<div dir="ltr">Hey Gorka,<div> Thanks for your input:) I think I need to clarify that our idea is to share the backup resource to another tenants, that is different with transfer as the original tenant still can fully control the backup resource, and the tenants that have been shared to only have the ability to see and read the content of that backup.<br><br><div class="gmail_quote"><div dir="ltr">Gorka Eguileor <<a href="mailto:geguileo@redhat.com">geguileo@redhat.com</a>>于2018年3月21日周三 下午7:15写道:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 20/03, Jay S Bryant wrote:<br>
><br>
><br>
> On 3/19/2018 10:55 PM, TommyLike Hu wrote:<br>
> > Now Cinder can transfer volume (with or without snapshots) to different<br>
> > projects, and this make it possbile to transfer data across tenant via<br>
> > volume or image. Recently we had a conversation with our customer from<br>
> > Germany, they mentioned they are more pleased if we can support transfer<br>
> > data accross tenant via backup not image or volume, and these below are<br>
> > some of their concerns:<br>
> ><br>
> > 1. There is a use case that they would like to deploy their<br>
> > develop/test/product systems in the same region but within different<br>
> > tenants, so they have the requirment to share/transfer data across<br>
> > tenants.<br>
> ><br>
> > 2. Users are more willing to use backups to secure/store their volume<br>
> > data since backup feature is more advanced in product openstack version<br>
> > (incremental backups/periodic backups/etc.).<br>
> ><br>
> > 3. Volume transfer is not a valid option as it's in AZ and it's a<br>
> > complicated process if we would like to share the data to multiple<br>
> > projects (keep copy in all the tenants).<br>
> ><br>
> > 4. Most of the users would like to use image for bootable volume only<br>
> > and share volume data via image means the users have to maintain lots of<br>
> > image copies when volume backup changed as well as the whole system<br>
> > needs to differentiate bootable images and none bootable images, most<br>
> > important, we can not restore volume data via image now.<br>
> ><br>
> > 5. The easiest way for this seems to support sharing backup to different<br>
> > projects, the owner project have the full authority while shared<br>
> > projects only can view/read the backups.<br>
> ><br>
> > 6. AWS has the similar concept, share snapshot. We can share it by<br>
> > modify the snapshot's create volume permissions [1].<br>
> ><br>
> > Looking forward to any like or dislike or suggestion on this idea<br>
> > accroding to my feature proposal experience:)<br>
> ><br>
> ><br>
> > Thanks<br>
> > TommyLike<br>
> ><br>
> ><br>
> > [1]: <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html" rel="noreferrer" target="_blank">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html</a><br>
> ><br>
> ><br>
> > __________________________________________________________________________<br>
> > OpenStack Development Mailing List (not for usage questions)<br>
> > Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
> Tommy,<br>
><br>
> As discussed at the PTG, this still sounds like improper usage of Backup. <br>
> Happy to hear input from others but I am having trouble getting my head<br>
> around it.<br>
><br>
> The idea of sharing a snapshot, as you mention AWS supports sounds like it<br>
> could be a more sensible approach. Why are you not proposing that?<br>
><br>
> Jay<br>
><br>
<br>
Hi,<br>
<br>
I agree with Jay that this sounds like an improper use of Backups, and I<br>
believe that this feature, just like trying to transfer snapshots, would<br>
incur in a lot of code changes as well as an ever greater number of<br>
bugs, because the ownership structure in Cinder is hierarchical and well<br>
defined.<br>
<br>
So if you transferred a snapshot then you would lose that snapshot<br>
information on the source volume, which means that we could not prevent<br>
a volume deletion with a snapshot, or we could prevent it but would<br>
either have to prevent the deletion from happening (creating a terrible<br>
user experience since the user can't delete the volume now because<br>
somebody else still has one of its snapshots) or we have to implement<br>
some kind of "trash" mechanism to postpone cleanup until all the<br>
snapshots have been deleted, which would make our quota code more<br>
complex as well as make our stats reporting and scheduling diverge from<br>
what the user think has actually happened (they deleted a bunch of<br>
volumes but the data has not been freed from the backend).<br>
<br>
As for backups, you have an even worse situation because of our<br>
incremental backups, since transferring ownership of an incremental<br>
backup will create similar deletion issues as the snapshots but we also<br>
require access to all all incremental snapshots to restore a volume. So<br>
the only alternative would be to only allow transferring a full Backup<br>
and this would carry all the incremental backups with it.<br>
<br>
All in all I think this would be an abuse of the Backups, and as stated<br>
by TommyLike we already have mechanisms to do this via images and volume<br>
transfers.<br>
<br>
Although I have to admit that after giving this some thought there is a<br>
very good case where it wouldn't be an abuse and where we should allow<br>
transferring full backups together with all their incremental backups,<br>
and that is when you transfer a volume. If we transfer a volume with<br>
all its snapshots, it makes sense that we should also allow transferring<br>
its backups, after all the original source of the backups no longer<br>
belongs to the owner of the backups.<br>
<br>
To summarize, if we are talking about transferring only full backups<br>
with all their dependent incremental backup then I probably won't oppose<br>
the change.<br>
<br>
Cheers,<br>
Gorka.<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div></div></div>