Topic & short description Topic: Getting Glance Ready for Public Clouds Description: Currently Glance is exposed to users through Nova; this is becoming a problem because new Glance features require a Nova extension. It would be better to have Glance as a first-class member of the OpenStack ecosystem. But in order for this to happen, we (as in OpenStack cloud providers) would need at least: more robust user roles to allow per-user: rate limits quotas RBAC (per-tenant) protected image properties image-related restrictions e.g., there may be contractual reasons why you wouldn't want to allow download of specific images based not on the user, but on the image itself; might be the case for other actions) other API changes from increased load There are currently blueprints for rate limits, but an alternative approach would be to think that rate limiting should be done in front of Glance by Repose or a similar system that understands Keystone. Link to etherpad discussion [https://etherpad.openstack.org/havana-getting-glance-ready-for-public-clouds] https://etherpad.openstack.org/havana-getting-glance-ready-for-public-clouds Summary of summit consensus (if any) about how to proceed 1. rate limits: should be done by something in front of glance 2. quotas: no consensus requires further research. There are 2 related blueprints: [https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas] https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas [https://blueprints.launchpad.net/nova/+spec/ledger-quota-subsystem] https://blueprints.launchpad.net/nova/+spec/ledger-quota-subsystem : proposed as a Nova subsystem, would be better in Oslo? The BPs were proposed by Artem Andreev ([https://launchpad.net/~just-wow] https://launchpad.net/~just-wow ), not sure if he's still interested in working on this3. protected image properties has an approved blueprint [https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection] https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection details are under discussion: [https://etherpad.openstack.org/public-glance-protected-props] https://etherpad.openstack.org/public-glance-protected-props volunteers to work on this: smclaren, isethi, & mikal4. upload and download workflow Workflow discussion in summit etherpad and blueprint Blueprint: [https://blueprints.launchpad.net/glance/+spec/upload-download-workflow] https://blueprints.launchpad.net/glance/+spec/upload-download-workflow List of blueprints and assignees (if any) [https://blueprints.launchpad.net/glance/+spec/uplopad-download-workflow] https://blueprints.launchpad.net/glance/+spec/upload-download-workflow status: New assignee: none [https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection] https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection status: Approved for Havana-M1 assignee: Mark W [https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas] https://blueprints.launchpad.net/glance/+spec/glance-basic-quotas status: Drafting assignee: none -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130424/f0cc3149/attachment.html>