Host Aggregate Multi-Tenant Exclusion Filter

Registered by Dave Johnston

The current AggregateMultiTenancyIsolation filter provides a mechanism where by only Instances from a given tenant ID can be launched on the host aggregate.
i.e. Create a host aggregate with the metadata 'filter_tenant_id=1'

Only tenants with the id '1' can launch instances in this host aggregate.
However if another host aggregate exists, which does not have any filter_tenant_id, then it is possible that tenant with ID = '1' could also be launched there.

 In some circumstances it is desirable to exclude tenants from launching VMs in certain host-aggregates, effectively 'excluding' that tenant.
This behaviour could be achieved using AggregateMultiTenancyIsolation and ensuring that every host aggregate had a filter_tenant_id metadata key. However the value of that key can only be 255 limiting the number of tenants to be added.

A new filter to provide an exclusion rule can be used in combination with the existing AggregateMultiTenancyIsolation to provide fine grained control of where instances are placed.

Use-Cases for this:
Private Cloud for development company, want to isolate some resources for Load Testing. The cloud would have general aggregates for the majority of projects. Some specific aggregates would be reserved for load test teams.

Sales teams want dedicated aggregates to run customer demonstrations, without worrying about 'nosy neighbor' vms

In both use-cases above, two two tenants in question would be added to the host-aggregates metadata for exclusion (apart from the specific aggregate where they should be scheduled).

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Dave Johnston
Direction:
Needs approval
Assignee:
Dave Johnston
Definition:
Discussion
Series goal:
Proposed for ocata
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/multi-tenant-exclusion-filter,n,z

Addressed by: https://review.openstack.org/370243
    Implements: blueprint multi-tenant-exclusion-filter

In the 20160929 nova meeting we agreed that we wanted a spec to discuss this proposed new filter, which is what ^ is, so we'll discuss it in there. Also, there is some prior art here:

https://review.openstack.org/#/c/99476/

-- mriedem 20160929

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.