[Openstack] Federated Identity Management (bursting and zones)

Eric Day eday at oddments.org
Wed Apr 6 17:38:43 UTC 2011


I agree we should be able to specify network resource when launching
an instance to get around the vlan-per-owner issue. This gets
to the bigger issue of splitting out nova network as a different
network-as-a-service project and enabling more functionality there
(such as allow other resource types outside of nova be able to
interact with and specify network preferences). We shouldn't let
current limitations of other components that should hopefully be
changing soon dictate where we need to move in the future for things
like authn/authz.

-Eric

On Tue, Apr 05, 2011 at 12:31:22PM -0700, Vishvananda Ishaya wrote:
> Just thought of something else to consider.
> 
> There is a further issue with setting the owner to resource_group: Networking.  In Vlan mode, each owner gets its own vlan and communication between the instances is easy.  If users start dividing up instances into a bunch of sub-groups we will run out of vlans very quickly.
> 
> Network communication between the subgroups will probably be much more complicated as well.  Perhaps some of this can be solved with the multinic / network refactor.  If we can specify at launch which network we want the instance created in instead of keying it off of the owner's network, we might have everything we need.




More information about the Openstack mailing list