[openstack-dev] [nova]Proposal for function to manage the resources available to each tenant
Kenji Ishii
ken-ishii at sx.jp.nec.com
Fri Jul 17 12:05:47 UTC 2015
Thank you for reply!
> Not sure I fully understand but AggregateMultiTenancyIsolation filter
> already partially does the job (with a certain number of pitfalls, one being
> addressed in https://review.openstack.org/#/c/195783/ )
I understand that nova already has function to isolate resources for each tenant
and the functional improvements is in progress.
I will watch this blueprint and try to check AggregateMultiTenancyIsolation filter.
https://review.openstack.org/#/c/195783/
> Nova litterally knows nothing about Regions, that's a pure Keystone
> concept. From my perspective, you just have to make sure that your
> tenants are per region, you don't really need more to have the tenancy
> segregation at the region level. Caution, I'm not a Keystone expert.
We had assumed that system configuration is single horizon and single keystone
and multiple regions. In this case, a tenant has resources at all regions.
My proposal is this precondition.
Thanks.
> -----Original Message-----
> From: Sylvain Bauza [mailto:sbauza at redhat.com]
> Sent: Friday, July 17, 2015 6:25 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [nova]Proposal for function to manage the
> resources available to each tenant
>
>
>
> Le 17/07/2015 10:42, Kenji Ishii a écrit :
> > Hello!
> >
> > Please give me opinion in terms to be a valuable function for OpenStack
> Community.
> > We believe that we need a mechanism to easily manage the resources
> available to the each tenant.
> > In some case, we want to allow only the specific tenant to use the specific
> resources.
> >
> >
> > We think the two architectures of the following.
> >
> > a. New concept called vDC
> > vDC is "virtual DC".
> > It means collection of several logical resources : Availavility
> Zone(AZ).
> > If we use it, we can control the resources to each tenant.
> >
> > For example,
> > ___vDC_1____ ___vDC_2____
> > | | | |
> > | AZ1, AZ2 | | AZ3 |
> > |____________| |____________|
> >
> > tenant "tenant_001" assigned "vDC_1"
> > tenant "tenant_002" assigned "vDC_2"
> >
> > tenant_001 can use AZ1 and AZ2, AZ3 is unavailable.
> > tenant_002 can use AZ3 , AZ1 and AZ2 is unavailable.
>
> Not sure I fully understand but AggregateMultiTenancyIsolation filter
> already partially does the job (with a certain number of pitfalls, one being
> addressed in https://review.openstack.org/#/c/195783/ )
>
> >
> > b. use region
> > It will manage the relation between the Region and the tenant.
> > The tenant can use only the resources in region that be allowed it
> to use.
> >
> > By the way, this proposal is several problems - Cost of system
> construction is higher than proposal "a" etc
>
> Nova litterally knows nothing about Regions, that's a pure Keystone
> concept. From my perspective, you just have to make sure that your
> tenants are per region, you don't really need more to have the tenancy
> segregation at the region level. Caution, I'm not a Keystone expert.
>
> -Sylvain
>
>
>
> >
> > each proposal's detail is following.
> > https://wiki.openstack.org/wiki/Proposal_vDC
> >
> > --
> > Kenji Ishii
> >
> >
> >
> ______________________________________________________________________
> ____
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> ______________________________________________________________________
> ____
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Kenji Ishii
More information about the OpenStack-dev
mailing list