[Openstack] How should an instance learn what tenant it is in?

Max Tkach maxtkach at gmail.com
Wed Jun 17 15:01:38 UTC 2015


Andrew,
We do that using the metadata information of the instance. We pass
information as tenant, type of service, etc, to create pools of VMs that
provide different services.
The metadata is retrieve with cloud-init or with a simple curl to
169.254.169.254 (see:
http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html
).

Best!
Max

Max Tkach | Cloud Services & Operations
MercadoLibre CloudBuilders
GTalk: maxtkach at gmail.com

On Wed, Jun 17, 2015 at 10:33 AM, Andrew Bogott <abogott at wikimedia.org>
wrote:

> On 6/16/15 9:13 PM, Sam Su wrote:
>
>> Did you tried to get the tenant info from the nova API?
>>
> I haven't tried that -- that would, I guess, involve giving root on each
> instance keystone credentials?  I don't otherwise have cause to give
> OpenSTack API access to users of my instances.
>
>
>
>> -----Original Message-----
>> From: Andrew Bogott [mailto:abogott at wikimedia.org]
>> Sent: Tuesday, June 16, 2015 6:46 PM
>> To: openstack at lists.openstack.org
>> Subject: [Openstack] How should an instance learn what tenant it is in?
>>
>>       I have many uses cases in which an instance needs to know what
>> project
>> it is in.  Right now I accomplish this through an intricate hack which
>> involves hooking instance creation and writing the tenant name to an ldap
>> record.
>>
>>       I'm considering rewriting this hack to write the tenant name into
>> the
>> metadata directly, but that will still be a hack.  Is there an obvious,
>> implemented solution to this that I'm missing?  If not, would a nova patch
>> that adds tenant id and name to the metadata be welcome?  Or, are there
>> security reasons for preventing an instance from knowing its tenant?
>>
>> -Andrew
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150617/7fb5ab4b/attachment.html>


More information about the Openstack mailing list