<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/13/2013 07:50 AM, Steven Dake
wrote:<br>
</div>
<blockquote cite="mid:5282788F.2030109@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 11/12/2013 10:25 AM, Kodam,
Vijayakumar (EXT-Tata Consultancy Ser - FI/Espoo) wrote:<br>
</div>
<blockquote
cite="mid:1A252E4E4F511F4F99C4999A8A7E5F7415C4045B@DEMUMBX011.nsn-intra.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style type="text/css" id="owaParaStyle"></style>
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;"><font face="Calibri, sans-serif"><span
style="font-size: 15px;">Hi,</span></font>
<div><font face="Calibri, sans-serif"><span style="font-size:
15px;"><br>
</span></font></div>
<div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; text-indent: 36pt; margin:
0px;"> <span style="font-size: 11pt; font-family:
Calibri, sans-serif; text-indent: 36pt;">In Telecom
Cloud applications, the requirements for every
application are different. One application might need 10
CPUs, 10GB RAM and no disk. Another application might
need 1 CPU, 512MB RAM and 100GB Disk. This varied
requirements directly affects the flavors which need to
be created for different applications (virtual
instances). Customer has his own custom requirements for
CPU, RAM and other hardware requirements. So, based on
the requests from the customers, we believe that the
flavor creation should be done along with the instance
creation, just before the instance is created. Most of
the flavors will be specific to that application and
therefore will not be suitable by other instances.</span></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;"> </span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; text-indent: 36pt; margin:
0px;"> <font face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;">The obvious way is to
allow users to create flavors and boot customized
instances through Heat. As of now, users can
launch instances through heat along with
predefined nova flavors only. We have made some
changes in our setup and tested it. This change
allows creation of customized nova flavors using
heat templates. We are also using extra-specs in
the flavors for use in our private cloud
deployment.</span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; text-indent: 36pt; margin:
0px;"> <font face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;">This gives an option to
the user to mention custom requirements for the
flavor in the heat template directly along with
the instance details. There is one problem in the
nova flavor creation using heat templates. Admin
privileges are required to create nova flavors.
There should be a way to allow a normal user to
create flavors.</span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;"> </span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;">Your comments and
suggestions are most welcome on how to handle this
problem !!!</span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;"><br>
</span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;">Regards,</span></font></span></font></div>
<div style="font-family: 'Segoe UI', Helvetica, Arial,
sans-serif; font-size: medium; margin: 0px;"> <font
face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font
face="Calibri,sans-serif" size="2"><span
style="font-size: 11pt;">Vijaykumar Kodam</span></font></span></font></div>
</div>
<div><font face="Times New Roman,serif" size="3"><span
style="font-size: 12pt;"><font face="Calibri,sans-serif"
size="2"><span style="font-size: 11pt;"><br>
</span></font></span></font></div>
</div>
</blockquote>
<font size="2"><font face="Calibri,sans-serif">Vjaykumar,<br>
<br>
I have long believed that an OS::Nova::Flavor resource would
make a good addition to Heat, but as you pointed out, this
type of resource requires administrative priveleges. I
generally also believe it is bad policy to implement resources
that *require* admin privs to operate, because that results in
yet more resources that require admin. We are currently
solving the IAM user cases (keystone doesn't allow the
creation of users without admin privs).<br>
<br>
It makes sense that cloud deployers would want to control who
could create flavors to avoid DOS attacks against their
inrastructure or prevent trusted users from creating a wacky
flavor that the physical infrastructure can't support. I'm
unclear if nova offers a way to reduce permissions required
for flavor creation. One option that may be possible is via
the keystone trusts mechanism.<br>
<br>
Steve Hardy did most of the work integrating Heat with the new
keystone trusts system - perhaps he has some input.<br>
<br>
</font></font> </blockquote>
I would be happy for you to submit your OS::Nova::Flavor resource to
heat. There are a couple of nova-specific issues that will need to
be addressed:<br>
* Is there optimization in nova required to handle the proliferation
of flavors? Nova may currently make the assumption that the flavor
list is short and static.<br>
* How to provide an authorization policy that allows non-admins to
create flavors. Maybe something role-based? <br>
</body>
</html>