[openstack-dev] [nova]Proposal for function to manage the resources available to each tenant
sbauza at redhat.com
Fri Jul 17 09:25:11 UTC 2015
Le 17/07/2015 10:42, Kenji Ishii a écrit :
> Please give me opinion in terms to be a valuable function for OpenStack Community.
> We believe that we need a mechanism to easily manage the resources available to the each tenant.
> In some case, we want to allow only the specific tenant to use the specific resources.
> We think the two architectures of the following.
> a. New concept called vDC
> vDC is "virtual DC".
> It means collection of several logical resources : Availavility Zone(AZ).
> If we use it, we can control the resources to each tenant.
> For example,
> ___vDC_1____ ___vDC_2____
> | | | |
> | AZ1, AZ2 | | AZ3 |
> |____________| |____________|
> tenant "tenant_001" assigned "vDC_1"
> tenant "tenant_002" assigned "vDC_2"
> tenant_001 can use AZ1 and AZ2, AZ3 is unavailable.
> tenant_002 can use AZ3 , AZ1 and AZ2 is unavailable.
Not sure I fully understand but AggregateMultiTenancyIsolation filter
already partially does the job (with a certain number of pitfalls, one
being addressed in https://review.openstack.org/#/c/195783/ )
> b. use region
> It will manage the relation between the Region and the tenant.
> The tenant can use only the resources in region that be allowed it to use.
> By the way, this proposal is several problems - Cost of system construction is higher than proposal "a" etc
Nova litterally knows nothing about Regions, that's a pure Keystone
concept. From my perspective, you just have to make sure that your
tenants are per region, you don't really need more to have the tenancy
segregation at the region level. Caution, I'm not a Keystone expert.
> each proposal's detail is following.
> Kenji Ishii
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev