Go to the profile of Aaron Rosen
Aaron Rosen
OpenStack Hacker Neutron/Congress Core developer, part time world traveler and experience seeking addict.

Nova flavors with access control!

This post was was originally posted on September 17, 2014 on blog.aaronorosen.com

Recently, I wanted to create a new flavor in nova in our OpenStack deployment and noticed there was a way to do access control to make the flavor only visible/usable to specific tenants.

To do this first create the flavor:

$ nova flavor-create 8vCPU-16GB_Mem 99 16384 0 8 --is-public=False
+----+----------------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name           | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+----------------+-----------+------+-----------+------+-------+-------------+-----------+
| 99 | 8vCPU-16GB_Mem | 16384     | 0    | 0         |      |     8 | 1.0         |     False |
+----+----------------+-----------+------+-----------+------+-------+-------------+-----------+

Then, find the tenant_id you want to give access to this flavor.

$ keystone tenant-list | grep arosen
| d4e4332d5f8c4a8eab9fcb1345406cb0 | arosen | True |

Associate tenant with flavor:

$ nova flavor-access-add 99 d4e4332d5f8c4a8eab9fcb1345406cb0
+-----------+----------------------------------+
| Flavor_ID | Tenant_ID                        |
+-----------+----------------------------------+
|        99 | d4e4332d5f8c4a8eab9fcb1345406cb0 |
+-----------+----------------------------------+

Now, this flavor is only exposed to this tenant to use:

$ nova flavor-list
+----+-----------------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name            | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------------+-----------+------+-----------+------+-------+-------------+-----------+
| 0  | 1vCPU-2GB_Mem   | 2048      | 0    | 0         |      | 1     | 1.0         | True      |
| 1  | 1vCPU-4GB_Mem   | 4096      | 0    | 0         |      | 1     | 1.0         | True      |
| 10 | 4vCPU-10GB_Mem  | 10240     | 0    | 0         |      | 4     | 4.0         | True      |
| 11 | 1vCPU-512MB_Mem | 512       | 0    | 0         |      | 1     | 1.0         | True      |
| 12 | 1vCPU-1GB_Mem   | 1024      | 0    | 0         |      | 1     | 1.0         | True      |
| 2  | 2vCPU-2GB_Mem   | 2048      | 0    | 0         |      | 2     | 2.0         | True      |
| 4  | 2vCPU-8GB_Mem   | 8192      | 0    | 0         |      | 2     | 2.0         | True      |
| 5  | 4vCPU-4GB_Mem   | 4096      | 0    | 0         |      | 4     | 4.0         | True      |
| 6  | 4vCPU-8GB_Mem   | 8192      | 0    | 0         |      | 4     | 4.0         | True      |
| 7  | 4vCPU-16GB_Mem  | 16384     | 0    | 0         |      | 4     | 4.0         | True      |
| 99 | 8vCPU-16GB_Mem  | 16384     | 0    | 0         |      | 8     | 1.0         | False     |
+----+-----------------+-----------+------+-----------+------+-------+-------------+-----------+

This ended up being pretty useful and has been a feature of OpenStack since Folsom!