[Openstack-operators] keystone tenants vs. nova projects.

Christian Parpart trapni at gmail.com
Fri May 25 13:19:31 UTC 2012


On Fri, May 25, 2012 at 3:16 PM, Lorin Hochstein
<lorin at nimbisservices.com>wrote:

>
> On May 25, 2012, at 4:02 AM, Christian Parpart wrote:
>
>
> Am 24.05.2012 20:43 schrieb "Lorin Hochstein" <lorin at nimbisservices.com>:
> >
> >
> > On May 24, 2012, at 2:39 PM, Christian Parpart wrote:
> >
> >> On Thu, May 10, 2012 at 11:49 PM, Christian Parpart <trapni at gmail.com>
> wrote:
> >>>
> >>> Hey all,
> >>>
> >>> I am wondering how these two terms are related with each other.
> >>> I now know, that both terms are (kind of) interchangeable, however,
> >>> I wonder why then we have two database tables (keystone.tenants
> >>> and nova.projects) for the same thing, or, I have to actively populate
> >>> the latter to make actual use of it from within the dashboard / nova.
> >>>
> >>> Can anyone please fix my misinterpretion, or clarify, why I (as an
> admin)
> >>> need to explicitly invoke `nova-manage project create .... && ... add
> ..."?
> >>
> >>
> >> nobody?
> >>
> >> I still can't distinguish here, even though I am working with OpenStack
> for quite a few weeks now :-(
> >>
> >> Best regards,
> >> Christian.
> >
> >
> >
> > It's a legacy thing. The initial implementation of nova (before
> keystone) implemented its own authorization and had "projects". When
> keystone was implemented it called these "tenants" instead, and nobody ever
> went through the nova code and did a search and replace.
> [...]
>
> Hey, many thanks for this clarificarion. :-)
>
> Can you please give me an advice on how to handly rhis situation for the
> time being?
> Does nova play nicely and know what i mean unless i create the record on
> both tables, or how should i handle it in essex?
>
> Many thanks,
> Christian.
>
>
> You should not need to use  "nova-manage project create" in Essex,
> projects/tenants are managed entirely by keystone, and nova will retrieve
> the tenant info from keystone as needed. Just use the tenant id when you
> need to specify a project id in a nova command.
>
> (Note: I'm not sure if this applies if you're using Quantum, since I don't
> think Quantum has been fully integrated with Keystone yet. Quantum is the
> in-development next generation version of nova-network).
>

I am using nova-network in our production environment and will stay this
way for at least until we've stabilized our OpenStack environment and
Quantum went into production-mode.
I'll play with Quantum privately once I got around my kumbu errors, soon,
however. :)

Both answers have been very helpful to me, so many thanks for your reply.

Have a nice weekend,
Christian Parpart.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20120525/87330566/attachment-0002.html>


More information about the Openstack-operators mailing list