[one-users] "onevm deploy" can force the deployment of VMs refused by scheduler

Borja Sotomayor borja at borjanet.com
Fri Dec 17 08:48:52 PST 2010 

Hi,

There is a ticket open for this:

http://dev.opennebula.org/issues/428

As suggested there, could we include a no-deploy policy with
OpenNebula so that admins can just select that policy, instead of
having to write a new policy?

On Fri, Dec 17, 2010 at 11:37 AM, Javier Fontan <jfontan at gmail.com> wrote:
> That is the intended behavior. It does not check for resource
> availability. This command is there so you can manually schedule VMs.
> Anyway I see your concern about users forcing the VM to be deployed
> even when the scheduler does not find a slot for it. Fortunately now
> we have auth plugins that can be easily modified to change the
> authorization of commands. You have more information on how to enable
> it in http://opennebula.org/documentation:rel2.0:auth. In
> $ONE_LOCATION/lib/ruby/simple_permissions.rb there is a function that
> holds the policy on actions:
>
> --8<------
>    # Authorizes each of the tokens. All parameters are strings. Pub
>    # means public when "1" and private when "0"
>    def auth_object(uid, object, id, action, owner, pub)
>        return true if uid=='0'
>
>        auth_result=false
>
>        case action
>        when 'CREATE'
>            auth_result=true if %w{VM NET IMAGE}.include? object
>
>            if @quota_enabled and object=='VM' and auth_result
>                STDERR.puts 'quota enabled'
>                @quota.update(uid.to_i)
>                if !@quota.check(uid.to_i, get_vm_usage(id))
>                    auth_result="Quota exceeded"
>                end
>            end
>
>        when 'DELETE'
>            auth_result = (owner == uid)
>
>        when 'USE'
>            if %w{VM NET IMAGE}.include? object
>                auth_result = ((owner == uid) | (pub=='1'))
>            elsif object == 'HOST'
>                auth_result=true
>            end
>
>        when 'MANAGE'
>            auth_result = (owner == uid)
>
>        when 'INFO'
>        end
>
>        return auth_result
>    end
> ------>8--
>
>
> You can change this function so DEPLOY is not permitted, something like this:
>
> --8<------
>    # Authorizes each of the tokens. All parameters are strings. Pub
>    # means public when "1" and private when "0"
>    def auth_object(uid, object, id, action, owner, pub)
>        return true if uid=='0'
>
>        auth_result=false
>
>        case action
>        when 'CREATE'
>            auth_result=true if %w{VM NET IMAGE}.include? object
>
>            if @quota_enabled and object=='VM' and auth_result
>                STDERR.puts 'quota enabled'
>                @quota.update(uid.to_i)
>                if !@quota.check(uid.to_i, get_vm_usage(id))
>                    auth_result="Quota exceeded"
>                end
>            end
>
>        when 'DELETE'
>            auth_result = (owner == uid)
>
>        when 'USE'
>            if %w{VM NET IMAGE}.include? object
>                auth_result = ((owner == uid) | (pub=='1'))
>            elsif object == 'HOST'
>                auth_result=true
>            end
>
>        when 'MANAGE'
>            auth_result = (owner == uid)
>
>        when 'DEPLOY'
>            auth_result = false
>
>        when 'INFO'
>        end
>
>        return auth_result
>    end
> ------>8--
>
> On Fri, Nov 26, 2010 at 8:23 AM, Zaina AFOULKI
> <zaina.afoulki at ensi-bourges.fr> wrote:
>> Hi,
>>
>> I'm testing a policy for the opennebula scheduler (for example Haizea)
>> where in some cases, even if the host has enough resources, the scheduler
>> can decline the lease. (and the VM shows as "pend" with onevm list).
>>
>> But I noticed that a user can then deploy it anyways with:
>> $onevm deploy 12 host01
>>
>> I was wondering if this behavior is normal? shouldn't opennebula show the
>> state "fail" for the VM instead of deploying it?
>>
>> What does the function onevm deploy do? does it check available resources
>> only? does it ignore the decision of the scheduler?
>>
>> --
>> Zaina
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
> --
> Javier Fontan, Grid & Virtualization Technology Engineer/Researcher
> DSA Research Group: http://dsa-research.org
> Globus GridWay Metascheduler: http://www.GridWay.org
> OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Borja Sotomayor

Scientific Writer, Computation Institute
Lecturer, Department of Computer Science
University of Chicago
http://people.cs.uchicago.edu/~borja/

Community Manager, OpenNebula project
http://www.opennebula.org/

More information about the Users mailing list