incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ram Ganesh <Ram.Gan...@citrix.com>
Subject RE: [DISCUSS] Dedicated Resources: Dedicate Pods, Clusters, Hosts to a domain
Date Wed, 26 Dec 2012 18:44:58 GMT
Hi Alex,

Please see my inline comments

> -----Original Message-----
> From: Alex Huang [mailto:Alex.Huang@citrix.com]
> Sent: 21 December 2012 23:18
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods, Clusters,
> Hosts to a domain
> 
> Planners are also plugins.  It just means your dedicated piece needs to
> implement a different planner.
> 
> We may need some cloud-engine work.  Prachi and I talked about the idea
> to let the service offering contain the planner cloud-engine should use
> to deploy a vm.  You can explore that idea.
> 
> But this part is just action acl.  This is the easy part. The more
> difficult part is the read part.  How do you limit what they can
> access.  That part you need to talk with Prachi about on her design.

	The initial thought here is to follow private zone design we have in CloudStack. A root-admin
as part of zone creation can specify a domain who would own this zone. In similar lines the
thought was to specify while adding a pod/cluster/host if it need to be dedicated and if yes
to whom it should be dedicated to, a domain name. Now when a domain user tries to deploy a
VM CloudStack checks if he/she has any of the resources dedicated. If Yes by default deploy
of VMs will be restricted to within the resources(pod/cluster/host) dedicated to the domain.
As part of say compute offering we can introduce an option to fallback to shared resources
if the user runs out of dedicated resource. 

> 
> Is there any requirement to let the end user administer the hardware
> since the hardware is dedicated to them?
> 

	I do not think so. All administration/maintenance of physical resources will continue to
be a root-admin responsibility.

 
> My problem right now is the list of requirements sent in your email is
> not enough.  We need to send out a list with regard to the following.
> 
> - OAMP. This means (Operations, Administrations, Maintenance,
> Provisioning) of hardware/physical entities/capacities.  Who is
> ultimately responsible for the OAMP aspects of the dedicated resources?
> Is it the domain admin/system amdin/ or some new role?  Depending on
> this, your interaction with the new ACL work can range from low to
> high.  This needs to be clearly outlined in the requirements.

	I would assume the system admin will continue to own OAMP.

> - CRUD operations.  This means (Create, Read, Update, Delete) on
> virtual entities and physical entities.  How does dedication affect
> those operations?  For example, questions asked by Mice in another
> email.  Here, you need to gather up the list of virtual entities we
> have and specify what it means for that entities in terms of CRUD.
> 

	Once a domain has resources dedicated CRUD operations will be applied only on those dedicated
resources and if domain users exhaust resources any further create operation(deployVM) will
fail. We could enhance this with an option in compute offering to allow use of shared compute
resources.

Yes we will come up with more pointed use cases/requirements and then share with the community
here.

