[one-users] EC2 / cloud bursting - multiple AWS credentials

Carlos Martín Sánchez cmartin at opennebula.org
Fri Feb 21 02:33:22 PST 2014


On Thu, Feb 20, 2014 at 10:57 PM, Stefan Kooman <stefan at bit.nl> wrote:
>  > We could come up with an ec2 driver that reads the credentials from the
> VM
> > template, although I'm not sure how difficult it would be to make it work
> > with the current code. Please open a feature request if the above multi
> > account feature does not solve your use case.
> Generally I would like to avoid having stuff hard coded in config files,
> except for global settings / defaults. If you would like to give
> (power)users the possibility to use cloud bursting it would make sense
> that they are able to configure that by themselves.

It kind of crashes with the notion that the cloud admin configures the
infrastructure, and then allows the users to use some parts of it.

But with the driver I described we could allow the users to enter their ec2
credentials as a user template attribute, and make the VMs inherit them. We
would then have only one Host with this new ec2 driver, reading those
credentials from the VM being deployed.

Then again, I might
> be thinking the wrong way around. Instead of giving the posiblity to use
> a public cloud from within OpenNebula, one might as well create a
> virtual machine with OpenNebula installed just for that. And federate
> with the cloud it is running on to manage "local" vm's ...

That's... too much cloud Inception. The federation to be included in 4.6
will be a tight integration, not a cloud bursting like scenario. All
OpenNebulas will share the same users and groups. If you create a VM with
an OpenNebula for a user, and then federate it with the main OpenNebula,
you are effectively giving him the keys to your oneadmin account.

>  I've just
> read about "vDCs", "Resource Providers" and "Groups". With that
> functionality in mind, a public cloud might be a Resource Provider by
> itself and therefore be partitioned by the Group Admin. Multiple public
> clouds (Resource Providers) might be created this way, each one with
> different properties and credentials. One thing that is breaking this
> logic is that someone else than the "owner" (consumer that rents
> resources) has to configure the Resource (enter the credentials / keys),
> which doesn't make sense. Just thinking out loud here. I might have to
> sleep over it for a day.
> Gr. Stefan

Exactly. Although the new vDC relies on existing features like groups,
clusters and ACL rules, I believe it will make it much easier to partition
and re-assign infrastructure resources.

You can create a Host for each public cloud (which can be all pointing to
ec2 with different credentials), and divide them into Clusters. Then you
can assign cloudbursting resources (as vDC Resource Providers) to your

Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org |
@OpenNebula <http://twitter.com/opennebula>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140221/8836ff94/attachment-0002.htm>

More information about the Users mailing list