Trove Multi-Tenancy
Hi, I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account. Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy. Below is the configuration [DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 nova_keypair = trove-key debug = true trace = true # MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 [redis] tcp_ports = 6379,16379 # Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword [service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword -- Regards, Syed Ammad Ali
From your configuration, once a trove instance is created, a nova server is created in the "service" project, as trove user, you can only show the
Hi Syed, What's the trove version you've deployed? trove instance. --- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes) On Fri, Feb 5, 2021 at 12:40 AM Ammad Syed <syedammad83@gmail.com> wrote:
Hi,
I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account.
Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy.
Below is the configuration
[DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200
nova_keypair = trove-key
debug = true trace = true
# MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove
[mariadb] tcp_ports = 3306,4444,4567,4568
[mysql] tcp_ports = 3306
[postgresql] tcp_ports = 5432
[redis] tcp_ports = 6379,16379
# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
[service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
-- Regards,
Syed Ammad Ali
Hello Kong, I am using latest victoria release and trove 14.0. Yes you are right, this is exactly happening. All the nova instances are in trove user service project. From my admin user i am only able to list database instances. Is it possible that all nova instances should also deploy in any tenant project i.e if i am deploying database instance from admin user having adminproject and default domain the nova instance should be in adminproject rather then trove service project. Ammad Sent from my iPhone
On Feb 5, 2021, at 1:49 AM, Lingxian Kong <anlin.kong@gmail.com> wrote:
Hi Syed,
What's the trove version you've deployed?
From your configuration, once a trove instance is created, a nova server is created in the "service" project, as trove user, you can only show the trove instance.
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 12:40 AM Ammad Syed <syedammad83@gmail.com> wrote: Hi,
I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account.
Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy.
Below is the configuration
[DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200
nova_keypair = trove-key
debug = true trace = true
# MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove
[mariadb] tcp_ports = 3306,4444,4567,4568
[mysql] tcp_ports = 3306
[postgresql] tcp_ports = 5432
[redis] tcp_ports = 6379,16379
# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
[service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
-- Regards,
Syed Ammad Ali
There are several config options you can change to support this model: [DEFAULT] remote_nova_client = trove.common.clients.nova_client remote_neutron_client = trove.common.clients.neutron_client remote_cinder_client = trove.common.clients.cinder_client remote_glance_client = trove.common.clients.glance_client *However, those configs are extremely not recommended and not maintained any more in Trove, *which means, function may broken in this case. The reasons are many folds. Apart from the security reason, one important thing is, Trove is a database as a service, what the cloud user is getting from Trove are the access to the database and some management APIs for database operations, rather than a purely Nova VM that has a database installed and can be accessed by the cloud user. If you prefer this model, why not just create Nova VM on your own and manually install database software so you have more control of that? --- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes) On Fri, Feb 5, 2021 at 6:52 PM Ammad Syed <syedammad83@gmail.com> wrote:
Hello Kong,
I am using latest victoria release and trove 14.0.
Yes you are right, this is exactly happening. All the nova instances are in trove user service project. From my admin user i am only able to list database instances.
Is it possible that all nova instances should also deploy in any tenant project i.e if i am deploying database instance from admin user having adminproject and default domain the nova instance should be in adminproject rather then trove service project.
Ammad Sent from my iPhone
On Feb 5, 2021, at 1:49 AM, Lingxian Kong <anlin.kong@gmail.com> wrote:
Hi Syed,
What's the trove version you've deployed?
From your configuration, once a trove instance is created, a nova server is created in the "service" project, as trove user, you can only show the trove instance.
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 12:40 AM Ammad Syed <syedammad83@gmail.com> wrote:
Hi,
I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account.
Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy.
Below is the configuration
[DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200
nova_keypair = trove-key
debug = true trace = true
# MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove
[mariadb] tcp_ports = 3306,4444,4567,4568
[mysql] tcp_ports = 3306
[postgresql] tcp_ports = 5432
[redis] tcp_ports = 6379,16379
# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
[service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
-- Regards,
Syed Ammad Ali
Hi Lingxian, You are right, the user has access to the database instance and that is what a user expects from Database as a Service. I was thinking as a cloud operator keeping in view the billing perspective, we usually do billing in terms of nova instance. Here we need to change our approach. Ammad Ali On Fri, Feb 5, 2021 at 3:08 PM Lingxian Kong <anlin.kong@gmail.com> wrote:
There are several config options you can change to support this model:
[DEFAULT] remote_nova_client = trove.common.clients.nova_client remote_neutron_client = trove.common.clients.neutron_client remote_cinder_client = trove.common.clients.cinder_client remote_glance_client = trove.common.clients.glance_client
*However, those configs are extremely not recommended and not maintained any more in Trove, *which means, function may broken in this case.
The reasons are many folds. Apart from the security reason, one important thing is, Trove is a database as a service, what the cloud user is getting from Trove are the access to the database and some management APIs for database operations, rather than a purely Nova VM that has a database installed and can be accessed by the cloud user. If you prefer this model, why not just create Nova VM on your own and manually install database software so you have more control of that?
