[openstack-dev] [Glance] Getting Glance Ready for Public Clouds Session Summary

Iccha Sethi iccha.sethi at rackspace.com
Wed Apr 24 21:30:56 UTC 2013

Topic & short description
Topic: Getting Glance Ready for Public Clouds
Currently Glance is exposed to users through Nova; this is becoming a problem because new Glance features require a Nova extension.  It would be better to have Glance as a first-class member of the OpenStack ecosystem.  But in order for this to happen, we (as in OpenStack cloud providers) would need at least:

more robust user roles to allow per-user:

rate limits


RBAC (per-tenant)

protected image properties

image-related restrictions

e.g., there may be contractual reasons why you wouldn't want to allow download of specific images based not on the user, but on the image itself; might be the case for other actions)

other API changes from increased load

There are currently blueprints for rate limits, but an alternative approach would be to think that rate limiting should be done in front of Glance by Repose or a similar system that understands Keystone. 

Link to etherpad discussion

[https://etherpad.openstack.org/havana-getting-glance-ready-for-public-clouds] https://etherpad.openstack.org/havana-getting-glance-ready-for-public-clouds

Summary of summit consensus (if any) about how to proceed

1. rate limits: should be done by something in front of glance
 2. quotas: no consensus

requires further research. 

There are 2 related blueprints:

[https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas] https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas

[https://blueprints.launchpad.net/nova/+spec/ledger-quota-subsystem] https://blueprints.launchpad.net/nova/+spec/ledger-quota-subsystem : proposed as a Nova subsystem, would be better in Oslo?

The BPs were proposed by Artem Andreev ([https://launchpad.net/~just-wow] https://launchpad.net/~just-wow ), not sure if he's still interested in working on this3. protected image properties

has an approved blueprint [https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection] https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection

details are under discussion: [https://etherpad.openstack.org/public-glance-protected-props] https://etherpad.openstack.org/public-glance-protected-props

volunteers to work on this: smclaren, isethi, & mikal4. upload and download workflow

Workflow discussion in summit etherpad and blueprint
Blueprint: [https://blueprints.launchpad.net/glance/+spec/upload-download-workflow] https://blueprints.launchpad.net/glance/+spec/upload-download-workflow

List of blueprints and assignees (if any)

[https://blueprints.launchpad.net/glance/+spec/uplopad-download-workflow] https://blueprints.launchpad.net/glance/+spec/upload-download-workflow

status: New

assignee: none

[https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection] https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection

status: Approved for Havana-M1

assignee: Mark W

[https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas] https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas

status: Drafting

assignee: none

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130424/f0cc3149/attachment.html>

More information about the OpenStack-dev mailing list