[openstack-dev] [Nova][TripleO] Nested resources

Robert Collins robertc at robertcollins.net
Mon Dec 9 20:40:11 UTC 2013


On 6 December 2013 14:11, Fox, Kevin M <kevin.fox at pnnl.gov> wrote:
> I think the security issue can be handled by not actually giving the underlying resource to the user in the first place.
>
> So, for example, if I wanted a bare metal node's worth of resource for my own containering, I'd ask for a bare metal node and use a "blessed" image that contains docker+nova bits that would hook back to the cloud. I wouldn't be able to login to it, but containers started on it would be able to access my tenant's networks. All access to it would have to be through nova suballocations. The bare resource would count against my quotas, but nothing run under it.
>
> Come to think of it, this sounds somewhat similar to what is planned for Neutron service vm's. They count against the user's quota on one level but not all access is directly given to the user. Maybe some of the same implementation bits could be used.

This is a super interesting discussion - thanks for kicking it off.

I think it would be fantastic to be able to use containers for
deploying the cloud rather than full images while still running
entirely OpenStack control up and down the stack.

Briefly, what we need to be able to do that is:

 - the ability to bring up an all in one node with everything on it to
'seed' the environment.
    - we currently do that by building a disk image, and manually
running virsh to start it
 - the ability to reboot a machine *with no other machines running* -
we need to be able to power off and on a datacentre - and have the
containers on it come up correctly configured, networking working,
running etc.
 - we explicitly want to be just using OpenStack APIs for all the
deployment operations after the seed is up; so no direct use of lxc or
docker or whathaveyou.

Cheers,
Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud



More information about the OpenStack-dev mailing list