Thank you for reply! > Not sure I fully understand but AggregateMultiTenancyIsolation filter > already partially does the job (with a certain number of pitfalls, one being > addressed in https://review.openstack.org/#/c/195783/ )
I understand that nova already has function to isolate resources for each tenant and the functional improvements is in progress. I will watch this blueprint and try to check AggregateMultiTenancyIsolation filter. https://review.openstack.org/#/c/195783/ > Nova litterally knows nothing about Regions, that's a pure Keystone > concept. From my perspective, you just have to make sure that your > tenants are per region, you don't really need more to have the tenancy > segregation at the region level. Caution, I'm not a Keystone expert. We had assumed that system configuration is single horizon and single keystone and multiple regions. In this case, a tenant has resources at all regions. My proposal is this precondition. Thanks. > -----Original Message----- > From: Sylvain Bauza [mailto:[email protected]] > Sent: Friday, July 17, 2015 6:25 PM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [nova]Proposal for function to manage the > resources available to each tenant > > > > Le 17/07/2015 10:42, Kenji Ishii a écrit : > > Hello! > > > > Please give me opinion in terms to be a valuable function for OpenStack > Community. > > We believe that we need a mechanism to easily manage the resources > available to the each tenant. > > In some case, we want to allow only the specific tenant to use the specific > resources. > > > > > > We think the two architectures of the following. > > > > a. New concept called vDC > > vDC is "virtual DC". > > It means collection of several logical resources : Availavility > Zone(AZ). > > If we use it, we can control the resources to each tenant. > > > > For example, > > ___vDC_1____ ___vDC_2____ > > | | | | > > | AZ1, AZ2 | | AZ3 | > > |____________| |____________| > > > > tenant "tenant_001" assigned "vDC_1" > > tenant "tenant_002" assigned "vDC_2" > > > > tenant_001 can use AZ1 and AZ2, AZ3 is unavailable. > > tenant_002 can use AZ3 , AZ1 and AZ2 is unavailable. > > Not sure I fully understand but AggregateMultiTenancyIsolation filter > already partially does the job (with a certain number of pitfalls, one being > addressed in https://review.openstack.org/#/c/195783/ ) > > > > > b. use region > > It will manage the relation between the Region and the tenant. > > The tenant can use only the resources in region that be allowed it > to use. > > > > By the way, this proposal is several problems - Cost of system > construction is higher than proposal "a" etc > > Nova litterally knows nothing about Regions, that's a pure Keystone > concept. From my perspective, you just have to make sure that your > tenants are per region, you don't really need more to have the tenancy > segregation at the region level. Caution, I'm not a Keystone expert. > > -Sylvain > > > > > > > each proposal's detail is following. > > https://wiki.openstack.org/wiki/Proposal_vDC > > > > -- > > Kenji Ishii > > > > > > > ______________________________________________________________________ > ____ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > [email protected]?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > ______________________________________________________________________ > ____ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Kenji Ishii __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
