The Compute system is designed to be used by different consumers in the form of tenants on a shared system, and role-based access assignments. Roles control the actions that a user is allowed to perform.
Tenants are isolated resource containers that form the
principal organizational structure within the Compute
service. They consist of an individual VLAN, and volumes,
instances, images, keys, and users. A user can specify the
tenant by appending :project_id
to
their access key. If no tenant is specified in the API
request, Compute attempts to use a tenant with the same ID
as the user.
For tenants, you can use quota controls to limit the:
Number of volumes that may be launched.
Number of processor cores and the amount of RAM that can be allocated.
Floating IP addresses assigned to any instance when it launches. This allows instances to have the same publicly accessible IP addresses.
Fixed IP addresses assigned to the same instance when it launches. This allows instances to have the same publicly or privately accessible IP addresses.
Roles control the actions a user is allowed to perform.
By default, most actions do not require a particular role,
but you can configure them by editing the
policy.json
file for user roles.
For example, a rule can be defined so that a user must
have the admin
role in order to be
able to allocate a public IP address.
A tenant limits users' access to particular images. Each user is assigned a username and password. Keypairs granting access to an instance are enabled for each user, but quotas are set, so that each tenant can control resource consumption across available hardware resources.
Note | |
---|---|
Earlier versions of OpenStack used the term
|