[nova] Applying custom policies at VM creation time

gustavo panizzo gfa+os at zumbi.com.ar
Fri Jul 9 06:44:41 UTC 2021 

Hi

On Thu, Jul 08, 2021 at 02:44:18PM +0100, Sean Mooney wrote:
>On Thu, 2021-07-08 at 13:47 +0200, gustavo panizzo wrote:
>> Hello
>>
>> I'd like to reject VM creation or mutate the request depending on
>> custom (business) logic
>>
>> for example
>>
>> - reject duplicate names within the same neutron network(s)
>there is kind of a config option that will do this in nova
>https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.osapi_compute_unique_server_name_scope
>you can require server nbames to be    unique at the  project or  global level.
>
>its not per network but similar.
>

I wasnt aware of that setting

>i assuem you are using designate or simialr to regsiter the vsm in dns extra and that is why you want them to be unique
>per network. not that you can have multipel ports on the same network attached to the same vm too so you will have to be carful
>not to break that if its imporatnt to your usecase.
>
>
>> - change the VM name to append a number or increase it (VM-1 requested,
>>    VM-1 already exists so it gets created as VM-2)
>
>you could do this with midelware using oslo.middelware and updating nova paste.ini file to runit
>here is the default requestid middelware for example
>
>
>https://github.com/openstack/oslo.middleware/blob/master/oslo_middleware/request_id.py
>
>we have our own version of that which is enabeld here
>https://github.com/openstack/nova/blob/master/etc/nova/api-paste.ini#L48-L49
>
>> - reject some values for particular keys on metadata (role=db rejected
>>    for project foo)
>again this can be done with midelware in the same way
>
>>
>>
>> How can I accomplish this? I really don't want to patch nova
>you can do this without patching nova but just a word of warnign that it will likely violate any supprot agreement you may have
>if you are extendign a vendor distibution of openstack
>
>if you are deploying form souce however this is the "supported" way to do this.
>supported is proably oversting things but this is what middelware is for.
>>

thanks, oslo_middleware is exactly what i'm looking for

>> thanks
>>
>> PS: I found https://github.com/roaet/wafflehaus but it looks it hasn't been
>> touched in years
>>
>
>

-- 
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

More information about the openstack-discuss mailing list