[openstack-dev] [Keystone][Glance] Hierarchical multitenancy and Glance?

Geoff Arnold geoff at geoffarnold.com
Tue Apr 28 13:59:04 UTC 2015


Yes. 100% upstream.

And although I’ve referred to it as “reseller” (following the previous Keystone BP), it’s a much more generic pattern. Long term, I think it turns into something like a supply chain framework for services.

Geoff

> On Apr 28, 2015, at 3:51 AM, Tim Bell <Tim.Bell at cern.ch> wrote:
> 
> Geoff,
>  
> Would the generic parts of your “reseller” solution by contributed to the upstream projects (e.g. glance, horizon, ceilometer) ? It would be good to get the core components understanding hierarchical multitenancy for all the use cases.
>  
> The nova quota work is being submitted upstream for Liberty by Sajeesh (https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api <https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api>)
>  
> The cinder quota proposal is also underway (https://blueprints.launchpad.net/cinder/+spec/cinder-nested-quota-driver <https://blueprints.launchpad.net/cinder/+spec/cinder-nested-quota-driver>)
>  
> Tim
>  
> From: Geoff Arnold [mailto:geoff at geoffarnold.com] 
> Sent: 28 April 2015 08:11
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [Keystone][Glance] Hierarchical multitenancy and Glance?
>  
> Use cases:
> https://wiki.openstack.org/wiki/HierarchicalMultitenancy <https://wiki.openstack.org/wiki/HierarchicalMultitenancy>
>  
> Blueprints:
> (Kilo):
> https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy <https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy>
> https://blueprints.launchpad.net/keystone/+spec/reseller <https://blueprints.launchpad.net/keystone/+spec/reseller>
> (Liberty):
> https://blueprints.launchpad.net/nova/+spec/multiple-level-user-quota-management <https://blueprints.launchpad.net/nova/+spec/multiple-level-user-quota-management>
> https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api <https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api>
> (Pending):
> https://blueprints.launchpad.net/horizon/+spec/hierarchical-projects <https://blueprints.launchpad.net/horizon/+spec/hierarchical-projects>
> https://blueprints.launchpad.net/horizon/+spec/inherited-roles <https://blueprints.launchpad.net/horizon/+spec/inherited-roles>
>  
> As for adoption, it’s hard to say. The HMT work in Keystone was a necessary starting point, but in order to create a complete solution we really need the corresponding changes in Nova (quotas), Glance (resource visibility), Horizon (UI scoping), and probably Ceilometer (aggregated queries). We (Cisco) are planning to kick off a Stackforge project to knit all of these things together into a complete “reseller” federation system. I’m assuming that there will be other system-level compositions of the various pieces.
>  
> Geoff
>  
> On Apr 27, 2015, at 9:48 PM, Tripp, Travis S <travis.tripp at hp.com <mailto:travis.tripp at hp.com>> wrote:
>  
> Geoff,
> 
> Getting a spec on HMT would be helpful, as Nikhil mentioned.
> 
> As a general question, what it the current adoption of domains / vs
> hierarchical projects? Is there a wiki or something that highlights what
> the desired path forward is with regard to domains?
> 
> Thanks,
> Travis
> 
> On 4/27/15, 7:16 PM, "Geoff Arnold" <geoff at geoffarnold.com <mailto:geoff at geoffarnold.com>> wrote:
> 
> 
> Good points. I¹ll add some details. I¹m sure the Reseller guys will have
> some comments.
> 
> Geoff
> 
> 
> On Apr 27, 2015, at 3:32 PM, Nikhil Komawar
> <nikhil.komawar at RACKSPACE.COM <mailto:nikhil.komawar at RACKSPACE.COM>> wrote:
> 
> Thanks Geoff. Added some notes and questions.
> 
> -Nikhil
> 
> ________________________________________
> From: Geoff Arnold <geoff at geoffarnold.com <mailto:geoff at geoffarnold.com>>
> Sent: Monday, April 27, 2015 5:50 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] [Keystone][Glance] Hierarchical multitenancy
> and       Glance?
> 
> In preparation for Vancouver, I¹ve been looking for blueprints and
> design summit discussions involving the application of the Keystone
> hierarchical multitenancy work to other OpenStack projects. One obvious
> candidate is Glance, where, for example, we might want domain-local
> resource visibility as a default. Despite my searches, I wasn¹t able to
> find anything. Did I miss something obvious?
> 
> I¹ve added a paragraph to
> https://etherpad.openstack.org/p/liberty-glance-summit-topics <https://etherpad.openstack.org/p/liberty-glance-summit-topics> to make
> sure it doesn¹t get overlooked.
> 
> Cheers,
> 
> Geoff
> 
> _________________________________________________________________________
> _
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> 
> 
> _________________________________________________________________________
> _
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe <mailto:OpenStack-dev-request at lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>  
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150428/139b4850/attachment.html>


More information about the OpenStack-dev mailing list