[one-users] use of IMAGE_ID and its ilk in 3.0
Carlos Martín Sánchez
cmartin at opennebula.org
Fri Nov 4 05:00:21 PDT 2011
Hi Chris,
I think adding the owner is a good idea. However, the examples you provide
rely on the '/' separator, and currently that's a valid character for both
user and resource names.
This is our suggested syntax to implement this:
DISK = [ IMAGE = "Ubuntu",
IMAGE_UNAME = "oneadmin" ]
DISK = [ IMAGE = "Ubuntu",
IMAGE_UID = 7 ]
DISK = [ IMAGE = "Ubuntu" ]
DISK = [ IMAGE_ID = 23 ]
1: use the Image named ubuntu, owned by the user named oneadmin.
2: use the ubuntu Image owned by user with ID 7.
3: use the ubuntu Image owned by the user instantiating the VM.
4: use image with ID 23
Thomas, what do you mean by the following? Could you elaborate a bit more?
If you are referreing to VMs, you can feed template files to the "onevm
create filename" command.
2011/11/3 Thomas Higdon <thigdon at akamai.com>
> Another more radical suggestion is to do away with the template
> management system entirely, and switch to a system where the templates
> are derived directly from files that exist on the filesystem. This has a
> number of advantages I can see (if you're interested I'll explain
> further), but it might be more change than you're willing to go through
> at this point.
>
Regards.
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
2011/11/3 Chris Johnston <chjohnston at rim.com>
> This issue has caused myself much frustration as well. Personally I prefer
> the suggestion of using both the owner and the resource name for specifying
> a resource. That should work for just about any use case and allows names
> to be used at any level with no confusion as to what resource is really
> being referenced. For example...
>
> IMAGE = "oneadmin/generic"
> IMAGE = "dev01/virtapp"
> IMAGE = "user01/virtapp"
> IMAGE = "user01/custom"
>
> ...and the same for NETWORK. It does add some overhead but it's a lot
> simpler than maintaining lists of IDs and constantly updating scripts.
>
> -----Original Message-----
> From: users-bounces at lists.opennebula.org [mailto:
> users-bounces at lists.opennebula.org] On Behalf Of Thomas Higdon
> Sent: Thursday, November 03, 2011 12:36 PM
> To: Carlos Martín Sánchez
> Cc: users at lists.opennebula.org
> Subject: Re: [one-users] use of IMAGE_ID and its ilk in 3.0
>
> Hi, it's good to know the ONE developers are so open to feedback about
> the way the system works. ONE seems great from what I've used so far.
>
> The solution that you would propose would work fine for me, mostly
> because it looks like that for a single user, the templating system
> would work the same as it did for 2.2, which was ok with me.
>
> I'm a little leery of the idea of ever forcing users to use IMAGE_ID or
> NETWORK_ID parameters. In my mind, forcing users to specify these in
> static template strings/files is equivalent to some Unix command-line
> tool asking a user to specify the inode number of a file rather than its
> name.
>
> Here's a suggestion. Your database is basically a key-value store. In
> 2.2, the only key you allowed is the name (in 3.0 it's only ID). I'd
> suggest that you allow more freedom in the specification of keys. You
> might ask users to specify a name for resources that they own. If they
> are asking for resources that they don't own, then they must also
> specify which user owns that resource, or perhaps which group. If
> there's ambiguity, then error on that.
>
> Another suggestion I would make is to remove the NAME attribute from all
> templates (or make it optional) and allow users to specify a name on the
> command-line, defaulting to something reasonable, as is done now for
> template instantiation. That way, users who don't care what the name is
> don't need to specify it, and users who do care don't need to edit a
> text file to instantiate multiple instances of the same resource. I see
> this as being useful in a scenario where I want to create <x> read/write
> 250GB disks for <x> VMs, but not necessarily create <x> template files,
> or edit one file <x> times.
>
> At the end of the day, desirable behavior for me is to be able to create
> a set of static template files for networks, images and VMs, and be able
> to instantiate all of them in the proper order and have it just work.
> ONE 3.0 does not allow me to do that.
>
> Another more radical suggestion is to do away with the template
> management system entirely, and switch to a system where the templates
> are derived directly from files that exist on the filesystem. This has a
> number of advantages I can see (if you're interested I'll explain
> further), but it might be more change than you're willing to go through
> at this point.
