[openstack-dev] [Keystone][Glance] Hierarchical multitenancy and Glance?
Rodrigo Duarte Sousa
rodrigods at lsd.ufcg.edu.br
Tue Apr 28 14:17:57 UTC 2015
Hi all,
Our team in the Federal University of Campina Grande implemented the
initial Hierarchical Multitenancy support and now we are implementing
the Reseller use case in Keystone.
Already answering Travis question, in the Reseller solution we are
merging the domains and projects entities: domains are going to be a
"feature" of projects - if a project has the "domain" feature enabled,
it will behave exactly as domains currently behave (being a container of
users). With domain being a project, they will be part of the same
hierarchy, for more details you may read the spec:
https://github.com/openstack/keystone-specs/blob/master/specs/liberty/reseller.rst
And yes, we need to extend the Hierarchical Mutlitenancy concept to
other projects and our team is already working in Horizon and in contact
with Sajeesh (Nova). We are definitely interested in participating the
proposed design session and discussions that could emerge from it.
--
Rodrigo Duarte
On 28-04-2015 10:59, Geoff Arnold wrote:
> Yes. 100% upstream.
>
> And although I’ve referred to it as “reseller” (following the previous
> Keystone BP), it’s a much more generic pattern. Long term, I think it
> turns into something like a supply chain framework for services.
>
> Geoff
>
>> On Apr 28, 2015, at 3:51 AM, Tim Bell <Tim.Bell at cern.ch
>> <mailto:Tim.Bell at cern.ch>> wrote:
>>
>> Geoff,
>>
>> Would the generic parts of your “reseller” solution by contributed to
>> the upstream projects (e.g. glance, horizon, ceilometer) ? It would
>> be good to get the core components understanding hierarchical
>> multitenancy for all the use cases.
>>
>> The nova quota work is being submitted upstream for Liberty by
>> Sajeesh
>> (https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api)
>>
>> The cinder quota proposal is also underway
>> (https://blueprints.launchpad.net/cinder/+spec/cinder-nested-quota-driver)
>>
>> Tim
>>
>> *From:*Geoff Arnold [mailto:geoff at geoffarnold.com]
>> *Sent:* 28 April 2015 08:11
>> *To:* OpenStack Development Mailing List (not for usage questions)
>> *Subject:* Re: [openstack-dev] [Keystone][Glance] Hierarchical
>> multitenancy and Glance?
>>
>> Use cases:
>>
>> https://wiki.openstack.org/wiki/HierarchicalMultitenancy
>>
>> Blueprints:
>>
>> (Kilo):
>>
>> https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy
>>
>> https://blueprints.launchpad.net/keystone/+spec/reseller
>>
>> (Liberty):
>>
>> https://blueprints.launchpad.net/nova/+spec/multiple-level-user-quota-management
>>
>> https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api
>>
>> (Pending):
>>
>> https://blueprints.launchpad.net/horizon/+spec/hierarchical-projects
>>
>> https://blueprints.launchpad.net/horizon/+spec/inherited-roles
>>
>> As for adoption, it’s hard to say. The HMT work in Keystone was a
>> necessary starting point, but in order to create a complete solution
>> we really need the corresponding changes in Nova (quotas), Glance
>> (resource visibility), Horizon (UI scoping), and probably Ceilometer
>> (aggregated queries). We (Cisco) are planning to kick off a
>> Stackforge project to knit all of these things together into a
>> complete “reseller” federation system. I’m assuming that there will
>> be other system-level compositions of the various pieces.
>>
>> Geoff
>>
>> On Apr 27, 2015, at 9:48 PM, Tripp, Travis S <travis.tripp at hp.com
>> <mailto:travis.tripp at hp.com>> wrote:
>>
>> Geoff,
>>
>> Getting a spec on HMT would be helpful, as Nikhil mentioned.
>>
>> As a general question, what it the current adoption of domains / vs
>> hierarchical projects? Is there a wiki or something that
>> highlights what
>> the desired path forward is with regard to domains?
>>
>> Thanks,
>> Travis
>>
>> On 4/27/15, 7:16 PM, "Geoff Arnold" <geoff at geoffarnold.com
>> <mailto:geoff at geoffarnold.com>> wrote:
>>
>>
>> Good points. I¹ll add some details. I¹m sure the Reseller
>> guys will have
>> some comments.
>>
>> Geoff
>>
>>
>> On Apr 27, 2015, at 3:32 PM, Nikhil Komawar
>> <nikhil.komawar at RACKSPACE.COM
>> <mailto:nikhil.komawar at RACKSPACE.COM>> wrote:
>>
>> Thanks Geoff. Added some notes and questions.
>>
>> -Nikhil
>>
>> ________________________________________
>> From: Geoff Arnold <geoff at geoffarnold.com
>> <mailto:geoff at geoffarnold.com>>
>> Sent: Monday, April 27, 2015 5:50 PM
>> To: OpenStack Development Mailing List (not for usage
>> questions)
>> Subject: [openstack-dev] [Keystone][Glance] Hierarchical
>> multitenancy
>> and Glance?
>>
>> In preparation for Vancouver, I¹ve been looking for
>> blueprints and
>> design summit discussions involving the application of
>> the Keystone
>> hierarchical multitenancy work to other OpenStack
>> projects. One obvious
>> candidate is Glance, where, for example, we might want
>> domain-local
>> resource visibility as a default. Despite my searches, I
>> wasn¹t able to
>> find anything. Did I miss something obvious?
>>
>> I¹ve added a paragraph to
>> https://etherpad.openstack.org/p/liberty-glance-summit-topics
>> to make
>> sure it doesn¹t get overlooked.
>>
>> Cheers,
>>
>> Geoff
>>
>> _________________________________________________________________________
>> _
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org
>> <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> _________________________________________________________________________
>> _
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> <mailto:OpenStack-dev-request at lists.openstack.org?subject:unsubscribe>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org
>> <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org
>> <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org
>> <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150428/e3876bb4/attachment-0001.html>
More information about the OpenStack-dev
mailing list