Hi Vikas, > >The question is what you mean by multi-tenancy, if you mean that different > >tenants each control their own bare-metal
> >server then Kuryr already support this. (by tenant credential configuration) > > I understand kuryr can configure with tenant credential, but we still need > neutron-openvswitch-agent on > the bare-metal server, it need admin account… > Vikas-- If kuryr is configured with admin credentials same credentials will > be passed to neutron client APIs and thus eventually to openvswitch agent. > Can you please elaborate "need admin account"? Let me try to make me clear: AFAIK, docker runs in Bare-metal Server case, we need to install kuryr and neutron-openvswitch-agent in the bare metal server. We can configure tenant account in this kuryr. And I think all the neutron resource which created in this server will belong this tenant(not admin tenant). But in neutron-openvswitch-agent, we still need to configure admin account in keystone_authtoken: [keystone_authtoken] # auth_host = 127.0.0.1 # auth_port = 35357 # auth_protocol = http # admin_tenant_name = %SERVICE_TENANT_NAME% # admin_user = %SERVICE_USER% # admin_password = %SERVICE_PASSWORD% And the tenant can login the bare metal server directly, it is not good to configure this kind of things on this server. Thanks. Regards, Liping Mao From: Vikas Choudhary <[email protected]<mailto:[email protected]>> Reply-To: OpenStack List <[email protected]<mailto:[email protected]>> Date: 2016年1月27日 星期三 上午10:57 To: OpenStack List <[email protected]<mailto:[email protected]>> Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant On 26 Jan 2016 13:30, "Liping Mao (limao)" <[email protected]<mailto:[email protected]>> wrote: > > Hi Gal, > > Thanks for your answer. > > >The question is what you mean by multi-tenancy, if you mean that different > >tenants each control their own bare-metal > >server then Kuryr already support this. (by tenant credential configuration) > > I understand kuryr can configure with tenant credential, but we still need > neutron-openvswitch-agent on > the bare-metal server, it need admin account… Vikas-- If kuryr is configured with admin credentials same credentials will be passed to neutron client APIs and thus eventually to openvswitch agent. Can you please elaborate "need admin account"? Thanks Vikas > Thanks. > > Regards, > Liping Mao > > From: Gal Sagie <[email protected]<mailto:[email protected]>> > Reply-To: OpenStack List > <[email protected]<mailto:[email protected]>> > Date: 2016年1月26日 星期二 下午12:47 > > To: OpenStack List > <[email protected]<mailto:[email protected]>> > Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant > > Hi Liping Mao, > > The question is what you mean by multi-tenancy, if you mean that different > tenants each control their own bare-metal > server then Kuryr already support this. (by tenant credential configuration) > > If what i think you mean, and thats running multi tenants on the same > bare-metal then the problem > here is that Docker and Kubernetes doesnt support something like that either > (mostly for security reasons) and > the networking is just part of it (Which is what Kuryr focus on). > For this, you usually pick with what Magnum offer and thats running > containers inside tenant VMs. > > However, there are some interesting technologies and open source projects > which enable > something like that and we are evaluating them, its definitely a long term > goal for us. > > > > On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) > <[email protected]<mailto:[email protected]>> wrote: >> >> Thanks Mohammad for your clear explanation. >> Do we have any way or roadmap or idea to support kuryr in multi-tenant in >> bare metal servers now? >> >> Thanks. >> >> Regards, >> Liping Mao >> >> >> From: Mohammad Banikazemi <[email protected]<mailto:[email protected]>> >> Reply-To: OpenStack List >> <[email protected]<mailto:[email protected]>> >> Date: 2016年1月26日 星期二 上午2:35 >> To: OpenStack List >> <[email protected]<mailto:[email protected]>> >> Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant >> >> Considering that the underlying container technology is not multi-tenant (as >> of now), your observation is correct in that all neutron resources are made >> for a single tenant. Until Docker supports multi tenancy, we can possibly >> use network options and/or wrappers for docker/swarm clients to achieve some >> kind of multi tenancy support. Having said that, I should add that as of now >> we do not have such a feature in Kuryr. >> >> Best, >> >> Mohammad >> >> >> "Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new >> bee in kuryr, and using devstack to try kuryr now, I notice when I use kur >> >> From: "Liping Mao (limao)" <[email protected]<mailto:[email protected]>> >> To: "OpenStack Development Mailing List (not for usage questions)" >> <[email protected]<mailto:[email protected]>> >> Date: 01/25/2016 06:39 AM >> Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant >> >> ________________________________ >> >> >> >> Hi Kuryr guys, >> >> I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I >> use kuryr to create network/port for container, the resources are in “admin”. >> Do kuryr support multi-tenant now? For example, if I want try kuryr in demo >> tenant, how can I do this? >> >> Thanks for your help and any help would be appreciated. >> >> Regards, >> Liping >> Mao__________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe<http://[email protected]?subject:unsubscribe> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe<http://[email protected]?subject:unsubscribe> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > Best Regards , > > The G. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe<http://[email protected]?subject:unsubscribe> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
