Hi all,

Our team in the Federal University of Campina Grande implemented the initial Hierarchical Multitenancy support and now we are implementing the Reseller use case in Keystone.

Already answering Travis question, in the Reseller solution we are merging the domains and projects entities: domains are going to be a "feature" of projects - if a project has the "domain" feature enabled, it will behave exactly as domains currently behave (being a container of users). With domain being a project, they will be part of the same hierarchy, for more details you may read the spec: https://github.com/openstack/keystone-specs/blob/master/specs/liberty/reseller.rst

And yes, we need to extend the Hierarchical Mutlitenancy concept to other projects and our team is already working in Horizon and in contact with Sajeesh (Nova). We are definitely interested in participating the proposed design session and discussions that could emerge from it.

--

Rodrigo Duarte

On 28-04-2015 10:59, Geoff Arnold wrote:
Yes. 100% upstream.

And although I’ve referred to it as “reseller” (following the previous Keystone BP), it’s a much more generic pattern. Long term, I think it turns into something like a supply chain framework for services.

Geoff

On Apr 28, 2015, at 3:51 AM, Tim Bell <tim.b...@cern.ch <mailto:tim.b...@cern.ch>> wrote:

Geoff,

Would the generic parts of your “reseller” solution by contributed to the upstream projects (e.g. glance, horizon, ceilometer) ? It would be good to get the core components understanding hierarchical multitenancy for all the use cases.

The nova quota work is being submitted upstream for Liberty by Sajeesh (https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api)

The cinder quota proposal is also underway (https://blueprints.launchpad.net/cinder/+spec/cinder-nested-quota-driver)

Tim

*From:*Geoff Arnold [mailto:ge...@geoffarnold.com]
*Sent:* 28 April 2015 08:11
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [Keystone][Glance] Hierarchical multitenancy and Glance?

Use cases:

https://wiki.openstack.org/wiki/HierarchicalMultitenancy

Blueprints:

(Kilo):

https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy

https://blueprints.launchpad.net/keystone/+spec/reseller

(Liberty):

https://blueprints.launchpad.net/nova/+spec/multiple-level-user-quota-management

https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api

(Pending):

https://blueprints.launchpad.net/horizon/+spec/hierarchical-projects

https://blueprints.launchpad.net/horizon/+spec/inherited-roles

As for adoption, it’s hard to say. The HMT work in Keystone was a necessary starting point, but in order to create a complete solution we really need the corresponding changes in Nova (quotas), Glance (resource visibility), Horizon (UI scoping), and probably Ceilometer (aggregated queries). We (Cisco) are planning to kick off a Stackforge project to knit all of these things together into a complete “reseller” federation system. I’m assuming that there will be other system-level compositions of the various pieces.

Geoff

    On Apr 27, 2015, at 9:48 PM, Tripp, Travis S <travis.tr...@hp.com
    <mailto:travis.tr...@hp.com>> wrote:

    Geoff,

    Getting a spec on HMT would be helpful, as Nikhil mentioned.

    As a general question, what it the current adoption of domains / vs
    hierarchical projects? Is there a wiki or something that
    highlights what
    the desired path forward is with regard to domains?

    Thanks,
    Travis

    On 4/27/15, 7:16 PM, "Geoff Arnold" <ge...@geoffarnold.com
    <mailto:ge...@geoffarnold.com>> wrote:


        Good points. I¹ll add some details. I¹m sure the Reseller
        guys will have
        some comments.

        Geoff


            On Apr 27, 2015, at 3:32 PM, Nikhil Komawar
            <nikhil.koma...@rackspace.com
            <mailto:nikhil.koma...@rackspace.com>> wrote:

            Thanks Geoff. Added some notes and questions.

            -Nikhil

            ________________________________________
            From: Geoff Arnold <ge...@geoffarnold.com
            <mailto:ge...@geoffarnold.com>>
            Sent: Monday, April 27, 2015 5:50 PM
            To: OpenStack Development Mailing List (not for usage
            questions)
            Subject: [openstack-dev] [Keystone][Glance] Hierarchical
            multitenancy
            and       Glance?

            In preparation for Vancouver, I¹ve been looking for
            blueprints and
            design summit discussions involving the application of
            the Keystone
            hierarchical multitenancy work to other OpenStack
            projects. One obvious
            candidate is Glance, where, for example, we might want
            domain-local
            resource visibility as a default. Despite my searches, I
            wasn¹t able to
            find anything. Did I miss something obvious?

            I¹ve added a paragraph to
            https://etherpad.openstack.org/p/liberty-glance-summit-topics
            to make
            sure it doesn¹t get overlooked.

            Cheers,

            Geoff

            
_________________________________________________________________________
            _
            OpenStack Development Mailing List (not for usage questions)
            Unsubscribe:
            openstack-dev-requ...@lists.openstack.org
            
<mailto:openstack-dev-requ...@lists.openstack.org>?subject:unsubscribe
            http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


            
_________________________________________________________________________
            _
            OpenStack Development Mailing List (not for usage questions)
            Unsubscribe:
            openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
            
<mailto:openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
            http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



        
__________________________________________________________________________
        OpenStack Development Mailing List (not for usage questions)
        Unsubscribe: openstack-dev-requ...@lists.openstack.org
        <mailto:openstack-dev-requ...@lists.openstack.org>?subject:unsubscribe
        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



    __________________________________________________________________________
    OpenStack Development Mailing List (not for usage questions)
    Unsubscribe: openstack-dev-requ...@lists.openstack.org
    <mailto:openstack-dev-requ...@lists.openstack.org>?subject:unsubscribe
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org <mailto:openstack-dev-requ...@lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to