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 6:52 PM Ammad Syed <syedammad83@gmail.com> wrote:
Hello Kong,
I am using latest victoria release and trove 14.0.
Yes you are right, this is exactly happening. All the nova instances are in trove user service project. From my admin user i am only able to list database instances.
Is it possible that all nova instances should also deploy in any tenant project i.e if i am deploying database instance from admin user having adminproject and default domain the nova instance should be in adminproject rather then trove service project.
Ammad Sent from my iPhone
On Feb 5, 2021, at 1:49 AM, Lingxian Kong <anlin.kong@gmail.com> wrote:
Hi Syed,
What's the trove version you've deployed?
From your configuration, once a trove instance is created, a nova server is created in the "service" project, as trove user, you can only show the trove instance.
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 12:40 AM Ammad Syed <syedammad83@gmail.com> wrote:
Hi,
I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account.
Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy.
Below is the configuration
[DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200
nova_keypair = trove-key
debug = true trace = true
# MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove
[mariadb] tcp_ports = 3306,4444,4567,4568
[mysql] tcp_ports = 3306
[postgresql] tcp_ports = 5432
[redis] tcp_ports = 6379,16379
# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
[service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
-- Regards,
Syed Ammad Ali
-- Regards, Syed Ammad Ali
In Trove's case, I would suggest to consider the flavor/volume of the instance and floating IP if instance is public. --- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes) On Mon, Feb 8, 2021 at 5:51 PM Ammad Syed <syedammad83@gmail.com> wrote:
Hi Lingxian,
You are right, the user has access to the database instance and that is what a user expects from Database as a Service. I was thinking as a cloud operator keeping in view the billing perspective, we usually do billing in terms of nova instance. Here we need to change our approach.
Ammad Ali
On Fri, Feb 5, 2021 at 3:08 PM Lingxian Kong <anlin.kong@gmail.com> wrote:
There are several config options you can change to support this model:
[DEFAULT] remote_nova_client = trove.common.clients.nova_client remote_neutron_client = trove.common.clients.neutron_client remote_cinder_client = trove.common.clients.cinder_client remote_glance_client = trove.common.clients.glance_client
*However, those configs are extremely not recommended and not maintained any more in Trove, *which means, function may broken in this case.
The reasons are many folds. Apart from the security reason, one important thing is, Trove is a database as a service, what the cloud user is getting from Trove are the access to the database and some management APIs for database operations, rather than a purely Nova VM that has a database installed and can be accessed by the cloud user. If you prefer this model, why not just create Nova VM on your own and manually install database software so you have more control of that?
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 6:52 PM Ammad Syed <syedammad83@gmail.com> wrote:
Hello Kong,
I am using latest victoria release and trove 14.0.
Yes you are right, this is exactly happening. All the nova instances are in trove user service project. From my admin user i am only able to list database instances.
Is it possible that all nova instances should also deploy in any tenant project i.e if i am deploying database instance from admin user having adminproject and default domain the nova instance should be in adminproject rather then trove service project.
Ammad Sent from my iPhone
On Feb 5, 2021, at 1:49 AM, Lingxian Kong <anlin.kong@gmail.com> wrote:
Hi Syed,
What's the trove version you've deployed?
From your configuration, once a trove instance is created, a nova server is created in the "service" project, as trove user, you can only show the trove instance.
--- Lingxian Kong Senior Cloud Engineer (Catalyst Cloud) Trove PTL (OpenStack) OpenStack Cloud Provider Co-Lead (Kubernetes)
On Fri, Feb 5, 2021 at 12:40 AM Ammad Syed <syedammad83@gmail.com> wrote:
Hi,
I have deployed trove and database instance deployment is successful. But the problem is all the database servers are being created in service account i.e openstack instance list shows the database instances in admin user but when I check openstack server list the database instance won't show up here, its visible in trove service account.
Can you please advise how the servers will be visible in admin account ? I want to enable multi-tenancy.
Below is the configuration
[DEFAULT] log_dir = /var/log/trove # RabbitMQ connection info transport_url = rabbit://openstack:password@controller control_exchange = trove trove_api_workers = 5 network_driver = trove.network.neutron.NeutronDriver taskmanager_manager = trove.taskmanager.manager.Manager default_datastore = mysql cinder_volume_type = database_storage reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200
nova_keypair = trove-key
debug = true trace = true
# MariaDB connection info [database] connection = mysql+pymysql://trove:password@mariadb01/trove
[mariadb] tcp_ports = 3306,4444,4567,4568
[mysql] tcp_ports = 3306
[postgresql] tcp_ports = 5432
[redis] tcp_ports = 6379,16379
# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
[service_credentials] auth_url = http://controller:5000 region_name = RegionOne project_domain_name = default user_domain_name = default project_name = service username = trove password = servicepassword
-- Regards,
Syed Ammad Ali
-- Regards,
Syed Ammad Ali
participants (2)
-
Ammad Syed
-
Lingxian Kong