On 12/11/2017 12:41 PM, Csatari, Gergely (Nokia - HU/Budapest) wrote:
Hi Jay,
Okay. Thanks for the clarification. Makes sense.
Random-thinking:
Maybe the best would be to have a privilege level what covers the needs of
MANO/NFVO, but still not full admin privileges. Do you think is this possible?
I think that the differences between the super-privileged user needs
that a MANO system has and an administrative user are pretty small. The
MANO system needs to be able to query and dynamically adjust resource
inventories, move and grow/shrink workloads as needed and essentially
act like the underlying hardware is wholly owned and operated by itself.
Really, the only privilege that the MANO system user *doesn't* need is
the ability to create new users/projects in Keystone. Everything else is
something that the MANO system user needs to be able to do. This is why
I've called NFV (and particularly MANO/NFVO) a "purpose-built telco
application" in the past. And I don't say that as some sort of put-down
of NFV. I'm just pointing out the reality of things, that's all.
The ramification of this reality is that people deploying NFV using
cloud infrastructure software like OpenStack really need to fully
isolate the infrastructure environments that are used for VNFs (the
things managed by the MANO/NFVO) from the infrastructure environments
that are used for more "traditional" virtual private server or IT
applications.
Best,
-jay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
