Containers ========== User IDs -------- In order to run unprivileged containers we need to assign uid's and gid's to the users. To be able to use the users also across e.g. NFS shares the id's need to be stable/unique. Services provided by OS packages (e.g. Apache) use their normal IDs for now. The following table is used for the uid's and gid's we define. =============== ======= User-/Groupname ID =============== ======= operator 2500000 keystone 2500001 ceilometer 2500002 cinder 2500003 glance 2500004 gnocchi 2500005 horizon 2500006 neutron 2500007 nova 2500008 libvirt 2500009 mariadb (*) 2500010 rabbitmq (*) 2500011 barbican 2500012 heat 2500013 tempest 2500014 ssl-terminator 2500015 ovn 2500016 placement 2500017 =============== ======= - (*): MariaDB and RabbitMQ might migrate to a random per-cluster assignment from a to-be-defined range in the future. API-Container Naming -------------------- To ease the generation and parsing of logs we use a standardized naming scheme for all api-container hosting an openstack api (within the api-pod). The syntax is ``-api``. Example for the Keystone-API is ``keystone-api``.