Return-Path: 
 <cloudstack-dev-return-26948-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E86F9952E
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Fri,  8 Mar 2013 03:29:40 +0000 (UTC)
Received: (qmail 32569 invoked by uid 500); 8 Mar 2013 03:29:38 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 32377 invoked by uid 500); 8 Mar 2013 03:29:38 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 32328 invoked by uid 99); 8 Mar 2013 03:29:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Mar 2013 03:29:36 +0000
X-ASF-Spam-Status: No, hits=2.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_SOFTFAIL
X-Spam-Check-By: apache.org
Received-SPF: softfail (athena.apache.org: transitioning domain of
 mike.tutkowski@solidfire.com does not designate 209.85.219.53 as permitted
 sender)
Received: from [209.85.219.53] (HELO mail-oa0-f53.google.com) (209.85.219.53)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Mar 2013 03:29:32 +0000
Received: by mail-oa0-f53.google.com with SMTP id m1so1512594oag.12
        for <cloudstack-dev@incubator.apache.org>;
 Thu, 07 Mar 2013 19:29:11 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:content-type:x-gm-message-state;
        bh=PhI/6KEDZEpVU2+Zhd6GLSbESjNeJTwV20B2XAaK7uo=;
        b=HynGn0THwOToYyaSND4wRcE1Ibs+Wl9Pm3KDOuaYEtlPbaiHOXXtqEIHkPquVKlHJJ
         lYcUjLzEKq3J2JVP4mbZ/Hifkrc+QFYLRvEXWtAyHSLw0B7Kt4GLnLbSxu/6WEV3QEAh
         5sT2NZ5Rs74OwnOMUm5poRR/AxnP9SgdJQEpcU4MTb7Rckw2eo9etVYIpk1K1seJaCOY
         Wc/18rvsbKW0fcsyAR2KGzytryKt5M02ACiUr4RtQnCZTP0alwXzRRERUvhiW10v58vC
         iLGxRQkMkGZPj0i7xalbMLgF/rWpuC8wgh7aStpSnXEjN4iw0iiNIyW9hKoAqu00bPD8
         ayMQ==
MIME-Version: 1.0
X-Received: by 10.60.23.226 with SMTP id p2mr403496oef.103.1362713351104; Thu,
 07 Mar 2013 19:29:11 -0800 (PST)
Received: by 10.182.76.199 with HTTP; Thu, 7 Mar 2013 19:29:11 -0800 (PST)
In-Reply-To: 
 <C66C814C1ABFA8449FF65CB44953A8B4012ED82671C1@SJCPMAILBOX01.citrite.net>
References: 
 <CACOnxCjiS3B+dyK405WeETfdqpYdsf6wAoz3JvCvoaNsV8yJiA@mail.gmail.com>
	<C66C814C1ABFA8449FF65CB44953A8B4012ED82671C1@SJCPMAILBOX01.citrite.net>
Date: Thu, 7 Mar 2013 20:29:11 -0700
Message-ID: 
 <CACOnxChYX5c86-b7yWDRfpMQaNbPHUMa2SVAL3xc+MRPq2m9HA@mail.gmail.com>
Subject: Re: Storage Subsystem 2.0 Questions
From: Mike Tutkowski <mike.tutkowski@solidfire.com>
To: "cloudstack-dev@incubator.apache.org"
 <cloudstack-dev@incubator.apache.org>
Content-Type: multipart/alternative; boundary=e89a8ff1c4e03966e704d7616dd8
X-Gm-Message-State: 
 ALoCoQnxJbsob0Mb9UE4SmpV89cSx+o9ar+JNsmmZpDDyA1TcGsm0tnZg6J7sE0zsnaVCeX3cR3x
X-Virus-Checked: Checked by ClamAV on apache.org

--e89a8ff1c4e03966e704d7616dd8
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hey Edison,

Thanks for that info.

