Hi,
Below is a fragment of an email from Csom Gyula which addressed many
issues. Thijs ask to have this issue carved out and on a separate
email thread. This fragment was in response to a proposal for text and
graphical consoles as an occi resource.
A Console Resource was proposed to help support features commonly found
in private cloud implementations based on hypervisor and blade server
configurations . After there was some support for the proposal, I
elected to work out some use case details to ensure implementation
practices and common architectural models were captured. The use
cases would probably be better served in some sort of spreadsheet, but
this is what I have for the moment. I'll follow up with diagrams if
more interest is gained in the proposal.
This is a work in progress and is likely to incorporate more detail
within the next week
Cheers
gary
Fragment from email by Csom Gyula "Re: [occi-wg] New revision of the
spec:
[7] Graphics: I agree with Gary, console is a
must:) His spec is definitve... here let me add just
some notes:
* We are using KVM/QEMU as the hypervisor so I can confirm that
KVM/QEMU provides graphical terminal support, namely VNC:)
* Security is an issue at least in two ways. First the terminal gives
access to the running compute resource hence it needs password
protection or such. Second the terminal
access operates on the host level not on the vm level. That is the
terminal address would
be the IP of the physical host the vm is running on. Generally it is
not a secure thing
to give direct access to interna hostl infrastructure. For instance
in our solution (currently in development) we use a VNC proxy that
hides the internal locations.
* Isn't occi.console.status the same as (or projection of) the
socci.compute.status? It could
be a useful information though. I guess it should be dinamically
queried from the corresponding
compute resource.
* Either the console should be the part of the compute resource or it
should link to the compute resource it belongs to, that is:
* either console should be moved under the compute namespace (ie.
occi.compute.console.xxx)
* or there must be a bidirectional link between the two
(occi.console.compute_link -> compute
and occi.compute.console_link -> console or such)
Some good notes @Gary can you respond?
How do you feel about the subject if those attributes are mandatory or
optional?
GM>
I think part of the issue is our deployment use case model that is
somewhat incomplete in terms of a console.
*Computer
**and Blade **Platform Use Cases*
*Generalized
**VM Execution **Use Cases*
USE CASE] A VM executes on single computer platform with a single or
multiple cpu cores.
USE CASE] A VM executes on blade platform with a single or multiple cpu
cores.
*Generalized
IO Console Configuration **Use Cases*
USE CASE] A single computer platform supports one or more serial ports
for console I/O
USE CASE] A single compute platform supports one or more video outputs
and one keyboard input
USE CASE] A blade platform supports one or more serial ports for
console I/O
USE CASE] A blade platform supports one more video output and one
keyboard input
*Generalized
IO Console Client to IO Console Server Connectivity Use Cases*
USE CASE] A blade platform management controller presents blade's video
outputs and keyboard inputs via a network protocol including VNC, RDP
and XWindows
USE CASE] A blade platform management controller presents blade's
serial ports via a network protocol including TELNET and SSH
USE CASE] A KVM device controller presents single computer's video
outputs and keyboard inputs via a network protocol including VNC, RDP
and XWindows
USE CASE] A Terminal Server presents a single computer's serial ports
via a network protocol including TELNET and SSH
*
Hypervisor Software Use Cases*
USE CASE] A Hypervisor Software executing on a single blade presents
VM's video outputs and keyboard inputs via a network protocol including
VNC, RDP and XWindows
USE CASE] A Hypervisor Software executing on a single blade presents a
VM's serial ports via a network protocol including TELNET and SSH
USE CASE] A Hypervisor Software executing on a single blade element
presents VM's video outputs and keyboard inputs via a network protocol
including VNC, RDP and XWindows
USE CASE] A Hypervisor Software executing on a single blade element
presents a VM's serial ports via a network protocol including TELNET
and SSH
*IO Console
Sharing Use Cases*
USE CASE] More than one user may access a blade's platform management
controller's presented blade's video outputs and keyboard inputs via a
network (console instance sharing)
USE CASE] More than one user may access a blade's platform management
controller's presented blade's serial ports via a network (console
instance sharing)
USE CASE] More than one user may access a Terminal Server's presented
single compute serial port via a network (console instance sharing)
USE CASE] More than one user may access a KVM device's presented single
compute serial port via a network (console instance sharing)
*IO Console
Configuration Use Cases*
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be set by VM configuration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be set by VM configuration
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be set by Cloud Provider Administration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be set by Cloud Provider Administration
