Open Stack

Hello,

At work we use the EC2 tags API quite heavily for all sorts of things,
so I've been tasked with getting it implemented for openstack.

As some background, the EC2 API offers 3 API calls: CreateTags,
DeleteTags and DescribeTags, as well as a way to filter a search for a
resource by tags (by passing {"filter": [{"tag:key": "value"}]} or
{"filter": [{"tag-key": "value"}]} as parameters to an API call like
DescribeInstances or DescribeSecurityGroups.

The API references are here:
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-CreateTags.html
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DeleteTags.html
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeTags.html
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeInstances.html
(and other Describe* resource searches)

The part of this that seems awkward to overlay onto openstack's database
schema is that tags can be applied to multiple resource types - eg, when
a stack is cloudformed, all the instances, load balancers, security
groups, etc are tagged with the cloudformation name.

I can see two ways of implementing this: 

1) Reuse the existing instance-metadata table and start creating
security-group metadata tables and so on.  This approach has the
downside that resources that are served by cinder or quantum will be
awkward - we'd have to add equivalent API calls to them and call their
API.

2) Create a new tags table containing references to the resource type
and ID.  This has the advantage that we won't need to make lots of API
calls to return all the resources with a given tag, but also feels
possibly over-denormalized (is that a word?).

I have a proof of concept implementation that takes the second approach,
but only provides an EC2 API without the equivalent nova API, and only
provides the filtering for DescribeInstances.  It can of course be
extended - this was mostly me getting familiar with the code base.

Please let me know what you think.  As we use this at work, I'll be
quite happy to provide the implementation, once it's agreed how this
should look.

Cheers,
-- 
Stephen Gran
Senior Systems Integrator - guardian.co.uk

Please consider the environment before printing this email.
------------------------------------------------------------------
Visit guardian.co.uk - website of the year
 
www.guardian.co.uk    www.observer.co.uk     www.guardiannews.com 
 
On your mobile, visit m.guardian.co.uk or download the Guardian
iPhone app www.guardian.co.uk/iphone and iPad edition www.guardian.co.uk/iPad 
 
Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access. 
Visit guardian.co.uk/subscribe
 
---------------------------------------------------------------------
This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
 
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
 
Guardian News & Media Limited
 
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
London
N1P 2AP
 
Registered in England Number 908396