Filter nodes by owner
This is from the Massachusetts Open Cloud project:
Nova interacts with Ironic as a user with administrative privileges, which means it is able to provision any available baremetal node. Nova needs to be aware of Ironic's multi-tenant features so that it only attempt to use baremetal nodes that belong to the tenant initiating the provisioning request with Nova.
Ironic nodes have an optional "owner" field which can be a project ID. This blueprint would use that owner field to filter nodes based on owner.
There are a couple of ways to do this in nova:
1. (Traditional scheduler filter) The nova-compute service would report the owner value on the ComputeNode object which would then be used by a new scheduler filter that filters the node based on owner using the RequestSpec.
2. (Placement pre-filter) The nova-compute service and the Ironic driver's update_
Option 2 is likely ideal from a performance and simplicity perspective though there might be some push-back on the concept of using custom traits this way (more like metadata than qualitative information about a node).
[mriedem 20191204] The functional test added here https:/
Known issues:
a) If the node.owner is changed in ironic there would be a delay on when nova can properly filter on the trait since the trait will not be updated until the next update_
b) There would need to be discussion about whether or not the owner of a node can be changed while it's provisioned to a nova VM instance - likely that should be blocked otherwise nova could be running an instance with a node that the original owner no longer actually owns. http://
c) If the server create request is coming from an admin it should be able to use any node even if the node owner and requesting project ID do not match. There is nothing today in the RequestSpec object that says if the request is coming from an admin so something would have to be worked out there - perhaps with a new field or hacking in a scheduler hint under the covers via the RequestSpec.
d) What happens if the node has no owner and thus does not report the trait? In that case the pre-filter would filter out those nodes, but maybe that is the desired behavior.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Matt Riedemann
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Eric Fried
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
ironic: report a custom trait for the node owner
Addressed by: https:/
WIP: Add node owner pre-filter
Addressed by: https:/
WIP: Add NodeOwnerFilter
[mriedem 20191205] From the nova meeting today it sounds like efried would like to see a short spec for this:
http://
Addressed by: https:/
Filter nodes by owner (spec)
Addressed by: https:/
Allow overriding self.api in _build_
[efried 20200130] Unclear if anyone is still driving this.
[efried 20200213] Closing due to lack of owner.