</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# auth_host = 127.0.0.1</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# auth_port = 35357</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# auth_protocol = http</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# admin_tenant_name = %SERVICE_TENANT_NAME%</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# admin_user = %SERVICE_USER%</p>
<p style="margin: 0px; font-size: 12px; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);">
# admin_password = %SERVICE_PASSWORD%</p>
</div>
<div><br>
</div>
<div>And the tenant can login the bare metal server directly, it is not good to configure this kind of things on this server.</div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Liping Mao</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Vikas Choudhary <<a href="mailto:choudharyvikas16@gmail.com">choudharyvikas16@gmail.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>2016年1月27日 星期三 上午10:57<br>
<span style="font-weight:bold">To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant<br>
</div>
<div><br>
</div>
<div>
<div>
<p dir="ltr"><br>
On 26 Jan 2016 13:30, "Liping Mao (limao)" <<a href="mailto:limao@cisco.com">limao@cisco.com</a>> wrote:<br>
><br>
> Hi Gal,<br>
><br>
> Thanks for your answer. <br>
><br>
> >The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal<br>
> >server then Kuryr already support this. (by tenant credential configuration)<br>
> <br>
> I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on <br>
> the bare-metal server, it need admin account… <br>
<br>
</p>
<p dir="ltr">Vikas-- If kuryr is configured with admin credentials same credentials will be passed to neutron client APIs and thus eventually to openvswitch agent.<br>
Can you please elaborate "need admin account"?<br>
</p>
<p dir="ltr">Thanks<br>
Vikas</p>
<p dir="ltr">> Thanks.<br>
><br>
> Regards,<br>
> Liping Mao<br>
><br>
> From: Gal Sagie <<a href="mailto:gal.sagie@gmail.com">gal.sagie@gmail.com</a>><br>
> Reply-To: OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
> Date: 2016年1月26日 星期二 下午12:47<br>
><br>
> To: OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
> Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant<br>
><br>
> Hi Liping Mao,<br>
><br>
> The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal<br>
> server then Kuryr already support this. (by tenant credential configuration)<br>
><br>
> If what i think you mean, and thats running multi tenants on the same bare-metal then the problem<br>
> here is that Docker and Kubernetes doesnt support something like that either (mostly for security reasons) and<br>
> the networking is just part of it (Which is what Kuryr focus on).<br>
> For this, you usually pick with what Magnum offer and thats running containers inside tenant VMs.<br>
><br>
> However, there are some interesting technologies and open source projects which enable<br>
> something like that and we are evaluating them, its definitely a long term goal for us.<br>
><br>
><br>
><br>
> On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) <<a href="mailto:limao@cisco.com">limao@cisco.com</a>> wrote:<br>
>><br>
>> Thanks Mohammad for your clear explanation.<br>
>> Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now? <br>
>><br>
>> Thanks.<br>
>><br>
>> Regards,<br>
>> Liping Mao<br>
>><br>
>><br>
>> From: Mohammad Banikazemi <<a href="mailto:mb@us.ibm.com">mb@us.ibm.com</a>><br>
>> Reply-To: OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
>> Date: 2016年1月26日 星期二 上午2:35<br>
>> To: OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
>> Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant<br>
>><br>
>> Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or
wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.<br>
>><br>
>> Best,<br>
>><br>
>> Mohammad<br>
>><br>
>><br>
>> "Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur<br>
>><br>
>> From: "Liping Mao (limao)" <<a href="mailto:limao@cisco.com">limao@cisco.com</a>><br>
>> To: "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
>> Date: 01/25/2016 06:39 AM<br>
>> Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant<br>
>><br>
>> ________________________________<br>
>><br>
>><br>
>><br>
>> Hi Kuryr guys,<br>
>><br>
>> I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.<br>
>> Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?<br>
>><br>
>> Thanks for your help and any help would be appreciated.<br>
>><br>
>> Regards,<br>
>> Liping Mao__________________________________________________________________________<br>
>> OpenStack Development Mailing List (not for usage questions)<br>
>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
>><br>
>><br>
>><br>
>> __________________________________________________________________________<br>
>> OpenStack Development Mailing List (not for usage questions)<br>
>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
>><br>
><br>
><br>
><br>
> -- <br>
> Best Regards ,<br>
><br>
> The G.<br>
><br>
> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
</p>
</div>
</div>
</span>
</body>
</html>