9:31 a.m.
----- Original Message -----
From: "Jay Shaughnessy" <jshaughn(a)redhat.com>
To: hawkular-dev(a)lists.jboss.org
Sent: Friday, May 6, 2016 9:21:59 AM
Subject: Re: [Hawkular-dev] accounts, tenants, the agent
I always thought tenants were more akin to grouping associated data, like
everything for datacenter-1, or company-x, and so users would have their
queries limited to their relevant data. If every feed has a different
tenantid by default, then wouldn't it be difficult to consolidate data in a
view? I know in H Alerting that tenantId is used more in the fashion I
discussed, and multi-tenant queries are not efficient. It seems to me we'd
be better off using a single default, like "global-tenant".
I always view tenants as being more of a user concern. As a user I can rent one or more
units in an apartment building and I control the keys to these apartments. I can only be
in one apartment at a time, but I can leave and go to another apartment I own if I want.
Other users can also rent one or more units in the building as well. There may be a
landlord (admin) who also has a key to all units as well.
I think we need to keep one default tenant for everything (eg 'hawkular' or
something generic) and not have a per feed tenant. You can't query or aggregate data
across tenants in Hawkular Metrics, and I would assume most users would want to have one
tenant by default rather than one tenant per feed. I assume that users will probably want
to perform aggregates across a cluster of similar machines, which you can't do if each
machine has a separate tenant id.
Tenants are also used for access control. In OpenShift they have projects (aka namespaces)
which we use as the tenant id. A user in OpenShift needs to specify that project they are
using when they perform any action, and access control is configured on a per project
basis. For metrics, when someone tries to access one of the endpoints, we verify that they
have access to the corresponding project in OpenShift before granting them access to the
corresponding metrics in Hawkular Metrics.
On 5/6/2016 8:21 AM, John Mazzitelli wrote:
Can't you just consider the tenantId the same as the feedId? Or use some
fixed word, like 'global'? Please don't use the slashes, equal symbols and
others :)
That's what I was thinking of doing to avoid requiring people to set the
tenantId. They can still set tenantId if they want something different, but,
I think I will default to the feed ID.
As for the inventory, currently the tenant is auto-created with the very
first call to the rest api. There is no dedicated endpoint to create the
tenant. The tenant id is obtained from the accounts component. Probably,
this will be changed to get the tenant id from the http header. So all you
need to do is to start inserting the data with the correctly set tenant id
header.
Right. I would have to add that. Right now the agent only sends tenant ID
header to metrics. Looks like I will need to send it to inventory as well.
I wonder if we need to start passing tenant ID around in the websocket
commands too?
Peter/Juca - with all the work you are doing in cmdgw stuff - do you know if
we need to add tenant ID to all the commands?
_______________________________________________
hawkular-dev mailing list hawkular-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/hawkular-dev
_______________________________________________
hawkular-dev mailing list
hawkular-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/hawkular-dev