Multi-tenancy using Ironic would be a major feature, but also a scary feature. Let's talk about the risks associated with multi-tenancy, and options for mitigating these risks. We will discuss things such as:
* Poisoned firmware and methods for auditing / blocking it * Network isolation to keep untrusted hardware off the management network * Securely erasing storage devices to keep data safe * Dynamic vs. static node->tenant assignment * Quotas, hardware flavors, and usage tracking * Communicating risks, limitations, and best-practices to operators * Do we need to expose an API to non-privileged users?
Ideal outcome from this session is to identify the risks, agree on how to mitigate those risks, and assign action items.