Unable to assign more than 7 tenants to a filter_tenant_id string

Bug #1802111 reported by Fernando Silva on 2018-11-07
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Low
Matt Riedemann
Rocky
Low
Matt Riedemann

Bug Description

Description
===========
I sadly noticed you can assign no more than 7 project IDs per host aggregate via filter_tenant_id=

Steps to reproduce
==================

openstack aggregate set --property filter_tenant_id='156b351bcc1942d7a44c9e7e2d8b8c61, 1a40c874dd8146158546af7f4a7181ff, 1c88ed7d5796421d8e081f80c04b2c66, 1f847a9eac5a4ddd837015c71b6988b4, 4881647149a94267bdbf318877074f42, 4b97965ac1934e769ce58b17b214a349, 5cff2c49bd6f413ead284f21b6b8d360, 5d4f394aa6dd4412b0988ac267771584, 628ee827668a4c73bf0649f7229142f4, 664a37b60ade44a68f0b8a5d5c3bcb23, 7132b355f6c54ea3b8a4a696d00fa83a, 73f4457b722c4a6aae342e60731a43e9, 74f569a64480423c820cad4055f49509, afe6caeca8564c638aa73d0c5d4c655a, cf4f8378b18b47e19b18c08751ff30d3, f7af8fcf6e1e4282acab0993e1682f62' 35

Expected result
===============
It works...

Actual result
=============
Invalid input for field/attribute filter_tenant_id. Value: 156b351bcc1942d7a44c9e7e2d8b8c61, 1a40c874dd8146158546af7f4a7181ff, 1c88ed7d5796421d8e081f80c04b2c66, 1f847a9eac5a4ddd837015c71b6988b4, 4881647149a94267bdbf318877074f42, 4b97965ac1934e769ce58b17b214a349, 5cff2c49bd6f413ead284f21b6b8d360, 5d4f394aa6dd4412b0988ac267771584, 628ee827668a4c73bf0649f7229142f4, 664a37b60ade44a68f0b8a5d5c3bcb23, 7132b355f6c54ea3b8a4a696d00fa83a, 73f4457b722c4a6aae342e60731a43e9, 74f569a64480423c820cad4055f49509, afe6caeca8564c638aa73d0c5d4c655a, cf4f8378b18b47e19b18c08751ff30d3, f7af8fcf6e1e4282acab0993e1682f62. u'156b351bcc1942d7a44c9e7e2d8b8c61, 1a40c874dd8146158546af7f4a7181ff, 1c88ed7d5796421d8e081f80c04b2c66, 1f847a9eac5a4ddd837015c71b6988b4, 4881647149a94267bdbf318877074f42, 4b97965ac1934e769ce58b17b214a349, 5cff2c49bd6f413ead284f21b6b8d360, 5d4f394aa6dd4412b0988ac267771584, 628ee827668a4c73bf0649f7229142f4, 664a37b60ade44a68f0b8a5d5c3bcb23, 7132b355f6c54ea3b8a4a696d00fa83a, 73f4457b722c4a6aae342e60731a43e9, 74f569a64480423c820cad4055f49509, afe6caeca8564c638aa73d0c5d4c655a, cf4f8378b18b47e19b18c08751ff30d3, f7af8fcf6e1e4282acab0993e1682f62' is too long (HTTP 400) (Request-ID: req-83741ecc-0754-42a0-a788-6b3c7945d9eb)

Environment
===========
OpenStack Queens

description: updated
tags: added: api
Matt Riedemann (mriedem) wrote :

Yup, this is a known limitation, and also that the AggregateMultiTenancyIsolation filter doesn't allow scoping to keystone domains. I think there is a Public Cloud SIG bug related to this as well.

The good news is once you get to Rocky, you can use the placement request filter to filter aggregates per tenant which supersedes the AggregateMultiTenancyIsolation filter:

https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#tenant-isolation-with-placement

The docs don't mention it (I don't think), but that placement request filter does allow namespacing the aggregate metadata so you can add as many tenants as you want:

https://github.com/openstack/nova/blob/e27905f482ba26d2bbf3ae5d948dee37523042d5/nova/scheduler/request_filter.py#L46

tags: added: docs scheduler
Changed in nova:
status: New → Triaged
importance: Undecided → Low
Matt Riedemann (mriedem) wrote :

I'm just going to update the docs because we have a replacement for the old filter in Rocky.

Matt Riedemann (mriedem) wrote :

The other workaround with the older AggregateMultiTenancyIsolation filter is to create as many aggregates for the same hosts as needed to cover the number of tenants needed. It's unfortunate but that's a workaround until you get to Rocky and can use the newer filtering mechanism.

Fix proposed to branch: master
Review: https://review.openstack.org/616991

Changed in nova:
assignee: nobody → Matt Riedemann (mriedem)
status: Triaged → In Progress

Reviewed: https://review.openstack.org/616991
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1fa09acf08dacf94a435fbdaddc50eabfada48ec
Submitter: Zuul
Branch: master

commit 1fa09acf08dacf94a435fbdaddc50eabfada48ec
Author: Matt Riedemann <email address hidden>
Date: Fri Nov 9 11:30:44 2018 -0500

    Mention meta key suffix in tenant isolation with placement docs

    This changes does two things to the admin scheduler configuration
    docs:

    1. Notes the limitation from bug 1802111 for the older
       AggregateMultiTenancyIsolation filter and mentions that
       starting in Rocky, using tenant isolation with placement
       is better.

    2. Notes that when isolating tenants via placement, the metadata
       key "filter_tenant_id" can be suffixed to overcome the limitation
       in bug 1802111.

    Change-Id: I792c5df01b7cbc46c8363e261bc7422b09180e56
    Closes-Bug: #1802111

Changed in nova:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/617535
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4c0342bf1d86bca2bedf1118b341295998d2c7f6
Submitter: Zuul
Branch: stable/rocky

commit 4c0342bf1d86bca2bedf1118b341295998d2c7f6
Author: Matt Riedemann <email address hidden>
Date: Fri Nov 9 11:30:44 2018 -0500

    Mention meta key suffix in tenant isolation with placement docs

    This changes does two things to the admin scheduler configuration
    docs:

    1. Notes the limitation from bug 1802111 for the older
       AggregateMultiTenancyIsolation filter and mentions that
       starting in Rocky, using tenant isolation with placement
       is better.

    2. Notes that when isolating tenants via placement, the metadata
       key "filter_tenant_id" can be suffixed to overcome the limitation
       in bug 1802111.

    Change-Id: I792c5df01b7cbc46c8363e261bc7422b09180e56
    Closes-Bug: #1802111
    (cherry picked from commit 1fa09acf08dacf94a435fbdaddc50eabfada48ec)

This issue was fixed in the openstack/nova 18.1.0 release.

This issue was fixed in the openstack/nova 19.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers