[openstack-dev] [keystone] role of Domain in VPC definition
Martin, JC
jch.martin at gmail.com
Tue Feb 11 20:45:44 UTC 2014
Ravi,
It seems that the following Blueprint
https://wiki.openstack.org/wiki/Blueprint-aws-vpc-support
has been approved.
However, I cannot find a discussion with regard to the merit of using project vs. domain, or other mechanism for the implementation.
I have an issue with this approach as it prevents tenants within the same domain sharing the same VPC to have projects.
As an example, if you are a large organization on AWS, it is likely that you have a large VPC that will be shred by multiple projects. With this proposal, we loose that capability, unless I missed something.
JC
On Dec 19, 2013, at 6:10 PM, Ravi Chunduru <ravivsn at gmail.com> wrote:
> Hi,
> We had some internal discussions on role of Domain and VPCs. I would like to expand and understand community thinking of Keystone domain and VPCs.
>
> Is VPC equivalent to Keystone Domain?
>
> If so, as a public cloud provider - I create a Keystone domain and give it to an organization which wants a virtual private cloud.
>
> Now the question is if that organization wants to have departments wise allocation of resources it is becoming difficult to visualize with existing v3 keystone constructs.
>
> Currently, it looks like each department of an organization cannot have their own resource management with in the organization VPC ( LDAP based user management, network management or dedicating computes etc.,) For us, Openstack Project does not match the requirements of a department of an organization.
>
> I hope you guessed what we wanted - Domain must have VPCs and VPC to have projects.
>
> I would like to know how community see the VPC model in Openstack.
>
> Thanks,
> -Ravi.
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list