> This is not a small feature.  Tread carefully.
> 
> --Alex
> 
> > -----Original Message-----
> > From: Prachi Damle [mailto:Prachi.Damle@citrix.com]
> > Sent: Friday, December 21, 2012 2:59 AM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods, Clusters,
> Hosts
> > to a domain
> >
> > Comments inline.
> >
> > -Prachi
> > -----Original Message-----
> > From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> > Sent: Friday, December 21, 2012 4:16 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods, Clusters,
> Hosts
> > to a domain
> >
> > Some queries inline
> >
> > > -----Original Message-----
> > > From: Prachi Damle [mailto:Prachi.Damle@citrix.com]
> > > Sent: Friday, December 21, 2012 3:04 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods,
> Clusters,
> > > Hosts to a domain
> > >
> > > Planners and allocators work on a DeploymentPlan provided as input.
> > > The caller can specify particular zone, pod, cluster, host, pool
> > > etc., to be used for deployment.
> > > So for enforcing the use of a dedicated pod, caller can set the
> podId
> > > in the plan and planners will search under the specific pod only.
> >
> > >>If a deploy vm request is from a user belonging to a domain which
> has a
> > dedicated resource, then setting the podid/clusterid etc. will work.
> However,
> > if I understand correctly there is a requirement that no user from
> outside the
> > domain, should be able >>to use the dedicated resource. They cannot
> be
> > restricted by how the planner is implemented right now. Should the
> avoid list
> > be used? But it doesn't seem like the right use of the field.
> >
> >
> > Yes avoid set lets you set the zone,pods,clusters,hosts to be avoided
> by the
> > planner. It can be used for this purpose.
> >
> >
> > >
> > > There may be some changes necessary (like accepting a list of
> > > pods/clusters instead of single Ids) but this design of planners
> > > should let you enforce the use of dedicated resources without major
> > changes to planners.
> >
> > >>Doesn't this mean that we are changing the core cloudstack code to
> > achieve dedicated resources features?
> >
> >
> > This change is not necessary; it is an optimization.
> >
> > Also, another way is to add a custom planner say
> DedicatedResourcePlanner
> > that will search for only dedicated resources for the given account.
> >
> >
> > > -----Original Message-----
> > > From: Devdeep Singh [mailto:devdeep.singh@citrix.com]
> > > Sent: Friday, December 21, 2012 2:58 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods,
> Clusters,
> > > Hosts to a domain
> > >
> > > Hi Alex,
> > >
> > > I assume some apis will be added for letting an admin dedicate a
> > > pod/cluster etc to a domain. This can be contained in a plugin.
> > > However, for enforcing that a dedicated resource is picked up for
> > > servicing deploy vm requests from a user; wouldn't planners and
> > > allocators have to be updated to take care of this?
> > >
> > > Regards,
> > > Devdeep
> > >
> > > > -----Original Message-----
> > > > From: Alex Huang [mailto:Alex.Huang@citrix.com]
> > > > Sent: Thursday, December 20, 2012 7:21 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods,
> Clusters,
> > > > Hosts to a domain
> > > >
> > > > Deepti,
> > > >
> > > > As Chiradeep pointed out, you should get in contact with Prachi.
> > > > You should plan on this after the ACL change or you can help out
> on
> > > > the ACL
> > > change.
> > > >
> > > > For this feature, you really need to think about the stats
> > > > collection side of this because you'll need to provide a lot of
> > > > warnings about being near capacity so people can plan
> accordingly.
> > > > It cannot be a case of the dedicated resource explodes and then
> they
> > > > go and work on expanding it.  So you should also talk with Murali
> > > > about how to do alerts in
> > > his new notification system.
> > > >
> > > > And then in your spec, you need to plan out how to do this in a
> > > > plugin architecture and not modify the core code.
> > > >
> > > > --Alex
> > > >
> > > > > -----Original Message-----
> > > > > From: Deepti Dohare [mailto:deepti.dohare@citrix.com]
> > > > > Sent: Thursday, December 20, 2012 4:32 AM
> > > > > To: cloudstack-dev@incubator.apache.org
> > > > > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods,
> > > > > Clusters, Hosts to a domain
> > > > >
> > > > > Hi Mice,
> > > > >
> > > > > Once a new pod is dedicated to the child-domain,  deployment of
> > > > > the new VMs will happen only  in the new pod.
> > > > > The existing VMs will keep running on parent-domain's pod.
> > > > >
> > > > > Do you have any other suggestion on this.
> > > > >
> > > > > - Deepti
> > > > > > -----Original Message-----
> > > > > > From: Mice Xia [mailto:weiran.xia1@gmail.com]
> > > > > > Sent: Thursday, December 20, 2012 4:52 PM
> > > > > > To: cloudstack-dev@incubator.apache.org
> > > > > > Subject: RE: [DISCUSS] Dedicated Resources: Dedicate Pods,
> > > > > > Clusters, Hosts to a domain
> > > > > >
> > > > > > but if further sub-domain is assigned a different pod then it
> > > > > > cannot access
> > > > > its
> > > > > > parent domain's pod. 2. Sub-domain and its child domains will
> > > > > > have the sole access to that new pod.
> > > > > >
> > > > > > when child domain already has some VMs on parent domain's
> > > > > > dedicated pod, is it allowed to assign a pod to the child
> domain?
> > > > > > or the existing VMs
> > > > > will
> > > > > > be migrated to the new pod?
> > > > > >
> > > > > > mice

Mime
View raw message