Re: [one-users] EC2 / cloud bursting - multiple AWS credentials
Hi, On Thu, Feb 20, 2014 at 10:57 PM, Stefan Kooman ste...@bit.nl wrote: We could come up with an ec2 driver that reads the credentials from the VM template, although I'm not sure how difficult it would be to make it work with the current code. Please open a feature request if the above multi account feature does not solve your use case. Generally I would like to avoid having stuff hard coded in config files, except for global settings / defaults. If you would like to give (power)users the possibility to use cloud bursting it would make sense that they are able to configure that by themselves. It kind of crashes with the notion that the cloud admin configures the infrastructure, and then allows the users to use some parts of it. But with the driver I described we could allow the users to enter their ec2 credentials as a user template attribute, and make the VMs inherit them. We would then have only one Host with this new ec2 driver, reading those credentials from the VM being deployed. Then again, I might be thinking the wrong way around. Instead of giving the posiblity to use a public cloud from within OpenNebula, one might as well create a virtual machine with OpenNebula installed just for that. And federate with the cloud it is running on to manage local vm's ... That's... too much cloud Inception. The federation to be included in 4.6 will be a tight integration, not a cloud bursting like scenario. All OpenNebulas will share the same users and groups. If you create a VM with an OpenNebula for a user, and then federate it with the main OpenNebula, you are effectively giving him the keys to your oneadmin account. I've just read about vDCs, Resource Providers and Groups. With that functionality in mind, a public cloud might be a Resource Provider by itself and therefore be partitioned by the Group Admin. Multiple public clouds (Resource Providers) might be created this way, each one with different properties and credentials. One thing that is breaking this logic is that someone else than the owner (consumer that rents resources) has to configure the Resource (enter the credentials / keys), which doesn't make sense. Just thinking out loud here. I might have to sleep over it for a day. Gr. Stefan Exactly. Although the new vDC relies on existing features like groups, clusters and ACL rules, I believe it will make it much easier to partition and re-assign infrastructure resources. You can create a Host for each public cloud (which can be all pointing to ec2 with different credentials), and divide them into Clusters. Then you can assign cloudbursting resources (as vDC Resource Providers) to your Groups. Regards -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] EC2 / cloud bursting - multiple AWS credentials
Quoting Carlos Martín Sánchez (cmar...@opennebula.org): Hi Stefan, On Thu, Jan 30, 2014 at 7:52 AM, Stefan Kooman ste...@bit.nl wrote: Hi, I was reading through Amazon EC2 prerequisites [1] which implies that there can be only one set of AWS credentials per opennebula cloud. Is that correct? This might not be a problem for a private cloud operated by only one organisation / company. For a public cloud that want's to leave room for 3rd party cloud bursting it is a problem. Ideally every user / group should be able to provide his/her own credentials while instantiating/creating a new vm. What is the reason to use a config file for this instead of having this info in a template? Gr. Stefan [1]: http://docs.opennebula.org/4.4/advanced_administration/cloud_bursting/ec2g.html#prerequisites Actually you can define multiple ec2 accounts, see the Multi EC2 Site/Region/Account section of that guide [1]. You can create a hybrid host for each group, and then adjust the permissions so each one can only deploy VMs in the host with the right credentials. Ah, I see. Thanks for the pointer. We could come up with an ec2 driver that reads the credentials from the VM template, although I'm not sure how difficult it would be to make it work with the current code. Please open a feature request if the above multi account feature does not solve your use case. Generally I would like to avoid having stuff hard coded in config files, except for global settings / defaults. If you would like to give (power)users the possibility to use cloud bursting it would make sense that they are able to configure that by themselves. Then again, I might be thinking the wrong way around. Instead of giving the posiblity to use a public cloud from within OpenNebula, one might as well create a virtual machine with OpenNebula installed just for that. And federate with the cloud it is running on to manage local vm's ... I've just read about vDCs, Resource Providers and Groups. With that functionality in mind, a public cloud might be a Resource Provider by itself and therefore be partitioned by the Group Admin. Multiple public clouds (Resource Providers) might be created this way, each one with different properties and credentials. One thing that is breaking this logic is that someone else than the owner (consumer that rents resources) has to configure the Resource (enter the credentials / keys), which doesn't make sense. Just thinking out loud here. I might have to sleep over it for a day. Gr. Stefan -- | BIT BV http://www.bit.nl/Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / i...@bit.nl ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] EC2 / cloud bursting - multiple AWS credentials
Hi Stefan, On Thu, Jan 30, 2014 at 7:52 AM, Stefan Kooman ste...@bit.nl wrote: Hi, I was reading through Amazon EC2 prerequisites [1] which implies that there can be only one set of AWS credentials per opennebula cloud. Is that correct? This might not be a problem for a private cloud operated by only one organisation / company. For a public cloud that want's to leave room for 3rd party cloud bursting it is a problem. Ideally every user / group should be able to provide his/her own credentials while instantiating/creating a new vm. What is the reason to use a config file for this instead of having this info in a template? Gr. Stefan [1]: http://docs.opennebula.org/4.4/advanced_administration/cloud_bursting/ec2g.html#prerequisites Actually you can define multiple ec2 accounts, see the Multi EC2 Site/Region/Account section of that guide [1]. You can create a hybrid host for each group, and then adjust the permissions so each one can only deploy VMs in the host with the right credentials. We could come up with an ec2 driver that reads the credentials from the VM template, although I'm not sure how difficult it would be to make it work with the current code. Please open a feature request if the above multi account feature does not solve your use case. Regards [1] http://docs.opennebula.org/4.4/advanced_administration/cloud_bursting/ec2g.html#multi-ec2-site-region-account-support -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org