<div dir="auto">Hello. <div dir="auto">Thanks for your reply, I can set default volume type for tenants by using cli and it works fine with horizon. I will test with your guys suggests and let you know.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 9, 2023, 7:01 PM Danny Webb <<a href="mailto:Danny.Webb@thehutgroup.com">Danny.Webb@thehutgroup.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div><span style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">Yeah, the part I wasn't sure about was visibility at the horizon
/ API level. Since host aggregates are largely invisible from the enduser it seemed to me to provide better UX to simply use aggregates without AZ affiliation. </span></div>
<div><span style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)"><br>
</span></div>
<div><span style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">I guess the other question is if you are using volume types to route
to different storage backends, can you set a default volume type for each tenant? I know you can set one globally in the cinder.conf but that wouldn't work if you wanted to different tenants to be isolated on their own storage appliances.</span></div>
<div id="m_441592275310306542appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_441592275310306542divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Sean Mooney <<a href="mailto:smooney@redhat.com" target="_blank" rel="noreferrer">smooney@redhat.com</a>><br>
<b>Sent:</b> 09 January 2023 11:11<br>
<b>To:</b> Danny Webb <<a href="mailto:Danny.Webb@thehutgroup.com" target="_blank" rel="noreferrer">Danny.Webb@thehutgroup.com</a>>; Nguyễn Hữu Khôi <<a href="mailto:nguyenhuukhoinw@gmail.com" target="_blank" rel="noreferrer">nguyenhuukhoinw@gmail.com</a>>; OpenStack Discuss <<a href="mailto:openstack-discuss@lists.openstack.org" target="_blank" rel="noreferrer">openstack-discuss@lists.openstack.org</a>><br>
<b>Subject:</b> Re: [Nova][Horizon]</font>
<div> </div>
</div>
<div>CAUTION: This email originates from outside THG<br>
<br>
On Mon, 2023-01-09 at 09:50 +0000, Danny Webb wrote:<br>
> If you want to do this you'd have to use host aggregates rather than AZs I think. Setup a host aggregate that is then mapped to specific flavors which are RBAC'd to specific projects.<br>
AZ are just host aggreates with AZ metadata added<br>
To do tenant affintiy at the schduler level on older clouds you can use the AggregateMultiTenancyIsolation filter<br>
to map tenant to hostaggreates. from rocky on the perfer approch is to use teant isolation via placement aggreates
<br>
<a href="https://docs.openstack.org/nova/latest/admin/aggregates.html#tenant-isolation-with-placement" target="_blank" rel="noreferrer">https://docs.openstack.org/nova/latest/admin/aggregates.html#tenant-isolation-with-placement</a><br>
<br>
you do not need to modify falvors for that use case.<br>
<br>
host aggreates are not viabel to endusers at the api so you cannot adjust policy to limit them to specific tenants.<br>
<br>
if you really want to support this in horizon you would haveto apply the<br>
<br>
```Openstack aggregate set --property filter_tenant_id=9691591f913949818a514f95286a6b90 myagg```<br>
<br>
to the aggreate that has the AZ defintion and modify horizon to check if the tenant id in the aggreate matched<br>
the tenant that is logged in. basically horizon would have to implement the filtering of AZs in its ui. nova does not<br>
provide that because we do not require the ```Tenant Isolation with Placement``` feature to be configured on the<br>
host aggreate that defines the AZ. normally it is not done that way and you will have a seperate host aggreate that overlaps with multile<br>
for a given tenant that defiens which hosts they can run on.<br>
<br>
anyway case the answer is that you need to tag the AZ with some metadata to track the tenant info (or reuse the filed we support for schduling) and<br>
