I finding myself very hard to understand what is the concept of tenants in CF, is it org or can be several of orgs connected together and if so how the resource are shared between.
can someone give simple example what and how CF support the multi-tenant environment .
this not help(me) too much ...
Cloud foundry tenants - what?
I'm not sure what can really be added beyond what's already been stated here. I'll try though.
In CF an org is the basic component that allows you to have multiple "tenants". One org is completely separated from another org and one org cannot see or access resources in another org. Each org also has the ability to contain multiple spaces. A space provides the ability to further subdivide resources and limit access to resources within the space.
The concepts are intentionally opaque as that allows you to be a bit more flexible in their usage. If a concrete example might help to explain things better, you could think of a CF org as a company and a space as a division or team within that company. It's definitely not limited to that analogy though, just trying to provide a more concrete example of one way this could work.
Hope that helps!
Related
Similar to posts like this Separate dev and prod Firebase environment
I'm running into similar structuring issues. Unlike other posts like that that i've found, in my case, it's GCP as a whole rather than just Firebase. In addition, i'm looking at separation (or not) of blue and green deployments ALONG with the various environments.
The projects will be handling IoT data; mobile, field sensor/modules, web (in the future). Currently everything is unfortunately in one project.
So, i'm thinking of having 3 different projects for the staging, production, and test environments with each project having both blue and green deployments per, perhaps besides test but that's a different conversation.
Does GCP as a whole have documentation or recommendations about this? Or do you guys have any recommendations?
It's hard to answer because it depends a lot of your organization, your needs and your way of working.
Here you can find a google document about resources hierarchy.
However, I already see some GCP customers using only one project for dev/uat/prod because they share the same K8S cluster and separate the environment thanks to the namespace. By the way, the cluster maintenance cost is done only once for all the different steps of the project.
About the Blue/Green it depends on which component you want to apply this. If it's on the website, App Engine, or a Global Loadbalancer can do this. If it's about IoT Core or PubSub, I fear that you have to manage this by yourself or to create 2 different projects for this.
I realize the general compartmentalization of apps & services into spaces so you can control access and such.
But I am not clear on why there is also the concept of organization? Are usage charges done per org? Or is it just a way to organize spaces?
Organizations are the concept to manage resources and, well, organize work. The Cloud Foundry docs say about an organization:
An org is a development account that an individual or multiple
collaborators can own and use. All collaborators access an org with
user accounts. Collaborators in an org share a resource quota plan,
applications, services availability, and custom domains.
As you said, spaces are used to deploy resources and to control access. Adding another org would make sense to introduce another department, project or maybe even a business unit to a Cloud Foundry instance like the IBM Cloud with Bluemix. Who is accountable (for the deployed resources)? How are projects and teams organized?
Yes - an organization helps segregate different development efforts, similar to the way a space works. However, when you look at your usage and your bill you can see it broken out by organization. It's one of the reasons I suggest doing different organizations for different cost centers in an organization - so you can do chargebacks. See https://developer.ibm.com/dwblog/2017/ibm-cloud-bluemix-watson-new-customers/...
In Cloud Foundry, Organizations are top level management which consists of multiple spaces. Spaces is like specific team or you can consider as different environments like development, testing, pre-prod or prod. There are multiple roles both in Organization and Space.
For Organization, there are Org Manager and Org Auditor.
Org Manager will look invite users to organization, view quotas and assign quotas to spaces. Org Auditor can check how many users in an org, spaces, quotas details but they can't edit or make change in an organization.
I recommend to have a look at this link https://docs.cloudfoundry.org/concepts/roles.html#orgs
I am trying to explore Apache NiFi. So far haven't seen any ways to version control flows.
Is there a way to version control flows when multiple users are trying to develop in the same instance?
What about code merge from multiple users?
Any help in these regards will help me to continue my exploration.
In addition to James's great answer I'll also point out that this approach to flow management has leveraged external version control systems and put the task on the user to perform. What I mean is that users (or automated processes) could initiate the production of a template and then store that template into a VCS. This has worked well but it is also insufficient. The other direction is also important where given a versioned flow one would like that to be automatically reflected on another cluster/system/environment. Think of the software development lifecycle one might go through when building flows in a development environment and proving/vetting into and through production. Or think of a production case where behavior is not as expected. While NiFi offers a really powerful interactive command and control model sometimes people want to be able to test new approaches and theories in another environment. As a result, we're working now on a really awesome capability.
