CODEWITHSUNDEEP
openstackkeystoreopenstack-swiftopenstack-keystone
BAE
BAE

Reputation: 8956

Confused by tenant, project, user, account in openstack and swift

I am confused by tenant in openstack and swift.

I have multiple machines on C3 under tenant called myTenant. Here tenant is the same with project. I cannot understand what do tenant and project mean here.

I also have a swift container, which I can access by tenantID and username, password and storageUrl. what are the differences between tenant here and myTenant mentioned above.

I used swift stat -v <containerName> and got the Account of the container is KEY_<tenantId>. here what is the difference between tenant, user and Account?

The storageUrl looks like http://ip/KEY_<tenantId>, which is the endpoint of one container. So, tenantId is limited to only one container here?

Thanks. Any hints welcomed.

Upvotes: 3

Views: 5662

Answers (1)

Stephen C
Stephen C

Reputation: 719446

For historical reasons (and the fact that it is impossible to retrospectively fix N years of legacy documentation, blogs, Q&A sites and other web-searchable stuff), some of the OpenStack terminology is a bit confusing.

The terms "tenant" and "project" mean the same thing; see this Q&A on the "Ask OpenStack" site:

The term "tenant" is being phased out ... slowly.

So to answer your questions:

I have multiple machines on C3 under tenant called myTenant. Here tenant is the same with project. I cannot understand what do tenant and project mean here.

See above.

I also have a swift container, which I can access by tenantID and username, password and storageUrl. what are the differences between tenant here and myTenant mentioned above.

A "tenant" (or "project") has a name and an ID. Your "myTenant" is a project name. The tenant ID or project ID is a long unique identifier. You can lookup the ID for a project using the openstack command; e.g. openstack project show myTenant.

I used swift stat -v <containerName> and got the Account of the container is KEY_<tenantId>. here what is the difference between tenant, user and Account?

A "tenant" or "project" in Keystone corresponds to an "account" in Swift. A "user" in Keystone corresponds to a "user" in Swift.

(Strictly speaking the concepts are not identical. It is possible to run Swift with TempAuth middleware which gets identity information from local configs rather than from a Keystone service. But that approach is designed for stand-alone testing, not production.)

Upvotes: 2

Related Questions