[one-users] "onevm deploy" can force the deployment of VMs refused by scheduler
Javier Fontan
jfontan at gmail.com
Fri Dec 17 08:37:09 PST 2010
That is the intended behavior. It does not check for resource
availability. This command is there so you can manually schedule VMs.
Anyway I see your concern about users forcing the VM to be deployed
even when the scheduler does not find a slot for it. Fortunately now
we have auth plugins that can be easily modified to change the
authorization of commands. You have more information on how to enable
it in http://opennebula.org/documentation:rel2.0:auth. In
$ONE_LOCATION/lib/ruby/simple_permissions.rb there is a function that
holds the policy on actions:
--8<------
# Authorizes each of the tokens. All parameters are strings. Pub
# means public when "1" and private when "0"
def auth_object(uid, object, id, action, owner, pub)
return true if uid=='0'
auth_result=false
case action
when 'CREATE'
auth_result=true if %w{VM NET IMAGE}.include? object
if @quota_enabled and object=='VM' and auth_result
STDERR.puts 'quota enabled'
@quota.update(uid.to_i)
if !@quota.check(uid.to_i, get_vm_usage(id))
auth_result="Quota exceeded"
end
end
when 'DELETE'
auth_result = (owner == uid)
when 'USE'
if %w{VM NET IMAGE}.include? object
auth_result = ((owner == uid) | (pub=='1'))
elsif object == 'HOST'
auth_result=true
end
when 'MANAGE'
auth_result = (owner == uid)
when 'INFO'
end
return auth_result
end
------>8--
You can change this function so DEPLOY is not permitted, something like this:
--8<------
# Authorizes each of the tokens. All parameters are strings. Pub
# means public when "1" and private when "0"
def auth_object(uid, object, id, action, owner, pub)
return true if uid=='0'
auth_result=false
case action
when 'CREATE'
auth_result=true if %w{VM NET IMAGE}.include? object
if @quota_enabled and object=='VM' and auth_result
STDERR.puts 'quota enabled'
@quota.update(uid.to_i)
if !@quota.check(uid.to_i, get_vm_usage(id))
auth_result="Quota exceeded"
end
end
when 'DELETE'
auth_result = (owner == uid)
when 'USE'
if %w{VM NET IMAGE}.include? object
auth_result = ((owner == uid) | (pub=='1'))
elsif object == 'HOST'
auth_result=true
end
when 'MANAGE'
auth_result = (owner == uid)
when 'DEPLOY'
auth_result = false
when 'INFO'
end
return auth_result
end
------>8--
On Fri, Nov 26, 2010 at 8:23 AM, Zaina AFOULKI
<zaina.afoulki at ensi-bourges.fr> wrote:
> Hi,
>
> I'm testing a policy for the opennebula scheduler (for example Haizea)
> where in some cases, even if the host has enough resources, the scheduler
> can decline the lease. (and the VM shows as "pend" with onevm list).
>
> But I noticed that a user can then deploy it anyways with:
> $onevm deploy 12 host01
>
> I was wondering if this behavior is normal? shouldn't opennebula show the
> state "fail" for the VM instead of deploying it?
>
> What does the function onevm deploy do? does it check available resources
> only? does it ignore the decision of the scheduler?
>
> --
> Zaina
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Javier Fontan, Grid & Virtualization Technology Engineer/Researcher
DSA Research Group: http://dsa-research.org
Globus GridWay Metascheduler: http://www.GridWay.org
OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org
More information about the Users
mailing list