[Openstack] Pondering multi-tenant needs in nova.
eday at oddments.org
Tue Feb 8 00:05:47 UTC 2011
On Mon, Feb 07, 2011 at 06:43:37PM -0500, Jay Pipes wrote:
> What if I don't want to get "my" servers only? What if I want to list
> another organization's servers, and that organization's child
> organizations' servers?
I guess I'm thinking public cloud mostly, but sure, perhaps admin
entities want to look at other entities even if they are not part of
them. We can just put this into the URL like you constructed before.
> For any of these types of requests, the process is always going to be this:
> -> api node
> -> auth plugin get list of entities for some entity
> <- api node, for each in list of entities, issue a request to get
> answer to query
> And therefore, instead of doing, say, a JOIN on a table, we're
> splitting the JOIN into many different requests based on this list of
> entities returned from the auth plugin.
We can still perform a JOIN if the backing data store supports it. I
imagine the instance table would have no columns for entities and
CREATE TABLE instance (
id <some type> primary key
CREATE TABLE instance_entity_map (
instance_id <some type>,
entity_id <some type>,
primary key (instance_id, entity_id)
The entities returned from the plugins would have some ID, and we
entities = nova.auth.lookup(account_id)
entity_ids = ','.join([entity.id for entity in entities])
SELECT * FROM instance_entity_map WHERE entity_id in (<entity_ids>);
or if we want all instance data:
SELECT * FROM instances
JOIN instance_entity_map ON instance.id=instance_entity_map.instance_id
WHERE instance_entity_map.entity_id in (<entity_ids>);
Does this solve what you had in mind for the iterating query above,
or am I off somewhere?
More information about the Openstack