[one-users] use of IMAGE_ID and its ilk in 3.0

Carlos Martín Sánchez cmartin at opennebula.org
Mon Nov 7 06:22:29 PST 2011


Hi,

We have created a ticket for this feature. You can follow the development
and add comments in our development portal:

http://dev.opennebula.org/issues/966

Regards.
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>


2011/11/4 Thomas Higdon <thigdon at akamai.com>

> On Fri, Nov 04, 2011 at 07:00:21AM -0500, Carlos Martín Sánchez wrote:
> > Hi Chris,
> >
> > I think adding the owner is a good idea. However, the examples you
> provide rely
> > on the '/' separator, and currently that's a valid character for both
> user and
> > resource names.
> >
> > This is our suggested syntax to implement this:
> >
> > DISK = [ IMAGE        = "Ubuntu",
> >          IMAGE_UNAME  = "oneadmin" ]
> >
> > DISK = [ IMAGE        = "Ubuntu",
> >          IMAGE_UID    = 7 ]
> >
> > DISK = [ IMAGE        = "Ubuntu" ]
> >
> > DISK = [ IMAGE_ID     = 23 ]
> >
> > 1: use the Image named ubuntu, owned by the user named oneadmin.
> > 2: use the ubuntu Image owned by user with ID 7.
> > 3: use the ubuntu Image owned by the user instantiating the VM.
> > 4: use image with ID 23
>
> This has fleshed out the exact idea I was suggesting. Looks good to me.
>
> > 2011/11/3 Thomas Higdon <thigdon at akamai.com>
> >
> >     Another more radical suggestion is to do away with the template
> >     management system entirely, and switch to a system where the
> templates
> >     are derived directly from files that exist on the filesystem. This
> has a
> >     number of advantages I can see (if you're interested I'll explain
> >     further), but it might be more change than you're willing to go
> through
> >     at this point.
> >
> >
> > Regards.
> > --
> > Carlos Martín, MSc
> > Project Engineer
> > OpenNebula - The Open Source Toolkit for Data Center Virtualization
> > www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula
> >
> >
> > 2011/11/3 Chris Johnston <chjohnston at rim.com>
> >
> >     This issue has caused myself much frustration as well. Personally I
> prefer
> >     the suggestion of using both the owner and the resource name for
> specifying
> >     a resource. That should work for just about any use case and allows
> names
> >     to be used at any level with no confusion as to what resource is
> really
> >     being referenced. For example...
> >
> >     IMAGE = "oneadmin/generic"
> >     IMAGE = "dev01/virtapp"
> >     IMAGE = "user01/virtapp"
> >     IMAGE = "user01/custom"
> >
> >     ...and the same for NETWORK. It does add some overhead but it's a lot
> >     simpler than maintaining lists of IDs and constantly updating
> scripts.
> >
> >     -----Original Message-----
> >     From: users-bounces at lists.opennebula.org [mailto:
> >     users-bounces at lists.opennebula.org] On Behalf Of Thomas Higdon
> >     Sent: Thursday, November 03, 2011 12:36 PM
> >     To: Carlos Martín Sánchez
> >     Cc: users at lists.opennebula.org
> >     Subject: Re: [one-users] use of IMAGE_ID and its ilk in 3.0
> >
> >     Hi, it's good to know the ONE developers are so open to feedback
> about
> >     the way the system works. ONE seems great from what I've used so far.
> >
> >     The solution that you would propose would work fine for me, mostly
> >     because it looks like that for a single user, the templating system
> >     would work the same as it did for 2.2, which was ok with me.
> >
> >     I'm a little leery of the idea of ever forcing users to use IMAGE_ID
> or
> >     NETWORK_ID parameters. In my mind, forcing users to specify these in
> >     static template strings/files is equivalent to some Unix command-line
> >     tool asking a user to specify the inode number of a file rather than
> its
> >     name.
> >
> >     Here's a suggestion. Your database is basically a key-value store. In
> >     2.2, the only key you allowed is the name (in 3.0 it's only ID). I'd
> >     suggest that you allow more freedom in the specification of keys. You
> >     might ask users to specify a name for resources that they own. If
> they
> >     are asking for resources that they don't own, then they must also
> >     specify which user owns that resource, or perhaps which group. If
> >     there's ambiguity, then error on that.
> >
> >     Another suggestion I would make is to remove the NAME attribute from
> all
> >     templates (or make it optional) and allow users to specify a name on
> the
> >     command-line, defaulting to something reasonable, as is done now for
> >     template instantiation. That way, users who don't care what the name
> is
> >     don't need to specify it, and users who do care don't need to edit a
> >     text file to instantiate multiple instances of the same resource. I
> see
> >     this as being useful in a scenario where I want to create <x>
> read/write
> >     250GB disks for <x> VMs, but not necessarily create <x> template
> files,
> >     or edit one file <x> times.
> >
> >     At the end of the day, desirable behavior for me is to be able to
> create
> >     a set of static template files for networks, images and VMs, and be
> able
> >     to instantiate all of them in the proper order and have it just work.
> >     ONE 3.0 does not allow me to do that.
> >
> >     Another more radical suggestion is to do away with the template
> >     management system entirely, and switch to a system where the
> templates
> >     are derived directly from files that exist on the filesystem. This
> has a
> >     number of advantages I can see (if you're interested I'll explain
> >     further), but it might be more change than you're willing to go
> through
> >     at this point.
> >
> >     On Thu, Nov 03, 2011 at 08:55:30AM -0500, Carlos Martín Sánchez
> wrote:
> >     > Hi Thomas,
> >     >
> >     > Some users requested to let new resources use repeated names, see
> for
> >     instance
> >     > this thread [1]. This makes sense in deployments with a large
> number of
> >     users,
> >     > or in a multi-tenant scenario, where you don't want users having
> to try a
> >     > resource creation several times until they find a free name.
> >     >
> >     > We implemented this allowing repeated names, but only if they are
> not
> >     owned by