USE CASE] Network Address of Terminal Server's presented single
computer's serial port can be read by Cloud User(s) though VM
configuration
USE CASE] Network port number of Terminal Server's presented single
computer's serial port can be read by Cloud Provider Administration
though VM configuration
USE CASE] Terminal Server's Network Address presenting a single
computer's serial port can be is common across all Terminal Server's
serial ports
USE CASE] Network Address of KVM's presented single computer's
graphical console can be set by VM configuration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be set by VM configuration
USE CASE] Network Address of KVM's presented single computer's
graphical console can be set by Private Cloud Administration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be set by Cloud Provider Administration
USE CASE] Network Address of KVM's presented single computer's
graphical console can be read by Cloud User(s) though VM configuration
USE CASE] Network port number of KVM's presented single computer's
graphical console can be read by Cloud Provider Administration though
VM configuration
USE CASE] KVM's Network Address presenting a single computer's
graphical console can be is common across all Terminal Server's serial
ports
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be set by VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be set by VM
configuration
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be set by Cloud Provider
Administration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be set by Cloud Provider
Administration
USE CASE] Network Address of a blade's platform management controller's
presented blade's serial port can be read by Cloud User(s) though VM
configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's serial port can be read by Cloud
Provider Administration though VM configuration
USE CASE] Terminal Server's Network Address presenting a blade's serial
port can be is common across all a blade's platform management
controller's serial ports presented
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be set by VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be set by VM
configuration
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be set by Cloud Provider
Administration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be set by Cloud
Provider Administration
USE CASE] Network Address of a blade's platform management controller's
presented blade's graphical console can be read by Cloud User(s) though
VM configuration
USE CASE] Network port number of a blade's platform management
controller's presented blade's graphical console can be read by Cloud
Provider Administration though VM configuration
USE CASE] Terminal Server's Network Address presenting a blade's
graphical console can be is common across all a blade's platform
management controller's serial ports presented
*IO Console
Authentication Use Cases*
USE CASE] A Terminal Server's presented single compute serial port has
only one credential for all Private Cloud Administrators
(user/customer) accessing the port
USE CASE] A Terminal Server's presented single compute serial port has
only one credential for each Private Cloud Administrator
(user/customer) accessing the port
USE CASE] A Terminal Server has only one credential for all Private
Cloud Administrators (user/customer) accessing all presented single
compute serial ports
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with the VM configuration by the Cloud Provider
Administrator
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with the VM configuration by the Private Cloud
Administrator (user/customer)
USE CASE] Terminal Server's presented single compute serial port's
credentials can be set with a external management application by the
Cloud Administrator
USE CASE] Terminal Server's credentials can be set with the VM
configuration by the Cloud Provider Administrator
USE CASE] Terminal Server's credentials can be set with the VM
configuration by the Private Cloud Administrator (user/customer)
USE CASE] Terminal Server's credentials can be set with a external
management application by the Cloud Administrator
USE CASE] A KVM's presented single computer's graphical console has
only one credential for all Private Cloud Administrators
(user/customer) accessing the port
USE CASE] A KVM's presented single computer's graphical console has
only one credential for each Private Cloud Administrator
(user/customer) accessing the port
USE CASE] A KVM has only one credential for all users accessing all
presented computer's graphical consoles
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with the VM configuration by the Cloud
Administrator
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with the VM configuration by the Private Cloud
Administrators (user/customer)
USE CASE] KVM's presented single computer's graphical console's
credentials can be set with a external management application by the
Cloud Administrator
USE CASE] KVM's credentials can be set with the VM configuration by the
Cloud Administrator
USE CASE] KVM's credentials can be set with the VM configuration by the
Private Cloud Administrator (user/customer)
USE CASE] KVM's credentials can be set with a external management
application by the Cloud Administrator
USE CASE] A blade's platform management controller's presented blade
