It seems this work item is made of several blueprints, some of which are not yet approved. This is true at least for the Neutron blueprint regarding policy extensions.
Since I first looked at this spec I've been wondering why nova has been selected as an endpoint for network operations rather than Neutron, but this probably a design/implementation details whereas JC here is looking at the general approach. Nevertheless, my only point here is that is seems that features like this need an "all-or-none" approval. For instance, could the VPC feature be considered functional if blueprint [1] is implemented, but not [2] and [3]? Salvatore [1] https://blueprints.launchpad.net/nova/+spec/aws-vpc-support [2] https://blueprints.launchpad.net/neutron/+spec/policy-extensions-for-neutron [3] https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy On 11 February 2014 21:45, Martin, JC <jch.mar...@gmail.com> wrote: > Ravi, > > It seems that the following Blueprint > https://wiki.openstack.org/wiki/Blueprint-aws-vpc-support > > has been approved. > > However, I cannot find a discussion with regard to the merit of using > project vs. domain, or other mechanism for the implementation. > > I have an issue with this approach as it prevents tenants within the same > domain sharing the same VPC to have projects. > > As an example, if you are a large organization on AWS, it is likely that > you have a large VPC that will be shred by multiple projects. With this > proposal, we loose that capability, unless I missed something. > > JC > > On Dec 19, 2013, at 6:10 PM, Ravi Chunduru <ravi...@gmail.com> wrote: > > > Hi, > > We had some internal discussions on role of Domain and VPCs. I would > like to expand and understand community thinking of Keystone domain and > VPCs. > > > > Is VPC equivalent to Keystone Domain? > > > > If so, as a public cloud provider - I create a Keystone domain and give > it to an organization which wants a virtual private cloud. > > > > Now the question is if that organization wants to have departments wise > allocation of resources it is becoming difficult to visualize with existing > v3 keystone constructs. > > > > Currently, it looks like each department of an organization cannot have > their own resource management with in the organization VPC ( LDAP based > user management, network management or dedicating computes etc.,) For us, > Openstack Project does not match the requirements of a department of an > organization. > > > > I hope you guessed what we wanted - Domain must have VPCs and VPC to > have projects. > > > > I would like to know how community see the VPC model in Openstack. > > > > Thanks, > > -Ravi. > > > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev