<div dir="ltr"><div class="gmail_extra">Admin creating service instance for a tenant could common use case. But ownership of service can be controlled via already existing access control mechanism in openstack. If the service instance belonged to a particular project then other tenants should by definition should not be able to use this instance.<br>
<br><div class="gmail_quote">On Tue, Oct 8, 2013 at 11:34 PM, Bob Melander (bmelande) <span dir="ltr"><<a href="mailto:bmelande@cisco.com" target="_blank">bmelande@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>For use case 2, ability to "pin" an admin/operator owned VM to a particular tenant can be useful.</div>
<div>I.e., the service VMs are owned by the operator but a particular service VM will only allow service instances from a single tenant.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Bob</div>
<div><br>
</div>
<span>
<div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style="font-weight:bold">From: </span><Regnier>, Greg J <<a href="mailto:greg.j.regnier@intel.com" target="_blank">greg.j.regnier@intel.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>OpenStack Development Mailing List <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>tisdag 8 oktober 2013 23:48<br>
<span style="font-weight:bold">To: </span>"<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>[openstack-dev] [Neutron] Service VM discussion - Use Cases<br>
</div><div><div class="h5">
<div><br>
</div>
<div>
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Hi,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Re: blueprint: <a href="https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms" target="_blank">
https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms</a><u></u><u></u></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Before going into more detail on the mechanics, would like to nail down use cases.
<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Based on input and feedback, here is what I see so far.
<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Assumptions:<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">- a 'Service VM' hosts one or more 'Service Instances'<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">- each Service Instance has one or more Data Ports that plug into Neutron networks<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">- each Service Instance has a Service Management i/f for Service management (e.g. FW rules)<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">- each Service Instance has a VM Management i/f for VM management (e.g. health monitor)<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Use case 1: Private Service VM
<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Owned by tenant<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">VM hosts one or more service instances<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Ports of each service instance only plug into network(s) owned by tenant<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Use case 2: Shared Service VM<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Owned by admin/operator<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">VM hosts multiple service instances<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">The ports of each service instance plug into one tenants network(s)<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Service instance provides isolation from other service instances within VM<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif"> <u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11pt;font-family:Calibri,sans-serif">Use case 3: Multi-Service VM<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Either Private or Shared Service VM<u></u><u></u></span></p>
<p style="margin-right:0in;margin-bottom:0in;margin-left:27.0pt;margin-bottom:.0001pt">
<span style="font-size:11pt;font-family:Calibri,sans-serif">Support multiple service types (e.g. FW, LB, …)<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p style="margin-left:.75in">
<span>-<span style="font:7.0pt "Times New Roman"">
</span></span>Greg<u></u><u></u></p>
</div>
</div>
</div>
</div></div></span>
</div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>