settingsLogin | Registersettings

[openstack-dev] [kuryr] Does Kuryr support multi-tenant

0 votes

Hi Kuryr guys,

I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in "admin".
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
asked Jan 25, 2016 in openstack-dev by Liping_Mao_-X_(limao (1,580 points)   6

6 Responses

0 votes

Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.org
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


responded Jan 25, 2016 by Mohammad_Banikazemi (3,160 points)   2 2
0 votes

Thanks Mohammad for your clear explanation.

Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now? 

Thanks.

Regards,

Liping Mao

From: Mohammad Banikazemi mb@us.ibm.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.org
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


responded Jan 26, 2016 by Liping_Mao_-X_(limao (1,580 points)   6
0 votes

Hi Liping Mao,

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal

server then Kuryr already support this. (by tenant credential configuration)

If what i think you mean, and thats running multi tenants on the same bare-metal then the problem

here is that Docker and Kubernetes doesnt support something like that either (mostly for security reasons) and

the networking is just part of it (Which is what Kuryr focus on).

For this, you usually pick with what Magnum offer and thats running containers inside tenant VMs.

However, there are some interesting technologies and open source projects which enable

something like that and we are evaluating them, its definitely a long term goal for us.

On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) limao@cisco.com wrote:

Thanks Mohammad for your clear explanation.

Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now? 

Thanks.

Regards,

Liping Mao

From: Mohammad Banikazemi mb@us.ibm.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.org
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--

Best Regards ,

The G.


responded Jan 26, 2016 by gal.sagie_at_gmail.c (4,700 points)   2 4 8
0 votes

Hi Gal,

Thanks for your answer. 

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal

server then Kuryr already support this. (by tenant credential configuration)

   I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on 

the bare-metal server, it need admin account… 

Thanks.

Regards,

Liping Mao

From: Gal Sagie gal.sagie@gmail.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 下午12:47
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Liping Mao,

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal

server then Kuryr already support this. (by tenant credential configuration)

If what i think you mean, and thats running multi tenants on the same bare-metal then the problem

here is that Docker and Kubernetes doesnt support something like that either (mostly for security reasons) and

the networking is just part of it (Which is what Kuryr focus on).

For this, you usually pick with what Magnum offer and thats running containers inside tenant VMs.

However, there are some interesting technologies and open source projects which enable

something like that and we are evaluating them, its definitely a long term goal for us.

On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) limao@cisco.com wrote:

Thanks Mohammad for your clear explanation.

Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now? 

Thanks.

Regards,

Liping Mao

From: Mohammad Banikazemi mb@us.ibm.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.org
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--

Best Regards ,

The G.


responded Jan 26, 2016 by Liping_Mao_-X_(limao (1,580 points)   6
0 votes

On 26 Jan 2016 13:30, "Liping Mao (limao)" limao@cisco.com wrote:

Hi Gal,

Thanks for your answer.

The question is what you mean by multi-tenancy, if you mean that
different tenants each control their own bare-metal
server then Kuryr already support this. (by tenant credential
configuration)

I understand kuryr can configure with tenant credential, but we still
need neutron-openvswitch-agent on
the bare-metal server, it need admin account…

Vikas-- If kuryr is configured with admin credentials same credentials will
be passed to neutron client APIs and thus eventually to openvswitch agent.
Can you please elaborate "need admin account"?

Thanks
Vikas

Thanks.

Regards,
Liping Mao

From: Gal Sagie gal.sagie@gmail.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 下午12:47

To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Liping Mao,

The question is what you mean by multi-tenancy, if you mean that
different tenants each control their own bare-metal
server then Kuryr already support this. (by tenant credential
configuration)

If what i think you mean, and thats running multi tenants on the same
bare-metal then the problem
here is that Docker and Kubernetes doesnt support something like that
either (mostly for security reasons) and
the networking is just part of it (Which is what Kuryr focus on).
For this, you usually pick with what Magnum offer and thats running
containers inside tenant VMs.

However, there are some interesting technologies and open source projects
which enable
something like that and we are evaluating them, its definitely a long
term goal for us.

On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) limao@cisco.com
wrote:

Thanks Mohammad for your clear explanation.
Do we have any way or roadmap or idea to support kuryr in multi-tenant
in bare metal servers now?

Thanks.

Regards,
Liping Mao

From: Mohammad Banikazemi mb@us.ibm.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Considering that the underlying container technology is not multi-tenant
(as of now), your observation is correct in that all neutron resources are
made for a single tenant. Until Docker supports multi tenancy, we can
possibly use network options and/or wrappers for docker/swarm clients to
achieve some kind of multi tenancy support. Having said that, I should add
that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a
new bee in kuryr, and using devstack to try kuryr now, I notice when I use
kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" <
openstack-dev@lists.openstack.org>
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant


Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice
when I use kuryr to create network/port for container, the resources are in
“admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in
demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping
Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Best Regards ,

The G.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 27, 2016 by Vikas_Choudhary (3,180 points)   6 7
0 votes

Hi Vikas,

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal

server then Kuryr already support this. (by tenant credential configuration)

I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on
the bare-metal server, it need admin account…

Vikas-- If kuryr is configured with admin credentials same credentials will be passed to neutron client APIs and thus eventually to openvswitch agent.
Can you please elaborate "need admin account"?

Let me try to make me clear:
AFAIK, docker runs in Bare-metal Server case, we need to install kuryr and neutron-openvswitch-agent in the bare metal server.
We can configure tenant account in this kuryr. And I think all the neutron resource which created in this server will belong this tenant(not admin tenant).
But in neutron-openvswitch-agent, we still need to configure admin account in keystone_authtoken:

[keystone_authtoken]

auth_host = 127.0.0.1

auth_port = 35357

auth_protocol = http

admintenantname = %SERVICETENANTNAME%

adminuser = %SERVICEUSER%

adminpassword = %SERVICEPASSWORD%

And the tenant can login the bare metal server directly, it is not good to configure this kind of things on this server.

Thanks.

Regards,
Liping Mao

From: Vikas Choudhary choudharyvikas16@gmail.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月27日 星期三 上午10:57
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

On 26 Jan 2016 13:30, "Liping Mao (limao)" limao@cisco.com wrote:

Hi Gal,

Thanks for your answer.

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal
server then Kuryr already support this. (by tenant credential configuration)

I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on
the bare-metal server, it need admin account…

Vikas-- If kuryr is configured with admin credentials same credentials will be passed to neutron client APIs and thus eventually to openvswitch agent.
Can you please elaborate "need admin account"?

Thanks
Vikas

Thanks.

Regards,
Liping Mao

From: Gal Sagie gal.sagie@gmail.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 下午12:47

To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Liping Mao,

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal
server then Kuryr already support this. (by tenant credential configuration)

If what i think you mean, and thats running multi tenants on the same bare-metal then the problem
here is that Docker and Kubernetes doesnt support something like that either (mostly for security reasons) and
the networking is just part of it (Which is what Kuryr focus on).
For this, you usually pick with what Magnum offer and thats running containers inside tenant VMs.

However, there are some interesting technologies and open source projects which enable
something like that and we are evaluating them, its definitely a long term goal for us.

On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) limao@cisco.com wrote:

Thanks Mohammad for your clear explanation.
Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now?

Thanks.

Regards,
Liping Mao

From: Mohammad Banikazemi mb@us.ibm.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad

"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" limao@cisco.com
To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.org
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant


Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Best Regards ,

The G.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 27, 2016 by Liping_Mao_-X_(limao (1,580 points)   6
...