incubator-cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Kluge <Kevin.Kl...@citrix.com>
Subject RE: How do I isolate tenant VMs on a hypervisor by hypervisor basis?
Date Fri, 18 May 2012 05:01:09 GMT
Donal, I think we could get CloudStack to reserve hosts/clusters/pods for specific tenants.
  This feature is already requested in the CloudStack bug db.   We'd want that mechanism to
run as admin, but as long as your API client has admin credentials it is feasible.

-kevin

> -----Original Message-----
> From: David Nalley [mailto:david@gnsa.us]
> Sent: Thursday, May 17, 2012 12:48 PM
> To: cloudstack-users@incubator.apache.org
> Subject: Re: How do I isolate tenant VMs on a hypervisor by hypervisor
> basis?
> 
> On Thu, May 17, 2012 at 2:36 PM, Chiradeep Vittal
> <Chiradeep.Vittal@citrix.com> wrote:
> >
> >
> > On 5/17/12 11:04 AM, "Donal Lafferty" <donal.lafferty@citrix.com> wrote:
> >
> >>I want to make sure that VMs for one user run on separate hypervisor
> >>to VMs of other users.
> >>
> >>Is this a current or upcoming feature?  Also, what would are all the
> >>steps involved in achieving this isolation.
> >>
> >>E.g. I see that I can specify the hypervisor in deployVirtualMachine,
> >>but how would I go about reserving a set of hypervisors for a specific user.
> >>
> >>DL
> >
> > You could create a tenant-specific (or domain-specific) set of service
> > offerings. Service offerings can be tagged (e.g., ForDomianFoo). When
> > adding hypervisors, you can add host tags (e.g., ForDomainFoo). Now
> > when a VM is deployed with offering with tag "ForDomainFoo" then the
> > deployment planner will try and use the hosts that are tagged
> ForDomainFoo.
> >
> > Also, see this discussion:
> > http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-
> dev/2012
> > 05.mb ox/%3C717581195889904986@unknownmsgid%3E
> >
> 
> So I was about to fire off an email re tags - but remembered from our
> discussion - that tags aren't exclusive (e.g. lack of a tag doesn't stop a vm
> from  being deployed on a tagged resource.
> 
> --David

Mime
View raw message