[Nova][Horizon]

Nguyễn Hữu Khôi nguyenhuukhoinw at gmail.com
Mon Jan 9 14:31:46 UTC 2023


Hello.
Thanks for your reply, I can set default volume type for tenants by using
cli and it works fine with horizon. I will test with your guys suggests and
let you know.

On Mon, Jan 9, 2023, 7:01 PM Danny Webb <Danny.Webb at thehutgroup.com> wrote:

> Yeah, the part I wasn't sure about was visibility at the horizon / API
> level. Since host aggregates are largely invisible from the enduser it
> seemed to me to provide better UX to simply use aggregates without AZ
> affiliation.
>
> I guess the other question is if you are using volume types to route to
> different storage backends, can you set a default volume type for each
> tenant?  I know you can set one globally in the cinder.conf but that
> wouldn't work if you wanted to different tenants to be isolated on their
> own storage appliances.
> ------------------------------
> *From:* Sean Mooney <smooney at redhat.com>
> *Sent:* 09 January 2023 11:11
> *To:* Danny Webb <Danny.Webb at thehutgroup.com>; Nguyễn Hữu Khôi <
> nguyenhuukhoinw at gmail.com>; OpenStack Discuss <
> openstack-discuss at lists.openstack.org>
> *Subject:* Re: [Nova][Horizon]
>
> CAUTION: This email originates from outside THG
>
> On Mon, 2023-01-09 at 09:50 +0000, Danny Webb wrote:
> > If you want to do this you'd have to use host aggregates rather than AZs
> I think. Setup a host aggregate that is then mapped to specific flavors
> which are RBAC'd to specific projects.
> AZ are just host aggreates with AZ metadata added
> To do tenant affintiy at the schduler level on older clouds you can use
> the AggregateMultiTenancyIsolation filter
> to map tenant to hostaggreates. from rocky on the perfer approch is to use
> teant isolation via placement aggreates
>
> https://docs.openstack.org/nova/latest/admin/aggregates.html#tenant-isolation-with-placement
>
> you do not need to modify falvors for that use case.
>
> host aggreates are not viabel to endusers at the api so you cannot adjust
> policy to limit them to specific tenants.
>
> if you really want to support this in horizon you would haveto apply the
>
> ```Openstack aggregate set --property
> filter_tenant_id=9691591f913949818a514f95286a6b90 myagg```
>
> to the aggreate that has the AZ defintion and modify horizon to check if
> the tenant id in the aggreate matched
> the tenant that is logged in. basically horizon would have to implement
> the filtering of AZs in its ui. nova does not
> provide that because we do not require the ```Tenant Isolation with
> Placement``` feature to be configured on the
> host aggreate that defines the AZ. normally it is not done that way and
> you will have a seperate host aggreate that overlaps with multile
> for a given tenant that defiens which hosts they can run on.
>
> anyway case the answer is that you need to tag the AZ with some metadata
> to track the tenant info (or reuse the filed we support for schduling) and
> modify horizion to filter by it. the alternitive approch is to propsoe a
> new feature to nova to allow it to to fileter in some whay but i am
> not sure what that would look like and it woudl not be backporatbale as it
> would be an api change so it would be a change in the B/2023.2 release at
> the earlest.
> > ________________________________
> > From: Nguyễn Hữu Khôi <nguyenhuukhoinw at gmail.com>
> > Sent: 09 January 2023 00:12
> > To: OpenStack Discuss <openstack-discuss at lists.openstack.org>
> > Subject: [Nova][Horizon]
> >
> >
> > CAUTION: This email originates from outside THG
> >
> > ________________________________
> > Hello guys.
> > Is there any way to assign AZ to a specified project? After searching, I
> cannot find any answer.
> >
> > Example.
> >
> > Sale project will only see Sale AZ to select.
> > Tech project will only see Tech AZ to select
> >
> > Thank you. Regards
> > Nguyen Huu Khoi
> >
> > Danny Webb
> > Principal OpenStack Engineer
> > Danny.Webb at thehutgroup.com
> > [THG Ingenuity Logo]
> > www.thg.com<https://www.thg.com>
> > [https://i.imgur.com/wbpVRW6.png]<
> https://www.linkedin.com/company/thg-ingenuity/?originalSubdomain=uk> [
> https://i.imgur.com/c3040tr.png] <https://twitter.com/thgingenuity?lang=en
> >
>
> *Danny Webb*
> Principal OpenStack Engineer
> Danny.Webb at thehutgroup.com
> [image: THG Ingenuity Logo]
> www.thg.com
> <https://www.linkedin.com/company/thg-ingenuity/?originalSubdomain=uk>
> <https://twitter.com/thgingenuity?lang=en>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230109/54430e84/attachment-0001.htm>


More information about the openstack-discuss mailing list