> >     > the same user. It was done this way so users can reference
> resources by
> >     name in
> >     > CLI commands, e.g. 'oneimage show my_img'.
> >     >
> >     > Since we released OpenNebula 3.0, some of you have complained
> about this
> >     > change, so let me try to explain why we decided to drop the NAME
> >     reference from
> >     > VM templates:
> >     >
> >     >
> >     > Lets say you want to use the VNet named "blue". In the worst case
> >     scenario, you
> >     > will have one "blue" network owned by you, several "blue" networks
> owned
> >     by
> >     > other people in your group, and several other "blue" networks
> owned by
> >     people
> >     > from other groups. You may, or may not, have rights to use the
> latter
> >     "blue"
> >     > networks outside your group.
> >     >
> >     > How does OpenNebula decide which "blue" network do you want to
> use? At
> >     first
> >     > sight, you could try to arrange them by priority: your VNet has
> comes
> >     first,
> >     > then VNets from your group, and then VNets from other groups. This
> >     presents a
> >     > lot of problems:
> >     >
> >     > You can have at most one "blue" network, but what happens if you
> are
> >     > instantiating a public template created by other user in your
> group?
> >     > Maybe the template was prepared by "boss_user", who owns a "blue"
> VNet
> >     with
> >     > addresses in the 192.169.10.0 network. But you own another "blue"
> VNet
> >     with
> >     > base address 192.168.30.0. The user will expect his VNets to have
> greater
> >     > priority, but then the VM will be created in a different VNet than
> the
> >     one
> >     > intended by "boss_user".
> >     >
> >     > If you don't own any "blue" network, you may create a template
> that uses
> >     a
> >     > public one owned by other user in your group. If it is the only
> "blue"
> >     network
> >     > in the group, then you template will work fine, until somebody else
> >     decides to
> >     > publish another "blue" network in the same group. From that moment,
> >     OpenNebula
> >     > would have to guess, or just refuse to instantiate that template
> that was
> >     > working fine before.
> >     >
> >     >
> >     > In the end, we could implement a priority and do our best to
> document it,
> >     but
> >     > we though that would cause a lot of confusion. The easiest
> solution was
> >     to
> >     > force the usage of IDs, what didn't look to us like a really
> limiting
> >     > requirement.
> >     >
> >     >
> >     >
> >     > After reading your feedback, we are considering to bring back the
> NAME
> >     > reference in VM templates for version 3.2.
> >     > We think the most robust and easier to understand behaviour is the
> >     following
> >     > one:
> >     >
> >     > * Allow to use NAME to reference only resources owned by the user
> >     instantiating
> >     > the VM.
> >     > * If the template is intended to be shared with other users, then
> it must
> >     use
> >     > the IMAGE_ID and NETWORK_ID attributes.
> >     >
> >     >
> >     > To all community members intersested in this issue, please share
> your
> >     thoughts.
> >     > What do you think about this? Would it be enough for your
> use-cases?
> >     Would you
> >     > address this issue differently?
> >     >
> >     >
> >     > Regards.
> >     >
> >     > [1] http://lists.opennebula.org/pipermail/users-opennebula.org/
> >     2010-October/
> >     > 002924.html
> >     >
> >     > --
> >     > Carlos Martín, MSc
> >     > Project Engineer
> >     > OpenNebula - The Open Source Toolkit for Data Center Virtualization
> >     > www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula
> >     >
> >     >
> >     > On Tue, Nov 1, 2011 at 6:12 PM, Thomas Higdon <thigdon at akamai.com>
> wrote:
> >     >
> >     >     In 2.2, in a VM template, I could specify an image for a disk
> that
> >     was
> >     >     in the image repository by using IMAGE = <name>. This behavior
> >     appears
> >     >     to have been removed in 3.0, in favor of using IMAGE_ID =
> <id>, where
> >     >     <id> is an arbitrary number assigned by the opennebula system.
> >     >
> >     >     This change in behavior seems kind of limiting. Before, I could
> >     create
> >     >     an image with a certain name, and then instantiate a VM
> template that
> >     >     had a disk that used that name. Now, in order to get that same
> >     behavior,
> >     >     I must instantiate the image, note the ID returned, and then
> rewrite
> >     my
> >     >     VM template to use that ID in its DISK attribute, then
> instantiate
> >     it.
> >     >     This is also true of virtual networks.
> >     >
> >     >     Is there something I'm missing with respect to how VM
> templates are
> >     >     instantiated with respect to images? Is there any workaround
> that
> >     will
> >     >     allow the old behavior? Why was this change made?
> >     >     _______________________________________________
> >     >     Users mailing list
> >     >     Users at lists.opennebula.org
> >     >     http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >     >
> >     >
> >     _______________________________________________
> >     Users mailing list
> >     Users at lists.opennebula.org
> >     http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
> >     ---------------------------------------------------------------------
> >     This transmission (including any attachments) may contain
> confidential
> >     information, privileged material (including material protected by the
> >     solicitor-client or other applicable privileges), or constitute
> non-public
> >     information. Any use of this information by anyone other than the
> intended
> >     recipient is prohibited. If you have received this transmission in
> error,
> >     please immediately reply to the sender and delete this information
> from
> >     your system. Use, dissemination, distribution, or reproduction of
> this
> >     transmission by unintended recipients is not authorized and may be
> >     unlawful.
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111107/6c1afc02/attachment-0001.htm>


More information about the Users mailing list