serial ports has only one credential for all Private Cloud
Administrators (user/customer) accessing the port
USE CASE] A blade's platform management controller's presented blade
serial ports has only one credential for each Private Cloud
Administrator (user/customer) accessing the port
USE CASE] A blade's platform management controller has only one
credential for all Private Cloud Administrators (user/customer)
accessing all presented blade serial ports
USE CASE] A blade's platform management controller's presented blade
serial port's credentials can be set with the VM configuration by the
Cloud Provider Administrator
USE CASE] A blade's platform management controller's presented blades
serial port's credentials can be set with the VM configuration by the
Private Cloud Administrator (user/customer)
USE CASE] A blade's platform management controller's presented blade
serial port's credentials can be set with a external management
application by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Private Cloud Administrator
(user/customer)
USE CASE] A blade's platform management controller's credentials can be
set with a external management application by the Cloud Provider
Administrator
USE CASE] A blade's platform management controller's presented blade's
graphical console has only one credential for all Private Cloud
Administrators (user/customer) accessing the port
USE CASE] A blade's platform management controller's presented blade's
graphical console has only one credential for each Private Cloud
Administrator (user/customer) accessing the port
USE CASE] A blade's platform management controller has only one
credential for all Private Cloud Administrators (user/customer)
accessing all presented blade's graphical consoles
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with the VM configuration by
the Cloud Provider Administrator
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with the VM configuration by
the Private Cloud Administrator (user/customer)
USE CASE] A blade's platform management controller's presented blade's
graphical console's credentials can be set with a external management
application by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Cloud Provider Administrator
USE CASE] A blade's platform management controller's credentials can be
set with the VM configuration by the Private Cloud Administrator
(user/customer)
USE CASE] A blade's platform management controller's credentials can be
set with a external management application by the Cloud Provider
Administrator
*Limits
*Desktop Virtualization created by the executing operating system in a
VM is not in the scope of this use case model.
*Comments:*
I'm looking into a more robust way of defining the security identifier
and credentials ,
I'm also looking at an interoperable way to incorporate the
configuration issues into OCCI. I put a proposal together if we all
agree on the use cases.
-------- Original Message --------
I thought I added the mailing list to the email thread. :0
I'll repost.. with the original pdf attached.
-g
Andy Edmonds wrote:
> Please can this discussion happen on the mailing list - it goes
> completely against the grain of an "open community".
>
> Andy
> andy.edmonds.be <http://andy.edmonds.be>
>
>
> On Wed, Aug 4, 2010 at 18:19, Gary Mazz <garymazzaferro@gmail.com
> <mailto:garymazzaferro@gmail.com>> wrote:
>
>
> State and Status good question..
>
> State is an attribute set by the user to enable or disable the
> operation of the console instance.
> Status is the current operational disposition of the console instance.
>
> I think this is a MUST. XEN, ESXi, VirtualBox will not configure a
> virtual machine without the console set. I'm not sure, but I also
> believe the same is true for qemu. Without the console, we exclude
> many private cloud configurations.
>
> The big issue is what happens when the user moves a configuration
> (VM) to a provider that does not support the feature. What gets
> reported back ? Does the provider maintain the configuration
> (ala OVF like), but shows the instance status as an unsupported
> resource. Or, does the provider ignore the resource and report
> back "unknown" ? If the resource is ignored, how will that
> impact VM instance configuration changes and teleportability of
> the VM to another platform/provider ? Right now I cannot see
> resources or configurations being discarded just because the
> platform doesn't support the resource. Resources and
> configurations must be maintained, even though unsupported, to
> properly support teleportation.
>
> -g
>
>
>
> Thijs Metsch wrote:
>
>
> Overall looks good...Just wondering why there is a state and
> status? one immutable and one mutable?
>
> But would be cool if you could post it to the list as well...
>
> Also we should try to figure out if this is a MUST, SHOULD or
> MAY section according to RFC2116...
>
> Thanks Gary.
>
> -Thijs
>
> -----Original Message-----
> From: Gary Mazz [mailto:garymazzaferro@gmail.com
> <mailto:garymazzaferro@gmail.com>]
> Sent: Wed 04-Aug-10 12:06
> To: Thijs Metsch; Andy Edmonds
> Cc: Subject: IO Console Resource -- Infrastructure
> doc proposal
>
> Hi,
>
> I've created a new section for the infrastructure document
> for the IO
> Console. The console is very important for virtual machine
> configurations.
>
> I've attached the section for the document. Please review and
> comment if
> considered for inclusion.
>
> -g
>
>
>
>
>