[openstack-dev] [keystone] role of Domain in VPC definition

Joe Gordon joe.gordon0 at gmail.com
Mon Feb 17 03:15:13 UTC 2014


On Sun, Feb 16, 2014 at 3:26 AM, Salvatore Orlando <sorlando at nicira.com> wrote:
> It seems this work item is made of several blueprints, some of which are not
> yet approved. This is true at least for the Neutron blueprint regarding
> policy extensions.
>
> Since I first looked at this spec I've been wondering why nova has been
> selected as an endpoint for network operations rather than Neutron, but this
> probably a design/implementation details whereas JC here is looking at the
> general approach.

[1] is only about AWS VPC support, not OpenStack API based network operations.

>
> Nevertheless, my only point here is that is seems that features like this
> need an "all-or-none" approval.
> For instance, could the VPC feature be considered functional if blueprint
> [1] is implemented, but not [2] and [3]?
>
> Salvatore
>
> [1] https://blueprints.launchpad.net/nova/+spec/aws-vpc-support
> [2]
> https://blueprints.launchpad.net/neutron/+spec/policy-extensions-for-neutron
> [3]
> https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy
>
>
> On 11 February 2014 21:45, Martin, JC <jch.martin at gmail.com> wrote:
>>
>> Ravi,
>>
>> It seems that the following Blueprint
>> https://wiki.openstack.org/wiki/Blueprint-aws-vpc-support
>>
>> has been approved.
>>
>> However, I cannot find a discussion with regard to the merit of using
>> project vs. domain, or other mechanism for the implementation.
>>
>> I have an issue with this approach as it prevents tenants within the same
>> domain sharing the same VPC to have projects.
>>
>> As an example, if you are a large organization on AWS, it is likely that
>> you have a large VPC that will be shred by multiple projects. With this
>> proposal, we loose that capability, unless I missed something.
>>
>> JC
>>
>> On Dec 19, 2013, at 6:10 PM, Ravi Chunduru <ravivsn at gmail.com> wrote:
>>
>> > Hi,
>> >   We had some internal discussions on role of Domain and VPCs. I would
>> > like to expand and understand community thinking of Keystone domain and
>> > VPCs.
>> >
>> > Is VPC equivalent to Keystone Domain?
>> >
>> > If so, as a public cloud provider - I create a Keystone domain and give
>> > it to an organization which wants a virtual private cloud.
>> >
>> > Now the question is if that organization wants to have  departments wise
>> > allocation of resources it is becoming difficult to visualize with existing
>> > v3 keystone constructs.
>> >
>> > Currently, it looks like each department of an organization cannot have
>> > their own resource management with in the organization VPC ( LDAP based user
>> > management, network management or dedicating computes etc.,) For us,
>> > Openstack Project does not match the requirements of a department of an
>> > organization.
>> >
>> > I hope you guessed what we wanted - Domain must have VPCs and VPC to
>> > have projects.
>> >
>> > I would like to know how community see the VPC model in Openstack.
>> >
>> > Thanks,
>> > -Ravi.
>> >
>> >
>> > _______________________________________________
>> > OpenStack-dev mailing list
>> > OpenStack-dev at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list