<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>Hi Henrique</div><div><br></div>I disagree with the idea that the other services should use domains. They need a concept of hierarchical ownership which we have been discussiong. Domains is one way of representing such an ownership hierarchy but i think it is too limited.<div><br></div><div>The POC code I created for hierarchical multitenancy[1] makes nova support something similar to what you want for listing projects. It needs to be extended to quotas and images, but as a concept it seems to work just fine.</div><div><br></div><div>There are a few remaining issues to work out around displaying the names of the hierarchy but I think this is a superior direction to adding a separate domain concept into the other services.</div><div><br></div><div>Vish</div><div><br></div><div>[1] <a href="https://github.com/vishvananda/nova/commit/ae4de19560b0a3718efaffb6c205c7a3c372412f">https://github.com/vishvananda/nova/commit/ae4de19560b0a3718efaffb6c205c7a3c372412f</a><br><div><div>On Feb 19, 2014, at 4:21 AM, Henrique Truta <<a href="mailto:henriquecostatruta@gmail.com">henriquecostatruta@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">Hi everyone.</span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">It is necessary to make Nova support the Domain quotas and create a new administrative perspective</span><span style="font-size:15px;font-family:Arial;color:rgb(0,0,255);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">.</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> Here are some reasons why Nova should support domains: </span><span style="font-size:15px;font-family:Arial;color:rgb(255,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">1
 - It's interesting to keep the main Openstack components sharing the 
same concept, once it has already been made in Keystone. In Keystone, 
the domain defines more administrative boundaries and makes management 
of its entities easier.</span><span style="font-size:15px;font-family:Arial;color:rgb(255,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">2
 - Nova shouldn’t be so tied in to projects. Keystone was created to 
abstract concepts like these to other modules, like Nova. In addition, 
Nova needs to be flexible enough to work with the new functionalities 
that Keystone will provide. If we keep</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> the</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> Nova tied</span><span style="font-size:15px;font-family:Arial;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"> </span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">in</span><span style="font-size:15px;font-family:Arial;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"> to</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> projects (or domain</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">s</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">), we will be far from the Nova focus which is providing compute services.</span><span style="font-size:15px;font-family:Arial;color:rgb(255,0,0);background-color:transparent;font-weight:bold;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">3 - There is also the Domain Quota Driver BP (</span><a style="text-decoration:none" href="https://blueprints.launchpad.net/nova/+spec/domain-quota-driver" target="_blank"><span style="font-size:15px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">https://blueprints.launchpad.net/nova/+spec/domain-quota-driver</span></a><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">), which impl</span><span style="font-size:15px;font-family:Arial;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ementation has </span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">already </span><span style="font-size:15px;font-family:Arial;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">began. This Blueprint allows the us</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">er
 to handle quotas at domain level. Nova requires domains to make this 
feature work properly, right above the project level. There is also an 
implementation that includes the domain information on the token 
context. This implementation have to be included as well: </span><a style="text-decoration:none" href="https://review.openstack.org/#/c/55870/" target="_blank"><span style="font-size:15px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">https://review.openstack.org/#/c/55870/</span></a><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> .</span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">4 - The Nova API must be extended in order to enable domain-level operations, that only work at project-level such as:</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">    - Listing, viewing and deleting images;</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">    - Deleting and listing servers;</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">    - Perform server actions like changing passwords, reboot, rebuild and resize;</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">    - CRUD and listing on server metadata;</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> In addition to provide quot</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">a</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> management through the API and establishment of a new administrative scope.</span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">In order to accomplish these features, the token must contain the domain </span><span style="font-size:15px;font-family:Arial;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">information</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">s</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">, which will be included as mentioned in item 3. Then,</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> the</span><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> Nova API calls will be changed to consider the domain information and when a call referent to a project is made (e.g. servers).</span><span style="font-size:15px;font-family:Arial;color:rgb(255,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">What do you think about it? Any additional suggestions?</span></div><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"> </span></p><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">Thanks.</span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><br><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal"></span></div><div style="line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt;"><span style="vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;background-color:transparent;text-decoration:none;font-family:Arial;font-weight:normal">Henrique Truta<br>
</span></div>
</div>
_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<br></blockquote></div><br></div></body></html>