You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

We are using openstack projects, with some defined quotas, to contain student projects. For courses which uses the openstack platform, we are creating one openstack project per project group. This page of the wiki documents this process.

General user administration

As we are performing authentication using the NTNU LDAP infrastructure, we do not administer the user accounts. We are simply adding existing NTNU users to openstack projects.

Assigning NTNU users to a project

A user can be assigned to a project using the following commands:

Give user access to project
$ openstack role add --project <projectname> --user <username> --user-domain=NTNU _member_
$ openstack role add --project <projectname> --user <username> --user-domain=NTNU heat_stack_owner

This will give the user access to create networks/routers/vm's, in addition to use the heat orchestration services.

Displaying projects a user is member of

To display which project a user is a member of is a two-step approach in Mitaka. First one needs to determine the user's ID, before this ID is used to retreive the projects this user is a member of:

Determine user ID
$ openstack user show eigilo --domain=NTNU
+-----------+------------------------------------------------------------------+
| Field     | Value                                                            |
+-----------+------------------------------------------------------------------+
| domain_id | cb782810849b4ce8bce7f078cc193b19                                 |
| email     | eigil.obrestad@ntnu.no                                           |
| enabled   | True                                                             |
| id        | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 |
| name      | eigilo                                                           |
+-----------+------------------------------------------------------------------+

$ openstack role assignment list --user 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 --names
+------------------+-------------+-------+---------------+--------+-----------+
| Role             | User        | Group | Project       | Domain | Inherited |
+------------------+-------------+-------+---------------+--------+-----------+
| admin            | eigilo@NTNU |       | admin@Default |        | False     |
| _member_         | eigilo@NTNU |       | eigil@Default |        | False     |
| heat_stack_owner | eigilo@NTNU |       | eigil@Default |        | False     |
+------------------+-------------+-------+---------------+--------+-----------+

Project administration

Naming scheme:

We are creating projects using a strict naming scheme. All projects should be named using one of the following schemes:

Naming schemeExamplePurpose
<Course-code>_<Term>_<GroupName>IMT3441_V17_Group1Projects related to a specific course.
<Department>_<DescriptiveName>AIMT_AssuranceTestingLab

Project related to a certain project not course-specific.

U_<username>U_eigilo

Single-user project, not associated with any real courses or projects.

Creating a project

To create a project and add a student with NTNU username pikachu with permissions to create Heat stacks in the course IMT3005.

$ openstack project create --description "<Project Description>" --domain NTNU <Projectname>

Displaying users assigned to a certain project

To show which users are assigned to a certain project, the following command can be used.

$ openstack role assignment list --project <PROJECTNAME> --names

Give a user administrative privileges

To give full administration access to a user, he needs to be an admin member of the admin project.

Give admin credentials to a user
$ openstack role add --project admin --user <username> admin --user-domain NTNU
  • No labels