Come join the conversation. We'd like to hear your thoughts.
Thanks
NiFi Templates are a great format for configuration management of a NiFi flow. You can define templates for everything from small example snippets up to large nested process group structures, essentially your entire flow. Templates will include processors, queues, and controller services, but will not contain sensitive values like passwords. Templates are stored as XML files friendly to source control (since NiFi v1.0).
Templates provide a way for individual developers to separately build parts of a flow, then merge the parts together in a single NiFi. If you match templates with process groups, swapping out the old one with the new one can be fairly easy and intuitive.
The answer to this question is YES, you can use NiFi Registry to have version control.
Below you can see a how it looks like.
The project page is:
https://nifi.apache.org/registry.html
Pretty simple thought considering we're rolling out according to normal development paradigms (Development environment, then pushing to Production after QA).
I'm not able to find anywhere on the web describing how to export all the Business Units our teams have built into our development environment and then re-import. Also, Security Roles we've created underneath specific Business Units aren't available to do an "Add Existing" to a Solution.
Seems like this should be something simple. How do I accomplish this?
I've just gone through this myself. Sorry man, there is no way to include business units into a solution. We had to manually create all the BU's again in our Production environment. You can deploy Root level security roles. I decided to create Root level security roles since I can add those into a solution. It makes for a less organized security role setup, but I know I'm deploying tested security roles. I created a naming convention that helped organize them better since I went this direction.
My current project involves using LDAP (Active Directory) and I'm using issue tracking for all of my projects, so the idea of combining both of them crossed my mind. In order to fit the requirements of StackOverflow I'll try to formulate this as question but I admit, this is more about just getting some opinions, please forgive me :):
I think that issue-tracking and SCM (software configuration management) in general would be a good application for LDAP because of the following reasons:
Easy to integrate into existing infrastructure (no need for additional user management)
Fine-grained access control for projects/issues etc.
Ready-To-Use hierarchical, property-oriented storage (which is typically needed for SCM/issue trackers)
Standard-API with bindings for almost all languages/technologies
Searching/Indexing, Backup/replication functionality already present in most LDAP solutions
Extensible schema already part of the LDAP technology (it would be easy to add properties to issues/projects etc.)
So my questions are:
Are you aware of any existing attempts to define a (standard) schema for issue-tracking resp. SCM (i.e. class definitions for issues, projects, versions, releases, revisions etc)
LDAP usually manage relatively slowly-changing data. How well would current implementations (OpenLDAP, ActiveDirectory) handle data (mainly in terms of performance and amount of data) that typically changes very frequently?
Are there any other drawbacks of such a solution you can think of?
and of course
Who would like to try to start such a project :) ...
The OP precises:
The question is not about using an existing issue tracker with LDAP authentication (redmine can do this for example),
but about storing tickets/issues/etc. directly within the LDAP tree...
Currently, each issue tracker has it's own API for accessing data, having all data accesible via LDAP could make writing tools (e.g. integration into IDEs etc.) much easier
To which the answer is easy.
Don't.
LDAP is not (repeat, not) made for that, and there is much more to an SCM or an Issue Tracker than just a bunch of hierarchical data.
An SCM has to come up with a way to store/reference efficiently deltas, entire tree, branches, labels.
an Issue Tracker is all about multiple relationship between one item and several other (several parents/children, related, duplicated, ...), plus has to manage somehow a tight reference with the code (or rather the changeset, set of version modified)
While it is true than by adding a all lot of new objectClass types, you could end up with a similar structure, you would essentially take what it is a Lightweight Directory (ie optimized for reading only) and transform it into a huge referential (with lots of read/write operations and complex data structures).
If you are looking about an unifying API, one generic one (not just for SCM or Bug Tracking) is OSLC (Open Services for Lifecycle Collaboration), an open-sourced protocol currently used for Change Management by RTC (Rational Team Concert).