Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-11 Thread Aimon Bustardo
inline: On 2/8/11 8:30 AM, Vishvananda Ishaya wrote: This thread is enormous, so I'm I'm going to briefly summarize the two options as I see them: 1. Project Id is an opaque string, and it simply represents some kind of collection of users. It is the responsibility of external systems

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-08 Thread Vishvananda Ishaya
This thread is enormous, so I'm I'm going to briefly summarize the two options as I see them: 1. Project Id is an opaque string, and it simply represents some kind of collection of users. It is the responsibility of external systems (authn, authz, billing, and monitoring) to define what the

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-08 Thread Paul Voccio
On 2/8/11 10:30 AM, Vishvananda Ishaya vishvana...@gmail.com wrote: This thread is enormous, so I'm I'm going to briefly summarize the two options as I see them: 1. Project Id is an opaque string, and it simply represents some kind of collection of users. It is the responsibility of external

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-08 Thread JC Smith
This is slightly tangental but assume there are environments running both Swift and Nova with a set of customers using both compute and object store services. For example, user johnsmith logs into his future openstack portal and sees both his VMs and his files and containers. Even though these

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Sandy Walsh
@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I disagree with your disagreement. :) When we have string based ID's like this, it doesn't need to translate directly into a varchar column for operations. First, auth data may not be stored as SQL at all for some

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. Strongly disagree, but nicely, of course :) I'll disagree by showing you an example of why not having a queryable org model is problematic: Let's say we go ahead and do what Glen suggests and have a string account ID

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
structures available. From: Devin Carlen devin.car...@gmail.com Date: Thu, 3 Feb 2011 12:02:38 -0800 To: Monsyne Dragon mdra...@rackspace.com Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. We were just talking about

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Greg
If it's any help, Swift just uses an opaque account string. With Cloud Files we have several resellers each with their own sets of how accounts and users should be structured. We backed away quickly from all that and went the route of here's an account identifier value, it must be unique

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Greg
On Feb 7, 2011, at 8:30 AM, Jay Pipes wrote: What Swift APIs are available for a reseller to query which of its customer accounts have consumed X resources? Or does Swift punt and make the reseller calculate all those things? A bit of both. You can head an account to get get disk usage,

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
On Mon, Feb 7, 2011 at 10:33 AM, Greg gh...@rackspace.com wrote: On Feb 7, 2011, at 8:30 AM, Jay Pipes wrote: What Swift APIs are available for a reseller to query which of its customer accounts have consumed X resources? Or does Swift punt and make the reseller calculate all those things?

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Greg
On Feb 7, 2011, at 9:42 AM, Jay Pipes wrote: OK, but can you head all the accounts under another account? Or is that done via log processing? There no concept of accounts under another account with Swift. An external system could do head requests however desired. But yeah, that sort of thing

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
Cool, thanks for the info, Greg :) On Mon, Feb 7, 2011 at 11:13 AM, Greg gh...@rackspace.com wrote: On Feb 7, 2011, at 9:42 AM, Jay Pipes wrote: OK, but can you head all the accounts under another account? Or is that done via log processing? There no concept of accounts under another

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Eric Day
@lists.launchpad.net] On Behalf Of Glen Campbell Sent: Thursday, February 03, 2011 2:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You could

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You could, for example, easily identify

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Eric Day
@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You could, for example, easily

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Monsyne Dragon
03, 2011 2:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jorge Williams
Campbell Sent: Thursday, February 03, 2011 2:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Eric Day
On Mon, Feb 07, 2011 at 06:43:37PM -0500, Jay Pipes wrote: What if I don't want to get my servers only? What if I want to list another organization's servers, and that organization's child organizations' servers? I guess I'm thinking public cloud mostly, but sure, perhaps admin entities want

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Jay Pipes
On Mon, Feb 7, 2011 at 8:24 PM, Jorge Williams jorge.willi...@rackspace.com wrote: On Feb 7, 2011, at 5:43 PM, Jay Pipes wrote: What if I don't want to get my servers only? What if I want to list another organization's servers, and that organization's child organizations' servers? That sort

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Greg
On Feb 7, 2011, at 7:58 PM, Jay Pipes wrote: I'm not saying the federated auth/CMDB/whatever service is not a good idea nor that it will not work. I want people to understand and acknowledge the tradeoffs involved. Acknowledged? :) [Hehe, damned programmers will never agree on nearly

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-07 Thread Eric Day
On Mon, Feb 07, 2011 at 08:50:58PM -0500, Jay Pipes wrote: Eric, you and I have a database background. I know you understand that this: Of course, but the first pair of queries is not as bad as a query for every entity ID returned, which was in one of the previous emails (the main thing I was

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-06 Thread Jay Pipes
: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You could, for example, easily identify

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-06 Thread Chris Behrens
@lists.launchpad.net [mailto:openstack-bounces+john=openstack@lists.launchpad.net] On Behalf Of Glen Campbell Sent: Thursday, February 03, 2011 2:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-06 Thread Eric Day
Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal. Specifically, the account_id is an arbitrary string that is generated externally to Nova. You could, for example, easily

