multitenancy

[Habbie]

Support users/groups, either by making it easy to run multiple metronomes, or writing actual code.

[pieterlexis]

Ideas we had yesterday:

• Separate instance per non-anonymous user/group (sucks)
• 'chroot' users to a part of the tree
• Whitelisting IPs that may write to that subtree

[Habbie]

@pieterlexis suggested that the collectd protocol might be a better fit. It has usernames, signing and encryption.

[Habbie]

I feel that a metronome instance per user provides a lot of benefits (including scalaibility to multiple machines), if we write decent front end proxies:

• for HTTP, something that auths the user and picks the right backend instance based on the user
• for metrics (carbon/collectd), proxy to the right backend based on whatever criteria we come up with (in collected, authed username; in carbon, a user-specific prefix and/or IP-subnet based)

[Habbie]

Extra benefit of per-user instances: no risk that a parsing mistake in the proxy exposes data from user A to user B.

[pieterlexis]

for the carbon input, IP whitelists only, as the prefix (and the data 😢 ) is sent in cleartext

[Habbie]

Agreed. Now we just have to type it in!

[Habbie]

We strongly suspect this can be fully done using haproxy, without writing any code. Pieter will prototype :)