[one-users] EC2 / cloud bursting - multiple AWS credentials

Stefan Kooman stefan at bit.nl
Thu Feb 20 13:57:52 PST 2014

Quoting Carlos Martín Sánchez (cmartin at opennebula.org):
> Hi Stefan,
> On Thu, Jan 30, 2014 at 7:52 AM, Stefan Kooman <stefan at bit.nl> wrote:
> > Hi,
> >
> > I was reading through Amazon EC2 prerequisites [1] which implies that
> > there can be only one set of AWS credentials per opennebula cloud. Is
> > that correct? This might not be a problem for a "private cloud" operated
> > by only one organisation / company. For a public cloud that want's to
> > leave room for 3rd party cloud bursting it is a problem. Ideally every
> > user / group should be able to provide his/her own credentials while
> > instantiating/creating a new vm. What is the reason to use a config file
> > for this instead of having this info in a template?
> >
> > Gr. Stefan
> >
> > [1]:
> >
> > http://docs.opennebula.org/4.4/advanced_administration/cloud_bursting/ec2g.html#prerequisites
> Actually you can define multiple ec2 accounts, see the Multi EC2
> Site/Region/Account section of that guide [1]. You can create a hybrid host
> for each group, and then adjust the permissions so each one can only deploy
> VMs in the host with the right credentials.

Ah, I see. Thanks for the pointer.
> We could come up with an ec2 driver that reads the credentials from the VM
> template, although I'm not sure how difficult it would be to make it work
> with the current code. Please open a feature request if the above multi
> account feature does not solve your use case.

Generally I would like to avoid having stuff hard coded in config files,
except for global settings / defaults. If you would like to give
(power)users the possibility to use cloud bursting it would make sense
that they are able to configure that by themselves. Then again, I might
be thinking the wrong way around. Instead of giving the posiblity to use
a public cloud from within OpenNebula, one might as well create a
virtual machine with OpenNebula installed just for that. And federate
with the cloud it is running on to manage "local" vm's ...  I've just
read about "vDCs", "Resource Providers" and "Groups". With that
functionality in mind, a public cloud might be a Resource Provider by
itself and therefore be partitioned by the Group Admin. Multiple public
clouds (Resource Providers) might be created this way, each one with
different properties and credentials. One thing that is breaking this
logic is that someone else than the "owner" (consumer that rents
resources) has to configure the Resource (enter the credentials / keys),
which doesn't make sense. Just thinking out loud here. I might have to
sleep over it for a day.

Gr. Stefan

| BIT BV  http://www.bit.nl/        Kamer van Koophandel 09090351
| GPG: 0xD14839C6                   +31 318 648 688 / info at bit.nl

More information about the Users mailing list