Hi, Below is a fragment of an email from Csom Gyula which addressed many issues. Thijs ask to have this issue carved out and on a separate email thread. This fragment was in response to a proposal for text and graphical consoles as an occi resource. A Console Resource was proposed to help support features commonly found in private cloud implementations based on hypervisor and blade server configurations . After there was some support for the proposal, I elected to work out some use case details to ensure implementation practices and common architectural models were captured. The use cases would probably be better served in some sort of spreadsheet, but this is what I have for the moment. I'll follow up with diagrams if more interest is gained in the proposal. This is a work in progress and is likely to incorporate more detail within the next week Cheers gary Fragment from email by Csom Gyula "Re: [occi-wg] New revision of the spec:
[7] Graphics: I agree with Gary, console is a must:) His spec is definitve... here let me add just some notes: * We are using KVM/QEMU as the hypervisor so I can confirm that KVM/QEMU provides graphical terminal support, namely VNC:) * Security is an issue at least in two ways. First the terminal gives access to the running compute resource hence it needs password protection or such. Second the terminal access operates on the host level not on the vm level. That is the terminal address would be the IP of the physical host the vm is running on. Generally it is not a secure thing to give direct access to interna hostl infrastructure. For instance in our solution (currently in development) we use a VNC proxy that hides the internal locations. * Isn't occi.console.status the same as (or projection of) the socci.compute.status? It could be a useful information though. I guess it should be dinamically queried from the corresponding compute resource. * Either the console should be the part of the compute resource or it should link to the compute resource it belongs to, that is: * either console should be moved under the compute namespace (ie. occi.compute.console.xxx) * or there must be a bidirectional link between the two (occi.console.compute_link -> compute and occi.compute.console_link -> console or such)
Some good notes @Gary can you respond? How do you feel about the subject if those attributes are mandatory or optional? GM> I think part of the issue is our deployment use case model that is somewhat incomplete in terms of a console. *Computer **and Blade **Platform Use Cases* *Generalized **VM Execution **Use Cases* USE CASE] A VM executes on single computer platform with a single or multiple cpu cores. USE CASE] A VM executes on blade platform with a single or multiple cpu cores. *Generalized IO Console Configuration **Use Cases* USE CASE] A single computer platform supports one or more serial ports for console I/O USE CASE] A single compute platform supports one or more video outputs and one keyboard input USE CASE] A blade platform supports one or more serial ports for console I/O USE CASE] A blade platform supports one more video output and one keyboard input *Generalized IO Console Client to IO Console Server Connectivity Use Cases* USE CASE] A blade platform management controller presents blade's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows USE CASE] A blade platform management controller presents blade's serial ports via a network protocol including TELNET and SSH USE CASE] A KVM device controller presents single computer's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows USE CASE] A Terminal Server presents a single computer's serial ports via a network protocol including TELNET and SSH * *Hypervisor Software Use Cases** USE CASE] A Hypervisor Software executing on a single blade presents VM's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows USE CASE] A Hypervisor Software executing on a single blade presents a VM's serial ports via a network protocol including TELNET and SSH USE CASE] A Hypervisor Software executing on a single blade element presents VM's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows USE CASE] A Hypervisor Software executing on a single blade element presents a VM's serial ports via a network protocol including TELNET and SSH *IO Console Sharing Use Cases* USE CASE] More than one user may access a blade's platform management controller's presented blade's video outputs and keyboard inputs via a network (console instance sharing) USE CASE] More than one user may access a blade's platform management controller's presented blade's serial ports via a network (console instance sharing) USE CASE] More than one user may access a Terminal Server's presented single compute serial port via a network (console instance sharing) USE CASE] More than one user may access a KVM device's presented single compute serial port via a network (console instance sharing) *IO Console Configuration Use Cases* USE CASE] Network Address of Terminal Server's presented single computer's serial port can be set by VM configuration USE CASE] Network port number of Terminal Server's presented single computer's serial port can be set by VM configuration USE CASE] Network Address of Terminal Server's presented single computer's serial port can be set by Cloud Provider Administration USE CASE] Network port number of Terminal Server's presented single computer's serial port can be set by Cloud Provider Administration USE CASE] Network Address of Terminal Server's presented single computer's serial port can be read by Cloud User(s) though VM configuration USE CASE] Network port number of Terminal Server's presented single computer's serial port can be read by Cloud Provider Administration