When grantAccess and revokeAccess are invoked, do I have access to the IQN
of the host in question?  What about if that host is using CHAP
credentials?  Where do those come into play?

Thanks!


On Thu, Mar 7, 2013 at 5:36 PM, Edison Su <Edison.su@citrix.com> wrote:

>
>
> > -----Original Message-----
> > From: Mike Tutkowski [mailto:mike.tutkowski@solidfire.com]
> > Sent: Monday, March 04, 2013 9:22 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Storage Subsystem 2.0 Questions
> >
> > Hi,
> >
> > I'm working on implementing a storage plug-in for CS 4.2.
> >
> > I'm looking at the following Wiki page for guidance, but have some
> > questions:
> >
> > https://cwiki.apache.org/CLOUDSTACK/storage-subsystem-20.html
> >
> > One interface that needs to be implemented is PrimaryDataStoreDriver.
>  I'm
> > not sure what is expected for all of the following methods:
> >
> > * grantAccess:  It looks like this is called in an attempt to confirm
> that the host
> > which desires access to the volume in question is allowed to do so.  I
> suspect
> > this is where CHAP credentials might be provided?  In my situation,
> there are
> > a couple ways I'd like to restrict access:  1) CHAP or
> > 2) allow a subset of IQNs to access the volume in question.  Is this
> kind of
> > information provided to me here?  Do I simply return the IQN of the
> volume
> > as a successful response from this method?  What if the access sent is
> not
> > sufficient?  How do I deny access?
> In the original design, it has two purposes:
> 1. Make the volume accessible to a storage client(e.g. a hypervisor host
> who wants to access this volume). If the storage box has its ACL, it's th=
e
> place to enforce this kind of ACL. How to implement it, it's up to device
> vendor. For example, when creating a volume, I make it inaccessible to
> anybody, later on, when cloudstack selects an hypervisor host to access
> this volume(e.g attach the volume to VM created on this hypervisor host),
> cloudstack will call this API to make the volume accessible to this
> hypervisor host.
> It's not exactly the same as CHAP credentials. Per my understanding, CHAP
> credential is an access token, it already implies, anybody who has this
> credential, can access this volume. You can think this API as the way to
> generate this token.
> 2. Return a string to represent the volume, either an IQN, or uuid, or IQ=
N
> + CHAP credentials, or an URI, etc, cloudstack will send down the string =
to
> hypervisor host, in order to access the volume.
>
> >
> > * revokeAccess:  I don't really understand when this method would be
> called
> > or why.  Perhaps I can simply implement it to return true (or false)?
>  In my
> > situation, when a volume is dynamically created for a hypervisor of a
> cluster,
> > I'd want to allow access to it from all hosts in the app cluster in
> question.
> > Maybe this method is called before the volume is deleted or something?
>
> It's the reverse step as grantaccess. Whatever you did in grantaccess
> should be reversed in this API.
>
> >
> > * listObjects:  I don't really understand when this method would be
> called or
> > why.
>
>
> This is the API to list existing volumes on the storage box. The usage
> case will be able to import existing volumes/templates into cloudstack, i=
f
> the DB is wiped out.
> You can don't implement it as nobody uses it yet.
>
> >
> > * createAsync:  I believe this is where I place my code to create a
> volume
> > (LUN) on our SAN.
> >
> > * deleteAsync:  I believe this is where I place my code to delete a
> volume
> > (LUN) on our SAN.
> >
> > Thanks for any guidance here!
> >
> > --
> > *Mike Tutkowski*
> > *Senior CloudStack Developer, SolidFire Inc.*
> > e: mike.tutkowski@solidfire.com
> > o: 303.746.7302
> > Advancing the way the world uses the
> > cloud<http://solidfire.com/solution/overview/?video=3Dplay>
> > *(tm)*
>



--=20
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkowski@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud<http://solidfire.com/solution/overview/?video=3Dplay>
*=99*

--e89a8ff1c4e03966e704d7616dd8--