[Openstack-operators] keystone tenants vs. nova projects.

Lorin Hochstein lorin at nimbisservices.com
Fri May 25 13:16:27 UTC 2012


On May 25, 2012, at 4:02 AM, Christian Parpart wrote:

> 
> Am 24.05.2012 20:43 schrieb "Lorin Hochstein" <lorin at nimbisservices.com>:
> >
> >
> > On May 24, 2012, at 2:39 PM, Christian Parpart wrote:
> >
> >> On Thu, May 10, 2012 at 11:49 PM, Christian Parpart <trapni at gmail.com> wrote:
> >>>
> >>> Hey all,
> >>>
> >>> I am wondering how these two terms are related with each other.
> >>> I now know, that both terms are (kind of) interchangeable, however,
> >>> I wonder why then we have two database tables (keystone.tenants
> >>> and nova.projects) for the same thing, or, I have to actively populate
> >>> the latter to make actual use of it from within the dashboard / nova.
> >>>
> >>> Can anyone please fix my misinterpretion, or clarify, why I (as an admin)
> >>> need to explicitly invoke `nova-manage project create .... && ... add ..."?
> >>
> >>
> >> nobody?
> >>
> >> I still can't distinguish here, even though I am working with OpenStack for quite a few weeks now :-(
> >>
> >> Best regards,
> >> Christian.
> >
> >
> >
> > It's a legacy thing. The initial implementation of nova (before keystone) implemented its own authorization and had "projects". When keystone was implemented it called these "tenants" instead, and nobody ever went through the nova code and did a search and replace. 
> [...]
> 
> Hey, many thanks for this clarificarion. :-)
> 
> Can you please give me an advice on how to handly rhis situation for the time being?
> Does nova play nicely and know what i mean unless i create the record on both tables, or how should i handle it in essex?
> 
> Many thanks,
> Christian.
> 


You should not need to use  "nova-manage project create" in Essex, projects/tenants are managed entirely by keystone, and nova will retrieve the tenant info from keystone as needed. Just use the tenant id when you need to specify a project id in a nova command. 

(Note: I'm not sure if this applies if you're using Quantum, since I don't think Quantum has been fully integrated with Keystone yet. Quantum is the in-development next generation version of nova-network).

Take care,

Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20120525/51d99e11/attachment-0002.html>


More information about the Openstack-operators mailing list