Open Stack

Thanks Tim, we actually have the max length constraint as well (imposed
because of Active Directory integration). We've gone back and forth about
adding validation or generating names. We've chosen name generation for the
time being because we felt that that would be better for the user than
rejecting the create vm requests for all these various constraints *(webapp01
is already taken?? darn! How about craigjellick-webapp01? too long?
shucks!)*.

Once we have deeper dns integration (ie your your vm name automatically
becomes a valid FQDN dns entry), we may need to revisit our decision
because users may really want more meaningful DNS entries than what our
generated names can give them.

Belmiro, that additional hook in the network driver makes a lot of sense.
We're using Neutron, so we'll have to investigate how it can be hooked in
there and whether VM creation can fail gracefully if a conflict is
discovered at that point in time.

Thanks for the info.



On Sun, Feb 2, 2014 at 3:12 AM, Belmiro Moreira <
moreira.belmiro.email.lists at gmail.com> wrote:

> Hi Craig,
> in reality is what we are doing...
> to fail early we have some checks at API level. In the case of VM hostname
> uniqueness we check first if it exists already on DNS (the network is
> shared between between all the lab).
> Then we have some hooks in the nova network driver to interact with our
> network DB and register the new VM confirming the hostname uniqueness.
>
> Belmiro
>
>
> On Feb 2, 2014, at 1:29 , Craig J <craig.jellick at gmail.com> wrote:
>
> > Thanks Belmiro. I think long term we may end up doing something similar.
> Though our network infrastructure is fairly complex, so it would be more
> like a call to a network API (maybe just a DNS check?) rather than querying
> a DB directly.
> >
> > Aryeh, to your point, OpenStack effectively _is_, the provisioning
> system. Our current use case is providing engineers with a self service
> portal for spinning up VMs on which they can do development work. So, the
> workflow is user -> UI -> nova API. But when a VM is spun up, we still want
> to integrate with existing systems such as Active Directory (via
> PBIS/Likewise). Long term, we have grander plans for making OpenStack the
> provisioning system for our integration and production environments and
> we'll probably need to build more ellaborate smarts into it.
> >
> > At any rate, we aren't integrated fuly with DNS and some other systems
> yet and in taking an iterative approach, we are thinking that if we can
> have a quick and dirty way to guarantee name uniqueness with a relatively
> simple piece of code, we can address deeper integration later.
> >
> >
> >
> > On Sat, Feb 1, 2014 at 3:31 PM, Aryeh Friedman <aryeh.friedman at gmail.com>
> wrote:
> >
> >
> > ---------- Forwarded message ----------
> > From: Aryeh Friedman <aryeh.friedman at gmail.com>
> > Date: Sat, Feb 1, 2014 at 5:09 PM
> > Subject: Re: [Openstack] nova unique name generator middleware
> > To: Belmiro Moreira <moreira.belmiro.email.lists at gmail.com>
> >
> >
> > Since I am relatively new to the guts of OpenStack this might be an off
> base suggestion but why is this even OpenStack's problem vs. something that
> can be queried by whatever provisioning solution you choose?  Namely check
> the name at the provisioning front end and not  as a OpenStack layer per se?
> >
> >
> > On Sat, Feb 1, 2014 at 4:44 PM, Belmiro Moreira <
> moreira.belmiro.email.lists at gmail.com> wrote:
> > Hi,
> > in our case we have a network DB were all VMs are registered.
> > We just check if the name provided by the user don't conflict.
> >
> > Belmiro
> >
> > On Feb 1, 2014, at 20:19 , Craig J <craig.jellick at gmail.com> wrote:
> >
> > > Hi,
> > >
> > > In our OpenStack environment, we have the need to enforce unique names
> for each VM. Long story short, the names need to be unique because of some
> other systems that we are integrating with.
> > >
> > > I think the best way to accomplish this is to write a custom piece of
> paste middleware and plug it into the nova api. I'm planning on basically
> overriding the name provide by the user with a name that we can guarantee
> to be unique.
> > >
> > > So, two questions:
> > > 1. Does anyone have a similar piece of middleware they'd care to share?
> > > 2. Are there any reasons this approach won't work? Any better
> approaches?
> > >
> > >
> > > Thanks in advance,
> > > Craig
> > > _______________________________________________
> > > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to     : openstack at lists.openstack.org
> > > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> > --
> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
> >
> >
> >
> > --
> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140202/d406a76e/attachment.html>