Multi-tenancy in ManageIQ


#1

Hi all,

I was wondering if it is possible to map or sync projects and their users from OpenStack into ManageIQ?

Adding the OpenStack cloud provider is fine, however, all new instances are being deployed under admin tenant/project and listing tenants in ManageIQ for a specific OpenStack provider returns admin project/tenant only, even though there are other projects/tenants in OpenStack.

Is there something I’m missing in terms of configuration or this kind of functionality (multi-tenancy with an OpenStack provider) does not currently exist?

Many thanks!


#2

Hey @jbalciunas!

In order to pull in more tenants from OpenStack, you’ll have to associate your admin user to those tenants. You shouldn’t need to assign the admin user the “admin” role to all tenants, just the “member” role. And, any tenant you associate with your admin user should be picked up on the next Refresh cycle.

As for users, we do not currently map user accounts from OpenStack to ManageIQ. We rely on ManageIQ’s internal RBAC (Role Based Access Control) model to control what ManageIQ users can see and do.

I honestly can’t remember if we currently have OpenStack tenants controlled with RBAC yet.

Let us know if that helps get you rolling, or if you run into any other issues.

Thanks!


GregB


#3

I believe the best answer to my question is described here: https://trello.com/c/KWtmrB4b

Other than that - many thanks for the tip regarding the admin membership in the projects. That, along with group tags, can serve as a workaround in the meanwhile.