Hi Devs, Current Stratos release, all IaaS configuration, tenants creation, cartridge definition deployments, Policy deployments can only do by Stratos admin space. (admin of the super admin tenant). Tenants admin can only do cartridge subscription. (IMO we should change the name subscription to application deployment, will have separate discussion on that).
IMO this has some limitation on resource partitions. Eg, when Stratos admin deploy partition, policy, cartridges all other tenants are visible to all of them. There is no tenants vise isolations. With the new UI revamping effect, like to propose some role based access. Super tenant - Default tenant come with the installation Stratos (supper admin) - default admin account Stratos Admin functionalities - IaaS configuration (this is currently doing manual file editing - cloudcontroller.xml) (may be we can have backenf APIs and provide UI for this also) - Tenant creation with quotas (how many policies, partitions, cartridges, instances ..etc) - Super admin level monitoring. Tenant Admin - deploy cartridge definition - deploy partitions, polices - create tenant users (may be we can allow to point deferent user store for the tenants) - monitoring tenant space. - etc.. Tenant users - - application deployment (current cartridge subscription) - application level monitoring - etc. This will bring cartridges, partitions, policies are isolated to that tenant space. Also considering all above aspects, like to propose Stratos Admin UI can handle by extending current carbon UI. Only need to extent tenant creation by adding quota implementation. Also since it provide registry browsing which can useful in Stratos admin space. (no need to reinvent the wheel) Our new UI should has tenant admin and tenant users functionality. Super admin tenant users/admin also can used this new UI for super admin tenant space. Share your thoughts, thanks -- Lakmal Warusawithana Vice President, Apache Stratos Director - Cloud Architecture; WSO2 Inc. Mobile : +94714289692 Blog : http://lakmalsview.blogspot.com/
