<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Hi Henrique,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">I agree with your thoughts and in my opinion every OpenStack service has to be Domain aware. Specially it will be more helpful in large scale OpenStack deployments where IAM
 resources are scoped to a domain but other services (e.g. Nova) are just not aware of domains.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Arvind<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Henrique Truta [mailto:henriquecostatruta@gmail.com]
<br>
<b>Sent:</b> Wednesday, February 19, 2014 5:21 AM<br>
<b>To:</b> openstack-dev@lists.openstack.org<br>
<b>Subject:</b> [openstack-dev] [Nova] Including Domains in Nova<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Hi everyone.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">It is necessary to make Nova support the Domain quotas and create a new administrative perspective<span style="color:blue">.</span> Here are some reasons
 why Nova should support domains: </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">1 - It's interesting to keep the main Openstack components sharing the same concept, once it has already been made in Keystone. In Keystone, the domain
 defines more administrative boundaries and makes management of its entities easier.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">2 - Nova shouldn’t be so tied in to projects. Keystone was created to abstract concepts like these to other modules, like Nova. In addition, Nova needs
 to be flexible enough to work with the new functionalities that Keystone will provide. If we keep the Nova tied in to projects (or domains), we will be far from the Nova focus which is providing compute services.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">3 - There is also the Domain Quota Driver BP (</span><a href="https://blueprints.launchpad.net/nova/+spec/domain-quota-driver" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:#1155CC">https://blueprints.launchpad.net/nova/+spec/domain-quota-driver</span></a><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">),
 which implementation has already began. This Blueprint allows the user to handle quotas at domain level. Nova requires domains to make this feature work properly, right above the project level. There is also an implementation that includes the domain information
 on the token context. This implementation have to be included as well: </span><a href="https://review.openstack.org/#/c/55870/" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:#1155CC">https://review.openstack.org/#/c/55870/</span></a><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">
 .</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">4 - The Nova API must be extended in order to enable domain-level operations, that only work at project-level such as:</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">    - Listing, viewing and deleting images;</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">    - Deleting and listing servers;</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">    - Perform server actions like changing passwords, reboot, rebuild and resize;</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">    - CRUD and listing on server metadata;</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">In addition to provide quota management through the API and establishment of a new administrative scope.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">In order to accomplish these features, the token must contain the domain informations, which will be included as mentioned in item 3. Then, the Nova
 API calls will be changed to consider the domain information and when a call referent to a project is made (e.g. servers).</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">What do you think about it? Any additional suggestions?<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">AT: Keystone also has to enforce the domain scoping more strongly, as in the current model Keystone resources are not required to be
 scoped  a domain. <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Thanks.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Henrique Truta</span><o:p></o:p></p>
</div>
</div>
</body>
</html>