>
> On Thu, Nov 03, 2011 at 08:55:30AM -0500, Carlos Martín Sánchez wrote:
> > Hi Thomas,
> >
> > Some users requested to let new resources use repeated names, see for
> instance
> > this thread [1]. This makes sense in deployments with a large number of
> users,
> > or in a multi-tenant scenario, where you don't want users having to try a
> > resource creation several times until they find a free name.
> >
> > We implemented this allowing repeated names, but only if they are not
> owned by
> > the same user. It was done this way so users can reference resources by
> name in
> > CLI commands, e.g. 'oneimage show my_img'.
> >
> > Since we released OpenNebula 3.0, some of you have complained about this
> > change, so let me try to explain why we decided to drop the NAME
> reference from
> > VM templates:
> >
> >
> > Lets say you want to use the VNet named "blue". In the worst case
> scenario, you
> > will have one "blue" network owned by you, several "blue" networks owned
> by
> > other people in your group, and several other "blue" networks owned by
> people
> > from other groups. You may, or may not, have rights to use the latter
> "blue"
> > networks outside your group.
> >
> > How does OpenNebula decide which "blue" network do you want to use? At
> first
> > sight, you could try to arrange them by priority: your VNet has comes
> first,
> > then VNets from your group, and then VNets from other groups. This
> presents a
> > lot of problems:
> >
> > You can have at most one "blue" network, but what happens if you are
> > instantiating a public template created by other user in your group?
> > Maybe the template was prepared by "boss_user", who owns a "blue" VNet
> with
> > addresses in the 192.169.10.0 network. But you own another "blue" VNet
> with
> > base address 192.168.30.0. The user will expect his VNets to have greater
> > priority, but then the VM will be created in a different VNet than the
> one
> > intended by "boss_user".
> >
> > If you don't own any "blue" network, you may create a template that uses
> a
> > public one owned by other user in your group. If it is the only "blue"
> network
> > in the group, then you template will work fine, until somebody else
> decides to
> > publish another "blue" network in the same group. From that moment,
> OpenNebula
> > would have to guess, or just refuse to instantiate that template that was
> > working fine before.
> >
> >
> > In the end, we could implement a priority and do our best to document
> it, but
> > we though that would cause a lot of confusion. The easiest solution was
> to
> > force the usage of IDs, what didn't look to us like a really limiting
> > requirement.
> >
> >
> >
> > After reading your feedback, we are considering to bring back the NAME
> > reference in VM templates for version 3.2.
> > We think the most robust and easier to understand behaviour is the
> following
> > one:
> >
> > * Allow to use NAME to reference only resources owned by the user
> instantiating
> > the VM.
> > * If the template is intended to be shared with other users, then it
> must use
> > the IMAGE_ID and NETWORK_ID attributes.
> >
> >
> > To all community members intersested in this issue, please share your
> thoughts.
> > What do you think about this? Would it be enough for your use-cases?
> Would you
> > address this issue differently?
> >
> >
> > Regards.
> >
> > [1]
> http://lists.opennebula.org/pipermail/users-opennebula.org/2010-October/
> > 002924.html
> >
> > --
> > Carlos Martín, MSc
> > Project Engineer
> > OpenNebula - The Open Source Toolkit for Data Center Virtualization
> > www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula
> >
> >
> > On Tue, Nov 1, 2011 at 6:12 PM, Thomas Higdon <thigdon at akamai.com>
> wrote:
> >
> > In 2.2, in a VM template, I could specify an image for a disk that
> was
> > in the image repository by using IMAGE = <name>. This behavior
> appears
> > to have been removed in 3.0, in favor of using IMAGE_ID = <id>, where
> > <id> is an arbitrary number assigned by the opennebula system.
> >
> > This change in behavior seems kind of limiting. Before, I could
> create
> > an image with a certain name, and then instantiate a VM template that
> > had a disk that used that name. Now, in order to get that same
> behavior,
> > I must instantiate the image, note the ID returned, and then rewrite
> my
> > VM template to use that ID in its DISK attribute, then instantiate
> it.
> > This is also true of virtual networks.
> >
> > Is there something I'm missing with respect to how VM templates are
> > instantiated with respect to images? Is there any workaround that
> will
> > allow the old behavior? Why was this change made?
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
> >
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential
> information, privileged material (including material protected by the
> solicitor-client or other applicable privileges), or constitute non-public
> information. Any use of this information by anyone other than the intended
> recipient is prohibited. If you have received this transmission in error,
> please immediately reply to the sender and delete this information from
> your system. Use, dissemination, distribution, or reproduction of this
> transmission by unintended recipients is not authorized and may be unlawful.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111104/4dd974ff/attachment-0003.htm>
More information about the Users
mailing list