modify horizion to filter by it. the alternitive approch is to propsoe a new feature to nova to allow it to to fileter in some whay but i am<br>
not sure what that would look like and it woudl not be backporatbale as it would be an api change so it would be a change in the B/2023.2 release at<br>
the earlest.<br>
> ________________________________<br>
> From: Nguyễn Hữu Khôi <<a href="mailto:nguyenhuukhoinw@gmail.com" target="_blank" rel="noreferrer">nguyenhuukhoinw@gmail.com</a>><br>
> Sent: 09 January 2023 00:12<br>
> To: OpenStack Discuss <<a href="mailto:openstack-discuss@lists.openstack.org" target="_blank" rel="noreferrer">openstack-discuss@lists.openstack.org</a>><br>
> Subject: [Nova][Horizon]<br>
> <br>
> <br>
> CAUTION: This email originates from outside THG<br>
> <br>
> ________________________________<br>
> Hello guys.<br>
> Is there any way to assign AZ to a specified project? After searching, I cannot find any answer.<br>
> <br>
> Example.<br>
> <br>
> Sale project will only see Sale AZ to select.<br>
> Tech project will only see Tech AZ to select<br>
> <br>
> Thank you. Regards<br>
> Nguyen Huu Khoi<br>
> <br>
> Danny Webb<br>
> Principal OpenStack Engineer<br>
> <a href="mailto:Danny.Webb@thehutgroup.com" target="_blank" rel="noreferrer">Danny.Webb@thehutgroup.com</a><br>
> [THG Ingenuity Logo]<br>
> <a href="http://www.thg.com" target="_blank" rel="noreferrer">
www.thg.com</a><<a href="https://www.thg.com" target="_blank" rel="noreferrer">https://www.thg.com</a>><br>
> [<a href="https://i.imgur.com/wbpVRW6.png" target="_blank" rel="noreferrer">https://i.imgur.com/wbpVRW6.png</a>]<<a href="https://www.linkedin.com/company/thg-ingenuity/?originalSubdomain=uk" target="_blank" rel="noreferrer">https://www.linkedin.com/company/thg-ingenuity/?originalSubdomain=uk</a>>
[<a href="https://i.imgur.com/c3040tr.png" target="_blank" rel="noreferrer">https://i.imgur.com/c3040tr.png</a>] <<a href="https://twitter.com/thgingenuity?lang=en" target="_blank" rel="noreferrer">https://twitter.com/thgingenuity?lang=en</a>><br>
</div>
<table style="font-family:'helvetica';font-size:10pt;width:100%;height:218.234375px" border="0;">
<tbody>
<tr style="height:19.625px">
<td style="width:99.1264%;height:19.625px"> </td>
</tr>
<tr style="height:41.296875px">
<td style="width:99.1264%;height:41.296875px"><span style="font-family:helvetica,arial,sans-serif;font-size:11pt"><strong>Danny Webb</strong></span></td>
</tr>
<tr style="height:19.625px">
<td style="width:99.1264%;height:19.625px"><span style="font-family:helvetica,arial,sans-serif">Principal OpenStack Engineer</span></td>
</tr>
<tr style="height:19.625px">
<td style="width:99.1264%;height:19.625px"><span style="font-family:helvetica,arial,sans-serif"><a href="mailto:Danny.Webb@thehutgroup.com" target="_blank" rel="noreferrer">Danny.Webb@thehutgroup.com</a></span></td>
</tr>
<tr style="height:19.625px">
<td style="width:99.1264%;height:19.625px"><span style="font-family:helvetica,arial,sans-serif"></span></td>
</tr>
<tr style="height:36.21875px">
<td style="width:99.1264%;height:36.21875px"><img src="https://dl8hes3yo0qpy.cloudfront.net/wp-content/uploads/2020/06/01092449/thg-ingenuity-logo-3.svg" alt="THG Ingenuity Logo" width="227" height="27"></td>
</tr>
<tr style="height:19.625px;font-size:11pt">
<td style="width:99.1264%;height:19.625px"><span style="font-family:helvetica,arial,sans-serif"><a title="THG Website" href="https://www.thg.com" target="_blank" rel="noreferrer">www.thg.com</a></span></td>
</tr>
<tr style="height:42.59375px">
<td style="height:42.59375px"><a href="https://www.linkedin.com/company/thg-ingenuity/?originalSubdomain=uk" target="_blank" rel="noreferrer"><img src="https://i.imgur.com/wbpVRW6.png" alt="" width="25" height="25"></a> <a href="https://twitter.com/thgingenuity?lang=en" target="_blank" rel="noreferrer"><img src="https://i.imgur.com/c3040tr.png" alt="" width="25" height="25"></a></td>
</tr>
</tbody>
</table>
</div>
</blockquote></div>