[openstack-dev] Global Cluster Template in Sahara

Liang, Yanchao yanliang at ebay.com
Thu May 28 21:35:12 UTC 2015 

Hi,

Sorry I missed the email…

Default template with ACL mechanism will definitely covers my use case. Admin-only writable template is exactly what I am looking for. However, I saw the blueprint and it is “Not started”. There is there anything I can help implementing the ACL?

Right now I am using a short-term solution similar to the one Trevor suggested, creating template for each tenant when they logging into Horizon, but its hard to maintain and update templates. I would love to have the ACL asap. Please let me know if anything I can help.

Thanks,
Yanchao


From: Sergey Lukjanov <slukjanov at mirantis.com<mailto:slukjanov at mirantis.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Thursday, April 16, 2015 at 3:22 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] Global Cluster Template in Sahara

Hi,

first of all - yes, we've implemented mechanism for default templates addition in Kilo, please, take a look on this spec and related changes: http://specs.openstack.org/openstack/sahara-specs/specs/kilo/default-templates.html

Regarding to your case, it's in fact about the admin-only writable templates shared between all tenants. We have a blueprint for implementing ACL for all Sahara resources - https://blueprints.launchpad.net/sahara/+spec/resources-acl . It's about implementing extended and flexible way to configure ACLs for resources and to provide end-users an ability to have the following types of resources:

* default - tenant specific, anyone in tenant could edit or delete
* public - shared between tenants in read-only mode, writable for users in tenant where it was created
* protected - if True than could not be removed before updated to False using the resource update operation
* admin or protected=Admin - to make only admin users able to write/delete resource

during the Kilo cycle we've been discussing this idea and initially agreed on it, because it sounds like the most OpenStackish way to provide such functionality. I have a draft spec for it (not yet published), I will publish it today/tomorrow and send a link to it to this thread.

Yanchao, does this ACL mechanism covers your use case? Any feedback appreciated.

Thanks.

On Thu, Apr 16, 2015 at 3:19 AM, lu jander <juvenboy1987 at gmail.com<mailto:juvenboy1987 at gmail.com>> wrote:
We have already implement the default template for sahara
https://blueprints.launchpad.net/sahara/+spec/default-templates

2015-04-16 5:22 GMT+08:00 Liang, Yanchao <yanliang at ebay.com<mailto:yanliang at ebay.com>>:
Dear Openstack Developers,

My name is Yanchao Liang. I am a software engineer in eBay, working on Hadoop as a Service on top of Openstack cloud.

Right now we are using Sahara, Juno version. We want to stay current and introduce global template into sahara.

In order to simplify the cluster creation process for user, we would like to create some cluster templates available for all users. User can just go to the horizon webUI, select one of the pre-popluated templates and create a hadoop cluster, in just a few clicks.

Here is how I would implement this feature:

  *   In the database, Create a new column in “cluster_templates" table called “is_global”, which is a boolean value indicating whether the template is available for all users or not.
  *   When user getting the cluster template from database,  add another function similar to “cluster_template_get”, which query the database for global templates.
  *   When creating cluster, put the user’s tenant id in the “merged_values” config variable, instead of the tenant id from cluster template.
  *   Use an admin account create and manage global cluster templates

Since I don’t know the code base as well as you do, what do you think about the global template idea? How would you implement this new feature?

We would like to contribute this feature back to the Openstack community. Any feedback would be greatly appreciated. Thank you.

Best,
Yanchao


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Sincerely yours,
Sergey Lukjanov
Sahara Technical Lead
(OpenStack Data Processing)
Principal Software Engineer
Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150528/c4560582/attachment.html>

More information about the OpenStack-dev mailing list