On Sun, Mar 22, 2015 at 05:05:17PM -0700, Ian Wells wrote: > On 22 March 2015 at 07:48, Jay Pipes <jaypi...@gmail.com> wrote: > > > On 03/20/2015 05:16 PM, Kevin Benton wrote: > > > >> To clarify a bit, we obviously divide lots of things by tenant (quotas, > >> network listing, etc). The difference is that we have nothing right now > >> that has to be unique within a tenant. Are there objects that are > >> uniquely scoped to a tenant in Nova/Glance/etc? > >> > > > > Yes. Virtually everything is :) > > > Everything is owned by a tenant. Very few things are one per tenant, where > is where this feels like it's leading.
Ah, sorry, yes, I misunderstood Kevin's implication there. That is correct. Security group names are, AFAIK, the only thing in Nova that is unique within a tenant. All other resources are identified via UUID, and are not unique within a tenant (project). > Seems to me that an address pool corresponds to a network area that you can > route across (because routing only works over a network with unique > addresses and that's what an address pool does for you). We have those > areas and we use NAT to separate them (setting aside the occasional > isolated network area with no external connections). But NAT doesn't > separate tenants, it separates externally connected routers: one tenant can > have many of those routers, or one router can be connected to networks in > both tenants. We just happen to frequently use the one external router per > tenant model, which is why address pools *appear* to be one per tenant. I > think, more accurately, an external router should be given an address pool, > and tenants have nothing to do with it. Gotcha. Yep, that makes total sense. Best, -jay __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev