diff options
| author | Belmiro Moreira <moreira.belmiro.email.lists@gmail.com> | 2013-01-27 17:57:31 +0100 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2013-02-19 21:41:18 -0800 |
| commit | f619da2405f8bb510a8ae2a88f6e4fcddb424ada (patch) | |
| tree | 3c28f7b879254c55e11071704aba62794a77311f /nova/scheduler | |
| parent | d62205f316ad9490e1379e943972a007e071c688 (diff) | |
| download | nova-f619da2405f8bb510a8ae2a88f6e4fcddb424ada.tar.gz nova-f619da2405f8bb510a8ae2a88f6e4fcddb424ada.tar.xz nova-f619da2405f8bb510a8ae2a88f6e4fcddb424ada.zip | |
Multi-tenancy isolation with aggregates
A new scheduler filter that allows the creation of instances from
specific tenants in selected aggregates.
With this filter is possible to isolate tenants in a specific set
of compute nodes (aggregates).
If a host is in an aggregate that has the metadata key
"filter_tenant_id" it can only create instances from that tenant(s).
A host can be in different aggregates.
If a host doesn't belong to an aggregate with the metadata key
"filter_tenant_id" it can create instances from all tenants.
Implements: blueprint multi-tenancy-aggregates
DocImpact
Change-Id: I119c809c54da9e9dc3ac506c02203d2d4422b06e
Diffstat (limited to 'nova/scheduler')
| -rw-r--r-- | nova/scheduler/filters/aggregate_multitenancy_isolation.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/nova/scheduler/filters/aggregate_multitenancy_isolation.py b/nova/scheduler/filters/aggregate_multitenancy_isolation.py new file mode 100644 index 000000000..539da37d1 --- /dev/null +++ b/nova/scheduler/filters/aggregate_multitenancy_isolation.py @@ -0,0 +1,47 @@ +# Copyright (c) 2011-2013 OpenStack, LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from nova import db +from nova.openstack.common import log as logging +from nova.scheduler import filters + +LOG = logging.getLogger(__name__) + + +class AggregateMultiTenancyIsolation(filters.BaseHostFilter): + """Isolate tenants in specific aggregates.""" + + def host_passes(self, host_state, filter_properties): + """If a host is in an aggregate that has the metadata key + "filter_tenant_id" it can only create instances from that tenant(s). + A host can be in different aggregates. + + If a host doesn't belong to an aggregate with the metadata key + "filter_tenant_id" it can create instances from all tenants. + """ + spec = filter_properties.get('request_spec', {}) + props = spec.get('instance_properties', {}) + tenant_id = props.get('project_id') + + context = filter_properties['context'].elevated() + metadata = db.aggregate_metadata_get_by_host(context, host_state.host, + key="filter_tenant_id") + + if metadata != {}: + if tenant_id not in metadata["filter_tenant_id"]: + LOG.debug(_("%(host_state)s fails tenant id on " + "aggregate"), locals()) + return False + return True |