[Openstack-operators] Dealing with ITAR in OpenStack private clouds

Blair Bethwaite blair.bethwaite at gmail.com
Wed Mar 22 02:41:12 UTC 2017


On 22 March 2017 at 13:33, Jonathan Mills <jonmills at gmail.com> wrote:
>
> To what extent is it possible to “lock” a tenant to an availability zone,
> to guarantee that nova scheduler doesn’t land an ITAR VM (and possibly the
> wrong glance/cinder) into a non-ITAR space (and vice versa)…
>

Yes, definitely a few different ways to skin that cat with Nova aggregates
and scheduler filters. The answer ultimately depends on what you want UX to
be like, i.e., for both default non-ITAR projects and ITAR specific
projects...?

For just that concern, Mike Lowe was chatting with me off list about using
> Regions….but I should probably let Mike speak for himself if he wants.
> Having never used anything other than the default “RegionOne” I can’t speak
> to the capabilities.
>

Could do certainly, but sounds like a whole lot of extra operational
effort/overhead versus logical separation. The answer probably depends on
both scale and process maturity.

-- 
Cheers,
~Blairo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170322/15092450/attachment.html>


More information about the OpenStack-operators mailing list