Versions Compared

Old Version 6

changes.mady.by.user deepti dohare

Saved on

compared with

New Version 7

changes.mady.by.user deepti dohare

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Dedicating a zone might be very expensive offering for several end-users whereas dedicating a pod/cluster/host may be more economical. This feature will allow root dmin to dedicate resources to a specific domain that /account  that needs private infrastructure for additional security or performance guarantees.

...

  1. Dedicated resources can only be used if service offering dedication flag is ON.
  2. If resources are exhausted within a domain, VM deployment should fail if the Implicit dedication flag is OFFON.

Configuration

  1. global configuration parameter addition: implicit.dedication.enable, default value for this is false.

...

  1. Only Root Admin will have the privilege to dedicate pod, cluster or host to specific domain or an account.
  2. If a user does not belong to a domain which has dedicated resources, he cannot access the pod, cluster or host dedicated to that domain/account.
  3. Users belonging to domain/account having dedicated resources, can access them but should not be allowed to modify.
  4. At this time, there is no requirement for the domain/sub-domain admins to manage the resource - the root admin will remain the owner of the resources
  5. Only Root Admin can add a service offering with "isdedicated" option enabled. 
  6. Only Root Admin can change the global parameter:  implicit.dedication.enable

Use Cases: 

...

Dedicating resources to Domain/Account:

Domain level accessibility of Pod/Cluster/Host:

Let D1 domain has SD1, SD2, SD3 sub-domains. A1 is the admin account, U2 is normal user account.

...

                                z2, p4, c4 

  1. Root Admin must should be able to dedicate a pod, cluster or host to any domain or sub-domain.
  2. Once a Zone is dedicated to a domain,  its pods and clusters will be dedicated to that domain eg: pod: p1 is dedicated to domain D1, clusters:c1, c11, c111 will be automatically dedicated to D1 by default.
  3. Users in Sub-Domains SD1, SD2, SD3 should be able to deploy vm in parent domain's clusters c1, c11, c111 or pod p1. 
  4. After dedicating pod p1 to domain D1, if further cluster c11 (in pod p1) is dedicated to SD3, then D1 or SD1 or SD2 should not be able to access c11. (Can SD3 use SD2, SD1 or D1's resources, verify)
  5. If another pod p2 is dedicated to SD1, then SD11, SD12 or D2 should not be able to access pod p2.
  6. Before dedicating a pod to a domain , check whether its zone is dedicated or not.
  7. Child Domain can access pod/cluster/host dedicated to parent domain, vice-versa is not (TBD).Account level accessibility:
  8. Once a pod/cluster/host is dedicated to an account, only users in that account can access it.
  9. No other user from different accounts  in the same domain or different domain can access the resources. 

VM Deployment

  1. If dedicated resources get exhausted for a domin/account, VM deployment will not fail unless shared resources has no free empty host, provided Implicit dedication flag: ON and service offering flag: ON.
  2. VMs that belong to two different offerings can be on the same host as long as they belong to the same account/domain . For e.g. If an instance is deployed by account user and : 
             a. If that account has dedicated resources, service offering flag "isdedicated" checked, then VM will be deployed on the dedicated host having VMs of same account or on the host which is empty.
             b. If that account has NO dedicated resources, service offering flag "isdedicated" checked then VM will be deployed on the host which is empty and that host will become dedicated to this account.
  3. The dedicated VM of other accounts (e.g. A2 or A3 ) of same domain or other domain, cannot use above host, but can use an empty host or host having vms of same account(A2 or A3). 
  4. If the service offering flag if OFF, the VM  will be deployed as CloudStack is doing now but should not use the host marked "dedicated for domain/account x".
  5. If no such host exists, VM operation should fail.

Architecture and Design description

...

  • createPod
  • updatePod
  • listPods 
  • addCluster
  • deleteCluster
  • updateCluster
  • listClusters
  • addHost
  • updateHost
  • listHosts

Domain Admin/Users APIs

  • listPods 
  • listClusters
  • listHosts

Request parameter addition:

...