[openstack-dev] [nova] Exposing provider networks in network_data.json

Sean Dague sean at dague.net
Fri Jul 17 10:23:32 UTC 2015


On 07/16/2015 06:06 PM, Sean M. Collins wrote:
> On Thu, Jul 16, 2015 at 01:23:29PM PDT, Mathieu Gagné wrote:
>> So it looks like there is a missing part in this feature. There should
>> be a way to "hide" this information if the instance does not require to
>> configure vlan interfaces to make network functional.
> 
> I just commented on the review, but the provider network API extension
> is admin only, most likely for the reasons that I think someone has
> already mentioned, that it exposes details of the phyiscal network
> layout that should not be exposed to tenants.

So, clearly, under some circumstances the network operator wants to
expose this information, because there was the request for that feature.
The question in my mind is what circumstances are those, and what
additional information needs to be provided here.

There is always a balance between the private cloud case which wants to
enable more self service from users (and where the users are often also
the operators), and the public cloud case where the users are outsiders
and we want to hide as much as possible from them.

For instance, would an additional attribute on a provider network that
says "this is cool to tell people about" be an acceptable approach? Is
there some other creative way to tell our infrastructure that these
artifacts are meant to be exposed in this installation?

Just kicking around ideas, because I know a pile of gate hardware for
everyone to use is at the other side of answers to these questions. And
given that we've been running full capacity for days now, keeping this
ball moving forward would be great.

	-Sean

-- 
Sean Dague
http://dague.net



More information about the OpenStack-dev mailing list