On Fri, Feb 1, 2019 at 7:34 AM Lars Kellogg-Stedman <lars@redhat.com> wrote:
On Thu, Jan 31, 2019 at 12:09:07PM +0100, Dmitry Tantsur wrote:
Some first steps have been done: http://specs.openstack.org/openstack/ironic-specs/specs/not-implemented/owne.... We need someone to drive the futher design and implementation though.
That spec seems to be for a strictly informational field. Reading through it, I guess it's because doing something like this...
openstack baremetal node set --property owner=lars
...leads to sub-optimal performance when trying to filter a large number of hosts. I see that it's merged already, so I guess this is commenting-after-the-fact, but that seems like the wrong path to follow: I can see properties like "the contract id under which this system was purchased" being as or more important than "owner" from a large business perspective, so making it easier to filter by property on the server side would seem to be a better solution.
Or implement full multi-tenancy so that "owner" is more than simply informational, of course :).
My original thought was more enable multi-purpose usage and should we ever get to a point where we want to offer filtered views by saying a baremetal_user can only see machines whose owner is set by their tenant. Sub-optimal for sure, but in order not to break baremetal_admin level usage we have to have a compromise. The alternative that comes to mind is build a new permission matrix model that delineates the two, but at some point someone is still the "owner" and is responsible for the hardware. The details we kind of want to keep out of storage and consideration in ironic are the more CMDB-ish details that would things like contracts and acquisition dates. The other things we should consider is "Give me a physical machine" versus "I have my machines, I need to use them" approaches and such a model. I suspect this is quickly becoming a Forum worthy session.
-- Lars Kellogg-Stedman <lars@redhat.com> | larsks @ {irc,twitter,github} http://blog.oddbit.com/ |