Conversion from single to multi-tenant

Jay's Avatar

Jay

18 Sep, 2017 08:00 AM

Hi OD,

we've recently upgraded from 2.6 to 3.16 and I'm reviewing your multi-tenant support in the hopes we can transform our configuration to take advantage of those new features.

For the most part, the conversion is fairly straightforward, but I am having an issue with our authorisation rules. To illustrate, we currently support a one-project-per-customer model. In the project variables, we keep configuration that differs from one customer to the next. Each project is linked to multiple library variable sets: a "Global Variables" set which defines configuration that's true for each deployment, a "Currency Codes" set with a hundred or so mappings of currency-code-to-country-code mappings and an "Authorisations" set per customer. Each of these library variable sets may differ per environment and/or over time.

Logically, the Authorisations library variable sets could each be merged with the associated project variables in that they're each linked to only one project. Pragmatically, they're separated into library variable sets because there's a couple hundred of them per customer and (before you improved the variable filter functionality) they were difficult to filter out.

Generally speaking, in adopting a multi-tenant layout, the project variables become variable templates largely informed by the tenant and the "Global variables" library variable set become project variables. An easy enough switch via the API. However, in this model our hundreds of authorisation rules (per customer) need to become tenant variables that are defined as variable templates of the project.

My problem is that the Project Variables tab on each Tenant screen is MASSIVE. Each environment has over 100 variables to fill out and none of it is filterable/searchable.

I attempted to create a new library variable set, with only authorisation rule templates in it, link that to the existing authorisation library variable set via tenant tags, but that presented problems with environment-level scoping.

As it stands, I can't sell multi-tenancy to our support/deployment teams. Do you guys have any suggestions on how I can structure our CM in a multi-tenant structure which doesn't introduce a maintenance nightmare?

Thanks,

Jay

  1. Support Staff 1 Posted by Kenneth Bates on 21 Sep, 2017 02:23 AM

    Kenneth Bates's Avatar

    Hi Jay,

    Thanks for getting in touch! I'm terribly sorry about the delay in getting back to you. I've had a couple discussions with my team concerning your questions.

    Firstly, you're correct that library variable templates can't be scoped to an environment, so unfortunately that's not possible if you need environment scoping.

    You make a good point regarding the UI of the tenant variables page being unfriendly for large numbers of variables like in your scenario. The only workaround we can think of for the moment is to manage these authorisation variables as JSON or XML, and store the entire set for each tenant as a single variable. This would resolve the large number of variables, but it depends on whether you can modify your process to work with this.

    This point you raised has started a conversation about re-thinking the tenant variables page to make it more usable for large numbers. It's currently ongoing, but I'll be sure get back to you soon with any updates regarding this.

    I hope this helps for the time being! I'm sorry it's not better news, but thank you for bringing this to our attention. It really helps us work towards continually improving Octopus. :)

    Kind regards,

    Kenny

  2. Support Staff 2 Posted by Kenneth Bates on 21 Sep, 2017 03:38 AM

    Kenneth Bates's Avatar

    Hi Jay,

    Just following up after some more discussion. I've created the following issue to address how this page behaves in a scenario with a large number of variables.
    https://github.com/OctopusDeploy/Issues/issues/3813

    We're currently working on completely overhauling our UI for the upcoming 4.0 release, so this will be addressed after that release. If you're interested in checking it out, we've shown some of the UI changes as they are right now in our most recent TL;DR meeting, and you can see that in action here. :)
    https://www.youtube.com/watch?v=0PPI49Ld-vE

    Don't hesitate to reach out if you have any further questions going forward.

    Best regards,

    Kenny

  3. 3 Posted by Jay on 21 Sep, 2017 04:38 AM

    Jay's Avatar

    Hi Kenny,

    at first, I thought the JSON/XML suggestion might only make things more cumbersome, but you've prompted me to return to the variable substitution documentation and I note that you now have native JSON parsing (we've come from 2.6). It might actually be a better, more manageable, solution than our current one-variable-per-authorisation-rule approach since they're all of a kind. I'll try to sell it to our support teams.

    That said, even were our authorisation rules reduced to one variable per customer, we still have over 100 variables which will make the tenant variables pages unwieldy. So I'll be following your raised issue closely. I watched the 4.0 video you linked, by the way, looks very promising.

    Thanks very much for your considered response and suggestions. I've been repeatedly surprised by the responsiveness and extra mile effort of the OD support staff. You guys are great.

    J

  4. Support Staff 4 Posted by Kenneth Bates on 21 Sep, 2017 10:14 PM

    Kenneth Bates's Avatar

    Hi Jay,

    You are very welcome! Thank you for the kind words, and again thanks for bringing this to our attention. If you have any further questions going forward, don't hesitate to reach out again. :)

    Best regards,

    Kenny

  5. 5 Posted by Jay on 21 Sep, 2017 10:15 PM

    Jay's Avatar

    [Deleting OOO message]

  6. Paul Stovell closed this discussion on 02 Jan, 2018 08:53 PM.

  7. Jay re-opened this discussion on 07 Jun, 2018 01:15 AM

  8. 6 Posted by Jay on 07 Jun, 2018 01:30 AM

    Jay's Avatar

    Hi OD,

    I'd like to keep this discussion both open and public until this weakness with OD multi-tenant support is addressed. The associated issue raised in September 2017 appears to have stalled and the latest version v2018.5.7 continues to provide an impractical and inconsistent interface for tenant-level configuration management.

    Note that this issue precludes us from migrating approximately 300 deployment projects, which we currently manage 8 products for 30 or so tenants apiece, to 8 far simpler projects. We're also unable to effectively take advantage of your Channels feature.

    The current interface prevents us from filtering variables by name and value, and requires that common values among environments are defined per environment. All of which you make available on project-level and library variable set screens, but not for tenants.

    Can you please acknowledge the inconsistency and provide an update on this one?

    Thanks,

    Jay

  9. Jay closed this discussion on 22 Oct, 2018 10:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac