[Openstack-operators] keystone tenants vs. nova projects.
trapni at gmail.com
Fri May 25 13:19:31 UTC 2012
On Fri, May 25, 2012 at 3:16 PM, Lorin Hochstein
<lorin at nimbisservices.com>wrote:
> On May 25, 2012, at 4:02 AM, Christian Parpart wrote:
> Am 24.05.2012 20:43 schrieb "Lorin Hochstein" <lorin at nimbisservices.com>:
> > On May 24, 2012, at 2:39 PM, Christian Parpart wrote:
> >> On Thu, May 10, 2012 at 11:49 PM, Christian Parpart <trapni at gmail.com>
> >>> Hey all,
> >>> I am wondering how these two terms are related with each other.
> >>> I now know, that both terms are (kind of) interchangeable, however,
> >>> I wonder why then we have two database tables (keystone.tenants
> >>> and nova.projects) for the same thing, or, I have to actively populate
> >>> the latter to make actual use of it from within the dashboard / nova.
> >>> Can anyone please fix my misinterpretion, or clarify, why I (as an
> >>> need to explicitly invoke `nova-manage project create .... && ... add
> >> nobody?
> >> I still can't distinguish here, even though I am working with OpenStack
> for quite a few weeks now :-(
> >> Best regards,
> >> Christian.
> > It's a legacy thing. The initial implementation of nova (before
> keystone) implemented its own authorization and had "projects". When
> keystone was implemented it called these "tenants" instead, and nobody ever
> went through the nova code and did a search and replace.
> Hey, many thanks for this clarificarion. :-)
> Can you please give me an advice on how to handly rhis situation for the
> time being?
> Does nova play nicely and know what i mean unless i create the record on
> both tables, or how should i handle it in essex?
> Many thanks,
> You should not need to use "nova-manage project create" in Essex,
> projects/tenants are managed entirely by keystone, and nova will retrieve
> the tenant info from keystone as needed. Just use the tenant id when you
> need to specify a project id in a nova command.
> (Note: I'm not sure if this applies if you're using Quantum, since I don't
> think Quantum has been fully integrated with Keystone yet. Quantum is the
> in-development next generation version of nova-network).
I am using nova-network in our production environment and will stay this
way for at least until we've stabilized our OpenStack environment and
Quantum went into production-mode.
I'll play with Quantum privately once I got around my kumbu errors, soon,
Both answers have been very helpful to me, so many thanks for your reply.
Have a nice weekend,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack-operators