[ https://issues.apache.org/jira/browse/DISPATCH-1585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17072650#comment-17072650 ]
Ulf Lilleengen edited comment on DISPATCH-1585 at 4/18/20, 7:05 AM: -------------------------------------------------------------------- [~tross] Lets say you have a service suporting multiple tenants, but a single tenant can have applications running in 2 separate networks (but they belong to the same 'tenant', i.e. they have the same addresses), so the client applications connect to the router via 2 different hosts, lets say internal.example.com and public.example.com. Today, I would need to model it this way (omitting the broker connector and simplified some details): {code:java} [ ["listener", { "host": "0.0.0.0", "port": 56721, "authenticatePeer": false, "saslMechanisms": "ANONYMOUS", "multiTenant": true }], ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }], ["vhost", { "hostname": "internal.example.com", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "internal.example.com/foo" }], ["autoLink", { "address": "internal.example.com/foo", "direction": "out", "connection": "broker", "externalAddress": "t1/foo" }], ["autoLink", { "address": "internal.example.com/foo", "direction": "in", "connection": "broker", "externalAddress": "t1/foo" }], ["vhost", { "hostname": "public.example.com", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "public.example.com/foo" }], ["autoLink", { "address": "public.example.com/foo", "direction": "out", "connection": "broker", "externalAddress": "t1/foo" }], ["autoLink", { "address": "public.example.com/foo", "direction": "in", "connection": "broker", "externalAddress": "t1/foo" }], ] {code} So, for every host to expose for this tenant, a lot of configuration is needed. There is only one address in this example, but when you have 10k addresses, its starting to be a lot of work reconfiguring the router just to expose on a new host. So, what would be very useful for this case is to have some way to specify a mapping from virtual host to an internal host that can be used in address prefixes. I.e {code:java} [ ["listener", { "host": "0.0.0.0", "port": 56721, "authenticatePeer": false, "saslMechanisms": "ANONYMOUS", "multiTenant": true }], ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }], // List of hostnames that this vhost should apply to, and a prefix that hostnames should be replaced with when doing routing. ["vhost", { "hostnames": ["internal.example.com", "public.example.com"], "internalHost": "tenant1", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "tenant1/foo" }], ["autoLink", { "address": "tenant1/foo", "direction": "out", "connection": "broker" }], ["autoLink", { "address": "tenant1/foo", "direction": "in", "connection": "broker" }], ]{code} This means the amount of configuration to change would be a lot less if you have many addresses. There are probably better ways to model this than my example, but hopefully it shows the reason for raising this issue. was (Author: lulf): [~tross] Lets say you have a service suporting multiple tenants, but a single tenant can have applications running in 2 separate networks (but they belong to the same 'tenant', i.e. they have the same addresses), so the client applications connect to the router via 2 different hosts, lets say internal.example.com and public.example.com. Today, I would need to model it this way (omitting the broker connector and simplified some details): {code:java} [ ["listener", { "host": "0.0.0.0", "port": 56721, "authenticatePeer": false, "saslMechanisms": "ANONYMOUS", "multiTenant": true }], ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }], ["vhost", { "hostname": "internal.example.com", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "internal.example.com/foo" }], ["autoLink", { "address": "internal.example.com/foo", "direction": "out", "connection": "broker", "externalAddress": "t1/foo" }], ["autoLink", { "address": "internal.example.com/foo", "direction": "in", "connection": "broker", "externalAddress": "t1/foo" }], ["vhost", { "hostname": "public.example.com", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "public.example.com/foo" }], ["autoLink", { "address": "public.example.com/foo", "direction": "out", "connection": "broker", "externalAddress": "t1/foo" }], ["autoLink", { "address": "public.example.com/foo", "direction": "in", "connection": "broker", "externalAddress": "t1/foo" }], ] {code} So, for every host to expose for this tenant, a lot of configuration is needed. There is only one address in this example, but when you have 10k addresses, its starting to be a lot of work reconfiguring the router just to expose on a new host. So, what would be very useful for this case is to have some way to specify a mapping from virtual host to an internal host that can be used in address prefixes. I.e {code:java} [ ["listener", { "host": "0.0.0.0", "port": 56721, "authenticatePeer": false, "saslMechanisms": "ANONYMOUS", "multiTenant": true }], ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }], // List of hostnames that this vhost should apply to, and a prefix that hostnames should be replaced with when doing routing. ["vhost", { "hostnames": ["internal.example.com", "public.example.com"], "internalHost": "tenant1", "allowUnknownUser": true, // ... }], ["address", { "waypoint": true, "prefix": "tenant1/foo" }], ["autoLink", { "address": "tenant1/foo", "direction": "out", "connection": "broker", "externalAddress": "t1/foo" }], ["autoLink", { "address": "tenant1/foo", "direction": "in", "connection": "broker", "externalAddress": "t1/foo" }], ]{code} This means the amount of configuration to change would be a lot less if you have many addresses. There are probably better ways to model this than my example, but hopefully it shows the reason for raising this issue. > Allow specifying address/source/target to be used for a multitenant listener > ---------------------------------------------------------------------------- > > Key: DISPATCH-1585 > URL: https://issues.apache.org/jira/browse/DISPATCH-1585 > Project: Qpid Dispatch > Issue Type: Wish > Reporter: Ulf Lilleengen > Priority: Major > > At present, a multitenant router listener will prefix addresses with the > hostname in the AMQP Open. However, given a configuration where it is > desirable to expose a router address space for multiple DNS names, any > address, linkRoute and autoLink configuration will need to be duplicated for > each DNS name. This complicates router configuration significantly. > > Instead, having a way to specify which prefix to apply for a multitenant > listener would allow reusing the same address, autoLink and linkRoute > configuration for multiple listeners. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org