I have a private cloud with Ice House and I try to segregate/divide my cloud in several part I already use host-aggregate (nova) to assign specific compute nodes for tenant isolation and I try to do the same for cinder-volumes. I've tried a solution based on volume types and quotas but if user don't define type when he create a cinder volume, this volume may land on wrong cinder volumes type & quota (cinder) : hitchnyc post about openstack-multi-tenant-isolation

-- Sandbox architecture --

• cinder001 need to provide LVM iSCSI volume only for tenant001
• Note : tenant001 spawn VM only on compute001 thanks to host-aggregate
• cinder002-003 need to provide LVM iSCSI volumes for the other tenants

I already used some custom filter based on map (json file with association between volume-nodes and tenant :

• cinder.conf > scheduler_driver=cinder.scheduler.map.MapScheduler

• map.conf like this >

  { "*": [ "cinder002", "cinder003" ], "<"tenant001 uuid">: [ "cinder001" ] }

But I wondering if it's possible to handle this more at APIs level because this solution is too static