though VM configuration USE CASE] Terminal Server's Network Address presenting a single computer's serial port can be is common across all Terminal Server's serial ports USE CASE] Network Address of KVM's presented single computer's graphical console can be set by VM configuration USE CASE] Network port number of KVM's presented single computer's graphical console can be set by VM configuration USE CASE] Network Address of KVM's presented single computer's graphical console can be set by Private Cloud Administration USE CASE] Network port number of KVM's presented single computer's graphical console can be set by Cloud Provider Administration USE CASE] Network Address of KVM's presented single computer's graphical console can be read by Cloud User(s) though VM configuration USE CASE] Network port number of KVM's presented single computer's graphical console can be read by Cloud Provider Administration though VM configuration USE CASE] KVM's Network Address presenting a single computer's graphical console can be is common across all Terminal Server's serial ports USE CASE] Network Address of a blade's platform management controller's presented blade's serial port can be set by VM configuration USE CASE] Network port number of a blade's platform management controller's presented blade's serial port can be set by VM configuration USE CASE] Network Address of a blade's platform management controller's presented blade's serial port can be set by Cloud Provider Administration USE CASE] Network port number of a blade's platform management controller's presented blade's serial port can be set by Cloud Provider Administration USE CASE] Network Address of a blade's platform management controller's presented blade's serial port can be read by Cloud User(s) though VM configuration USE CASE] Network port number of a blade's platform management controller's presented blade's serial port can be read by Cloud Provider Administration though VM configuration USE CASE] Terminal Server's Network Address presenting a blade's serial port can be is common across all a blade's platform management controller's serial ports presented USE CASE] Network Address of a blade's platform management controller's presented blade's graphical console can be set by VM configuration USE CASE] Network port number of a blade's platform management controller's presented blade's graphical console can be set by VM configuration USE CASE] Network Address of a blade's platform management controller's presented blade's graphical console can be set by Cloud Provider Administration USE CASE] Network port number of a blade's platform management controller's presented blade's graphical console can be set by Cloud Provider Administration USE CASE] Network Address of a blade's platform management controller's presented blade's graphical console can be read by Cloud User(s) though VM configuration USE CASE] Network port number of a blade's platform management controller's presented blade's graphical console can be read by Cloud Provider Administration though VM configuration USE CASE] Terminal Server's Network Address presenting a blade's graphical console can be is common across all a blade's platform management controller's serial ports presented *IO Console Authentication Use Cases* USE CASE] A Terminal Server's presented single compute serial port has only one credential for all Private Cloud Administrators (user/customer) accessing the port USE CASE] A Terminal Server's presented single compute serial port has only one credential for each Private Cloud Administrator (user/customer) accessing the port USE CASE] A Terminal Server has only one credential for all Private Cloud Administrators (user/customer) accessing all presented single compute serial ports USE CASE] Terminal Server's presented single compute serial port's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] Terminal Server's presented single compute serial port's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] Terminal Server's presented single compute serial port's credentials can be set with a external management application by the Cloud Administrator USE CASE] Terminal Server's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] Terminal Server's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] Terminal Server's credentials can be set with a external management application by the Cloud Administrator USE CASE] A KVM's presented single computer's graphical console has only one credential for all Private Cloud Administrators (user/customer) accessing the port USE CASE] A KVM's presented single computer's graphical console has only one credential for each Private Cloud Administrator (user/customer) accessing the port USE CASE] A KVM has only one credential for all users accessing all presented computer's graphical consoles USE CASE] KVM's presented single computer's graphical console's credentials can be set with the VM configuration by the Cloud Administrator USE CASE] KVM's presented single computer's graphical console's credentials can be set with the VM configuration by the Private Cloud Administrators (user/customer) USE CASE] KVM's presented single computer's graphical console's credentials can be set with a external management application by the Cloud Administrator USE CASE] KVM's credentials can be set with the VM configuration by the Cloud Administrator USE CASE] KVM's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] KVM's credentials can be set with a external management application by the Cloud Administrator USE CASE] A blade's platform management controller's presented blade serial ports has only one credential for all Private Cloud Administrators (user/customer) accessing the port USE CASE] A