Confused by tenant, project, user, account in openstack and swift

I am confused by tenant in openstack and swift.

I have multiple machines on C3 under tenant called myTenant. Here tenant is the same with project. I cannot understand what do tenant and project mean here.

I also have a swift container, which I can access by tenantID and username, password and storageUrl. what are the differences between tenant here and myTenant mentioned above.

I used swift stat -v <containerName> and got the Account of the container is KEY_<tenantId>. here what is the difference between tenant, user and Account?

The storageUrl looks like http://ip/KEY_<tenantId>, which is the endpoint of one container. So, tenantId is limited to only one container here?

Thanks. Any hints welcomed.

For historical reasons (and the fact that it is impossible to retrospectively fix N years of legacy documentation, blogs, Q&A sites and other web-searchable stuff), some of the OpenStack terminology is a bit confusing.

The terms "tenant" and "project" mean the same thing; see this Q&A on the "Ask OpenStack" site:

• https://ask.openstack.org/en/question/84073/tenant-vs-project/

The term "tenant" is being phased out ... slowly.

So to answer your questions:

I have multiple machines on C3 under tenant called myTenant. Here tenant is the same with project. I cannot understand what do tenant and project mean here.

See above.

I also have a swift container, which I can access by tenantID and username, password and storageUrl. what are the differences between tenant here and myTenant mentioned above.

A "tenant" (or "project") has a name and an ID. Your "myTenant" is a project name. The tenant ID or project ID is a long unique identifier. You can lookup the ID for a project using the openstack command; e.g. openstack project show myTenant.

I used swift stat -v <containerName> and got the Account of the container is KEY_<tenantId>. here what is the difference between tenant, user and Account?

A "tenant" or "project" in Keystone corresponds to an "account" in Swift. A "user" in Keystone corresponds to a "user" in Swift.

(Strictly speaking the concepts are not identical. It is possible to run Swift with TempAuth middleware which gets identity information from local configs rather than from a Keystone service. But that approach is designed for stand-alone testing, not production.)