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-04 Thread Salvatore Orlando
To: Patrick Ancillotti Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. Hi Patrick, that would be great if you would go into details. I am most interested in this as it directly effects our cloud platforms adoption of OpenStack and the subsequent

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-04 Thread Dan Wendlandt
: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. Hi Patrick, that would be great if you would go into details. I am most interested in this as it directly effects our cloud platforms adoption of OpenStack and the subsequent networking blueprint we

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Diego Parrilla Santamaría
Hi Monsyne, it's a very interesting topic and I'm curious about the reason why you are using the Flat Networking set up. From the conversations in other threads it seems the Service Providers prefer different networking approaches: VLAN oriented basically. Regards Diego - Diego Parrilla

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Jay Pipes
2011/2/3 Diego Parrilla Santamaría diego.parrilla.santama...@gmail.com: it's a very interesting topic and I'm curious about the reason why you are using the Flat Networking set up. From the conversations in other threads it seems the Service Providers prefer different networking approaches:

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Paul Voccio
Diego, Due to our networking topology, having a vlan per customer isn't really feasible. Most switches are limited at 4k or 8k or even 32k. With more customers than these switches can reasonably accommodate, having a single vlan per customer either limits the portability within a cloud or limits

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Carl Fischer
Diego is definitely correct. The drawbacks with VLANs are well documented but they remain the primary solution for providing per-tenant L2 domains for many shops today, due to skill set, comfort level, etc. The L3-integrated solutions on the horizon will be vast improvements, but until they

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Jay Pipes
If I'm not mistaken, VLAN networking *is* a first class citizen in Nova. It's the Flat Networking model which isn't a first-class citizen, and thus the need for support in things such as this: IPv6 is not supported in FlatManager network mode. You can't use FlatDHCPManager network mode on a

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Carl Fischer
Right, I actually meant to say remains a first class citizen, agreeing with Diego as an adjunct to Paul's comment in case anyone interpreted his 100% valid point as a ding against the VLAN model. Carl On 2/3/11 12:35 PM, Jay Pipes jaypi...@gmail.com wrote: If I'm not mistaken, VLAN networking

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Devin Carlen
We were just talking about this the other day. We definitely need some kind of further hierarchy. I think a typical kind of use case for multi-tenant could be something like: Enterprise contains Organizations Organizations contain Organizations and Projects Projects contain Instances, etc.

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Sandy Walsh
of Devin Carlen [devin.car...@gmail.com] Sent: Thursday, February 03, 2011 4:02 PM To: Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. We were just talking about this the other day. We definitely need some kind of further hierarchy

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Glen Campbell
...@gmail.commailto:devin.car...@gmail.com Date: Thu, 3 Feb 2011 12:02:38 -0800 To: Monsyne Dragon mdra...@rackspace.commailto:mdra...@rackspace.com Cc: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. We were just talking about this the other day

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Diego Parrilla Santamaría
] on behalf of Devin Carlen [devin.car...@gmail.com] Sent: Thursday, February 03, 2011 4:02 PM To: Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. We were just talking about this the other day.  We definitely need some kind of further

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Sandy Walsh
...@rackspace.commailto:mdra...@rackspace.com Cc: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. We were just talking about this the other day. We definitely need some kind of further hierarchy. I think a typical kind

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Brian Lamar
: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Monsyne Dragon
On 2/3/11 2:02 PM, Devin Carlen wrote: We were just talking about this the other day. We definitely need some kind of further hierarchy. I think a typical kind of use case for multi-tenant could be something like: Enterprise contains Organizations Organizations contain Organizations and

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread John Purrier
=openstack@lists.launchpad.net] On Behalf Of Glen Campbell Sent: Thursday, February 03, 2011 2:42 PM To: Devin Carlen; Monsyne Dragon Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Pondering multi-tenant needs in nova. I think that this could be done in the current proposal

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Patrick Ancillotti
Hey Guys, I think Paul may have gotten a bit mixed up between VLAN and CAM tables on switches. The VLAN part of an ethernet frame is 12 bits (0 - 4095) which limits it accordingly. CAM tables however are a limit within switching gear that lists the MAC addresses and their respective source

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Paul Voccio
Patrick, You're right. I guess that¹s what I get for typing a response too fast. Paul On 2/3/11 10:03 PM, Patrick Ancillotti patrick.ancillo...@rackspace.com wrote: Hey Guys, I think Paul may have gotten a bit mixed up between VLAN and CAM tables on switches. The VLAN part of an ethernet

Re: [Openstack] Pondering multi-tenant needs in nova.

2011-02-03 Thread Patrick Ancillotti
Aimon, You're correct of course for simply defining a customer per VLAN as realistically we wouldn't hit 16M+ customers in any regional area as it stands today ;) but there are other issues with QinQ at large scale, especially with Layer 2 domains of the size that we're envisaging in the long