Web Interfaces
Ganeti Web Manager and others
- Guido Trotter <ultrotter@google.com>
- Helga Velroyen <helgav@google.com>
Latest version of these slides
Please find the latest version of these slides at:
Web Interfaces
- Ganeti web manager
- Overview
- Installation
- Usage
- Synnefo and okeanos
- Overview
- Quick demo
- ganetimgr web manager
- Overview
Ganeti Web Manager Overview
- Web-based management system
- Easier management: no commands to remember
- Delegate authority: enables "self-service management" for users
- A project of OSU Open Source Lab
- Written in Python using the Django web framework
- GPLv2
Users and Groups
- User/Group model (independent, not tied to LDAP, etc.)
- A user can be in any number of groups
- User/Groups have fine-grained settings on what they can/can't do
- Admin Permissions
- Control what a user/group can do on each cluster and instance
- Quota System
- Restrict resource usage by user or group
Cluster Permissions
| admin |
|
| create_vm | Grants ability to create virtual machines on the cluster. |
| tags | Grants ability to set tags on the cluster. |
| replace_disks | Ability to replace disks of VMs on the cluster. |
| migrate | Can migrate a VM to another node |
| export | Can export a virtual machine |
Instance Permissions
| admin | Full control |
| modify | Allows user to modify VM's settings, including reinstallation |
| remove | Permission to delete this VM |
| power | Permission to shutdown this VM |
| tags | Can set tags for this VM |
Quotas
- Restricts resources used by users and groups
- RAM
- disk space
- vCPUs
- Default quota for each cluster and user
- No quota == unlimited.
RBAC in a nutshell
- Assigning individuals access is nice, but gets messy fast.
- Use "role-based access control" (RBAC)
- Clusters should be owned by a group.
- Add people to the groups they should be able to administer.
- Instances should be owned by groups or a single user
- don't create a group if only one person will ever be in it
Ganeti Web Manager Dashboard
Cluster status
Create an instance
Instance being created
Connect to console
Ganeti Jobs
Behind the scenes
- Permissions are recorded by setting Ganeti tags on clusters and instances.
- Tags are cached in a local database for speed
Format:
GANETI_WEB_MANAGER:<permission>:[G|U]:<user_id>
Examples:
Admin permission for User with id 2:
GANETI_WEB_MANAGER:admin:U:2
Start permission for Group with id 4:
GANETI_WEB_MANAGER:start:G:4
Synnefo
- Open Source project to use Ganeti to build a complete private cloud solution
- Relatively new project with a lot of horsepower behind it.
- Project home:
- Documentation:
- Public cloud based on it:
Synnefo Components
- Identity Management (codename: astakos)
- Object Storage Service (codename: pithos+)
- Compute Service (codename: cyclades)
- Network Service (part of Cyclades)
- Image Registry (codename: plankton)
- Billing Service (codename: aquarium)
- Volume Storage Service (codename: archipelago)
Machines view
Networks view
Quick okeanos demo
Time to see it work!
ganetimgr web manager
- Simplified multicluster web manager geared at end users
- Original code of the Ganeti web manager, then evolved indepentently
- See http://ganetimgr.readthedocs.org/en/latest/
- Code at https://code.grnet.gr/projects/ganetimgr
Thank You!
Questions?
Survey at https://www.usenix.org/lisa13/training/survey
- © 2010 - 2013 Google
- Use under GPLv2+ or CC-by-SA
- Some images borrowed / modified from Lance Albertson and Iustin Pop
- Some slides were borrowed / modified from Tom Limoncelli
