<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 27 May 2016, at 16:11, Sean Dague <<a href="mailto:sean@dague.net" class="">sean@dague.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On 05/27/2016 04:23 AM, Dario Vianello wrote:<br class=""><blockquote type="cite" class=""><br class=""><blockquote type="cite" class="">On 25 May 2016, at 17:31, Tim Bell <<a href="mailto:Tim.Bell@cern.ch" class="">Tim.Bell@cern.ch</a><br class=""><<a href="mailto:Tim.Bell@cern.ch" class="">mailto:Tim.Bell@cern.ch</a>>> wrote:<br class=""><br class=""><br class="">On 25/05/16 17:36, "Sean Dague" <<a href="mailto:sean@dague.net" class="">sean@dague.net</a><br class=""><<a href="mailto:sean@dague.net" class="">mailto:sean@dague.net</a>>> wrote:<br class=""><br class=""><blockquote type="cite" class="">On 05/23/2016 10:24 AM, Tim Bell wrote:<br class=""><blockquote type="cite" class=""><br class=""><br class="">Quick warning for those who are dependent on the "user_id:%(user_id)s"<br class="">syntax for limiting actions by user. According to <br class=""><a href="https://bugs.launchpad.net/nova/+bug/1539351" class="">https://bugs.launchpad.net/nova/+bug/1539351</a>, this behavior was<br class="">apparently not intended according to the bug report feedback. The<br class="">behavior has changed from v2 to v2.1 and the old syntax no longer works.<br class=""><br class=""><br class=""><br class="">There can be security implications also so I’d recommend those using<br class="">this current v2 feature to review the bug to understand the potential<br class="">impacts as clouds enable v2.1.<br class=""></blockquote><br class="">The Nova team is currently lacking information about the minimum number<br class="">of user_id supporting policy points are needed. Because supporting<br class="">user_id everywhere is definitely not going to be an option.<br class=""><br class="">We really need very detailed lists of which actions are required, and<br class="">why. And for all server actions why "lock" action is not sufficient. And<br class="">we need all of that by N1, which is in a week. With that we can evaluate<br class="">what can be added to the API stack. Especially because this all needs<br class="">tests so it doesn't regress. So if we can keep it at a small number of<br class="">operations, it is way more likely to happen. If this grows to<br class="">"everything", it definitely won't.<br class=""><br class="">It would honestly be great if people affected by this could also<br class="">prioritize top to bottom what operations are most important. Detailed<br class="">use case and priority is really needed to figure out what can be done.<br class=""><br class=""></blockquote><br class="">Thanks for looking into this. The current set of activities that our<br class="">developers want to do for their VMs (and do not want other doing to<br class="">their instances ☺ are<br class=""><br class="">- power off/power on/restart<br class="">- VNC console (since this also allows the above with appropriate SysRq)<br class="">- delete VM<br class=""><br class="">I think in the longer term, we’ll can work together to find a way to<br class="">do this with nested projects and some kind of automatic project<br class="">creation but without nested quotas and image sharing in the hierarchy<br class="">being priorities, these are not yet at functional parity compared to<br class="">the current Nova V2 implementation.<br class=""><br class="">Tim<br class=""></blockquote><br class="">Here at EMBL-EBI we are touched by this possible change in several ways:<br class="">- to properly federate our OpenStack to the EGI FedCloud, which requires<br class="">this feature. More on this coming, I hope somebody from the EGI will<br class="">post here soon.<br class="">- to support the same activities mentioned by Tim (power off/on/restart,<br class="">console, VM deletion) in our about-to-come dev platform<br class="">- to effectively support the long term of science scenario, where a<br class="">single tenancy is shared by different independent researches to do their<br class="">computation. <br class=""><br class="">I do agree that all this can be tackled by leveraging the nested<br class="">projects, but especially for the FedCloud we are committed to deliver<br class="">soon. Strip this feature out of Nova 2.1 would thus be an issue for us. <br class=""></blockquote><br class="">Ok, but these are not the level of detail that we need to be actionable.<br class="">We realistically need an ordered list of every policy rule changed in<br class="">the importance of how that impacts things.<br class=""><br class="">What is listed above is way too high level to understand any of that.<br class="">From Tim we got a small list of actions, we can probably work with that.<br class=""><br class="">And to be clear, this feature already doesn't exist in master as it went<br class="">away in the default implementation 2 releases ago. We're talking about<br class="">new feature development here, which is real work. And this feature will<br class="">be marked as deprecated when should it go in, so other alternatives are<br class="">going to need to be considered here.<br class=""><br class=""></div></div></blockquote><div>Hi Sean,</div><div><br class=""></div><div>yep, I agree that what Tim listed is a good staring point (also for us). </div><div><br class=""></div><div><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>-Sean<br class=""><br class="">-- <br class="">Sean Dague<br class=""><a href="http://dague.net" class="">http://dague.net</a><br class=""><br class="">_______________________________________________<br class="">OpenStack-operators mailing list<br class="">OpenStack-operators@lists.openstack.org<br class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators<br class=""></div></div></blockquote></div><br class=""><div class="">Cheers,</div><div class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><font face="Helvetica Neue" class=""><i class="">Dario Vianello</i></font></div><div class=""><font face="Helvetica Neue" class=""><br class=""></font></div><div class=""><font face="Helvetica Neue" class=""><b class="">Cloud Bioinformatics Application Architect</b></font></div><div class=""><font face="Helvetica Neue" color="#84bd73" class=""><b class="">European Bioinformatics Institute (EMBL-EBI)</b></font></div><div class=""><font face="Helvetica Neue" class="">Wellcome Trust Genome Campus, Hinxton, Cambridge, CB10 1SD, UK</font></div><div class=""><font face="Helvetica Neue" class="">Email: <a href="mailto:dario@ebi.ac.uk" class="">dario@ebi.ac.uk</a></font></div><div class=""><br class=""></div></div></div></div></body></html>