Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Enable multi-tenancy and manage global, and tenant resources

1. Overview

Before you get started!

Welcome to OpenStack!

In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just your workstation, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.

This tutorial is the seventh in the “Phase I - Single-node OpenStack on your workstation” series.

Explore other tutorials >

What is OpenStack?

OpenStack is the most popular open source cloud platform that aggregates distributed compute, network and storage resources in the data centre and enables on-demand provisioning of virtual machines through a self-service portal. OpenStack powers thousands of public and private clouds all over the world, providing rapid access for greater innovation and better economics.

Learn more about OpenStack >

What is MicroStack?

MicroStack is a micro cloud platform based on OpenStack, designed for the edge and small-scale data centre deployments, that can be installed and maintained with minimal effort. MicroStack eliminates the complexity behind OpenStack, providing an opinionated approach to OpenStack architecture design and a straightforward installation method.

Learn more about MicroStack >

What is Charmed OpenStack?

Charmed OpenStack is an enterprise cloud platform based on OpenStack, designed for large-scale data centre deployments, that provides full automation around the initial installation and day-2 operations. Charmed OpenStack abstracts the complexity behind OpenStack, using a composable approach to OpenStack architecture design with model-driven operators (charms).

Learn more about Charmed OpenStack >

In this tutorial, you will learn how to:

  • Enable multi-tenancy in OpenStack

  • Manage global and tenant resources

  • Create key pairs

You will only need:

One physical machine with:


These instructions use MicroStack - OpenStack in a snap. MicroStack is also available on other Linux distros, Windows and macOS. Refer to the MicroStack website for more information on how to install MicroStack on an OS other than Ubuntu.

2. Enable multi-tenancy

OpenStack is a multi-tenant environment by default, meaning that various organisations can use it independently of each other at the same time. This makes OpenStack suitable for the purpose of public cloud implementations.

Multi-tenancy in OpenStack is organised based on the concept of identities as discussed in tutorial 6. Identities. Cloud resources are grouped into projects. Users and groups are assigned with roles on those projects. Finally, domains limit the visibility of their identities to users in other domains.

As a result, enabling multi-tenancy usually involves creating multiple domains and assigning one domain per every organisation. Inside of those domains, multiple projects can be created to further limit cloud resources to a certain project or an organisation’s unit. Every domain can also have its own admin and regular user accounts created, and roles can be assigned according to the tenants’ internal policies.

In tutorial 6. Identities, we created the myproject project and the myuser user inside of the mydomain domain, and granted this user the member role on the project through the group membership and role assignment. In the following tutorials, we’re going to use the mydomain domain and the myproject project as an example of a newly created tenant.

3. Switch to the user account

You may remember from the tutorial 2. Components that the user has to set up the OpenStack client in order to be able to communicate with the OpenStack cloud. This involves installing the client and setting up some environmental variables that are defined in the RC file.

To download the RC file for the myuser user, visit the OpenStack dashboard at and log in using the following credentials:

  • Domain - Type mydomain

  • User Name - Type myuser

  • Password - Type mypassword

From the OpenStack dashboard landing page, navigate to the myuser drop-down menu on the top right, click it, and select OpenStack RC File to download the RC file:

Depending on your browser, you may also need to accept the file:


To set up the OpenStack client for the myuser user, open a new terminal window, execute the following command, and type mypassword when asked for the password:

$ source ~/Downloads/

You can now use the OpenStack client to interact with the OpenStack cloud as the myuser user.

4. Manage global resources

In OpenStack, some resources are global, while others are available to a certain tenant only. Global resources are shared across all projects and domains, and can be managed by users with the admin role assigned. Tenant resources are limited to a project or a domain, and can be managed by users with the member role assigned.

Examples of global resources include:

  • Public instance templates, including images and flavors

  • External networks

  • Roles

For example, to list all images, execute the following command:

$ openstack --insecure image list

Sample output:


| ID | Name | Status |


| 50f94870-622a-4f86-b676-77a2704cfb65 | 20.04 | active |

| 2b79c445-4593-43bd-81b8-19b41a82011e | cirros | active |


Alternatively, navigate to Project -> Compute -> Images from the OpenStack dashboard:

Note that the myuser user cannot see the 18.04 image, which we marked as private in the tutorial 5. Templates.

5. Manage tenant resources

The myuser user can now start creating tenant resources inside of the myproject project.

In the following steps, we’ll create an SSH key pair called mykeypair that we’ll later use during the instance provisioning process.

Create a key pair through the OpenStack client

To create the key pair, execute the following command:

$ openstack --insecure keypair create --private-key ~/Downloads/mykeypair.pem --type ssh mykeypair

To list all key pairs, execute the following command:

$ openstack --insecure keypair list

Sample output:


| Name | Fingerprint | Type |


| mykeypair | 88:51:e6:dd:d1:b1:5a:f5:c7:7a:8e:4d:33:92:03:20 | ssh |


Create a key pair through the OpenStack dashboard

Navigate to Project -> Compute -> Key Pairs and click the Create Key Pair button on the right:

To create the keypair, fill in the form as follows:

  • Key Pair Name - Type mykeypair

  • Key Type - Select SSH Key

Then click the Create Key Pair button:

Depending on your browser, you may also need to accept the generated mykeypair.pem file:


You shall now be able to see the new key pair in Nova’s database:

Note that the fingerprint (here 39:f0:24:4c:9f:52:f1:00:6e:36:47:6f:02:ca:7d:ea) may be different in your environment.

6. Next steps

Congratulations! You have reached the end of this tutorial.

You can now move to the next tutorial - “8. Network” - or explore other tutorials.

Take a survey!

Your feedback is very important for us and the entire OpenStack community. We want to understand how you use MicroStack and your pain points. Your feedback helps guide future MicroStack development.

Please fill in a short 5-question anonymous survey.

In this tutorial, you have learnt how to:

  • Enable multi-tenancy in OpenStack

  • Manage global and tenant resources

  • Create key pairs

Where to go from here?