blade's platform management controller's presented blade serial ports has only one credential for each Private Cloud Administrator (user/customer) accessing the port USE CASE] A blade's platform management controller has only one credential for all Private Cloud Administrators (user/customer) accessing all presented blade serial ports USE CASE] A blade's platform management controller's presented blade serial port's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] A blade's platform management controller's presented blades serial port's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] A blade's platform management controller's presented blade serial port's credentials can be set with a external management application by the Cloud Provider Administrator USE CASE] A blade's platform management controller's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] A blade's platform management controller's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] A blade's platform management controller's credentials can be set with a external management application by the Cloud Provider Administrator USE CASE] A blade's platform management controller's presented blade's graphical console has only one credential for all Private Cloud Administrators (user/customer) accessing the port USE CASE] A blade's platform management controller's presented blade's graphical console has only one credential for each Private Cloud Administrator (user/customer) accessing the port USE CASE] A blade's platform management controller has only one credential for all Private Cloud Administrators (user/customer) accessing all presented blade's graphical consoles USE CASE] A blade's platform management controller's presented blade's graphical console's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] A blade's platform management controller's presented blade's graphical console's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] A blade's platform management controller's presented blade's graphical console's credentials can be set with a external management application by the Cloud Provider Administrator USE CASE] A blade's platform management controller's credentials can be set with the VM configuration by the Cloud Provider Administrator USE CASE] A blade's platform management controller's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer) USE CASE] A blade's platform management controller's credentials can be set with a external management application by the Cloud Provider Administrator **Limits * *Desktop Virtualization created by the executing operating system in a VM is not in the scope of this use case model. **Comments:* * I'm looking into a more robust way of defining the security identifier and credentials , I'm also looking at an interoperable way to incorporate the configuration issues into OCCI. I put a proposal together if we all agree on the use cases. -------- Original Message -------- Subject: Re: IO Console Resource -- Infrastructure doc proposal Date: Wed, 04 Aug 2010 14:56:53 -0600 From: Gary Mazz <garymazzaferro@gmail.com> To: Andy Edmonds <andy.edmonds@gmail.com> CC: Thijs Metsch <tmetsch@platform.com>, "occi-wg@ogf.org" <occi-wg@ogf.org> References: <4C593B8D.7000103@gmail.com> <E2AC825D4FC7764DA86D9C8ECA27A2DE0420AFB8@catoexm05.noam.corp.platform.com> <4C598503.4090508@gmail.com> <AANLkTinWcmxnoEsNxhjBEJe59=Jbo3UjhwPFKVqiWFy9@mail.gmail.com> I thought I added the mailing list to the email thread. :0 I'll repost.. with the original pdf attached. -g Andy Edmonds wrote:
Please can this discussion happen on the mailing list - it goes completely against the grain of an "open community".
Andy andy.edmonds.be <http://andy.edmonds.be>
On Wed, Aug 4, 2010 at 18:19, Gary Mazz <garymazzaferro@gmail.com <mailto:garymazzaferro@gmail.com>> wrote:
State and Status good question..
State is an attribute set by the user to enable or disable the operation of the console instance. Status is the current operational disposition of the console instance.
I think this is a MUST. XEN, ESXi, VirtualBox will not configure a virtual machine without the console set. I'm not sure, but I also believe the same is true for qemu. Without the console, we exclude many private cloud configurations.
The big issue is what happens when the user moves a configuration (VM) to a provider that does not support the feature. What gets reported back ? Does the provider maintain the configuration (ala OVF like), but shows the instance status as an unsupported resource. Or, does the provider ignore the resource and report back "unknown" ? If the resource is ignored, how will that impact VM instance configuration changes and teleportability of the VM to another platform/provider ? Right now I cannot see resources or configurations being discarded just because the platform doesn't support the resource. Resources and configurations must be maintained, even though unsupported, to properly support teleportation.
-g
Thijs Metsch wrote:
Overall looks good...Just wondering why there is a state and status? one immutable and one mutable?
But would be cool if you could post it to the list as well...
Also we should try to figure out if this is a MUST, SHOULD or MAY section according to RFC2116...
Thanks Gary.
-Thijs
-----Original Message----- From: Gary Mazz [mailto:garymazzaferro@gmail.com <mailto:garymazzaferro@gmail.com>] Sent: Wed 04-Aug-10 12:06 To: Thijs Metsch; Andy Edmonds Cc: Subject: IO Console Resource -- Infrastructure doc proposal
Hi,
I've created a new section for the infrastructure document for the IO Console. The console is very important for virtual machine configurations.
I've attached the section for the document. Please review and comment if considered for inclusion.
-g