Jump to: navigation, search

Senlin

Revision as of 03:30, 19 March 2015 by Yanyan Hu (talk | contribs) (Development)


OpenStack Clustering

The mission of the OpenStack Clustering project is to create a service for managing the homogeneous objects exposed by other services in an OpenStack cloud.

Senlin

Senlin provides a clustering service to create and manage objects of the same nature, e.g. Nova servers, Heat stacks, Cinder volumes, etc. The collection of these objects is referred to as a cluster. Senlin abstracts the physical objects as nodes, which can belong to any cluster of the same type. Senlin supports object creation, deletion and update via a concept called Profile. Each profile is in essential a driver to communicate with certain services for object manipulation.

With Senlin, user can attach a policy to a cluster and enforce it, or detach it from a cluster. Some built-in policies are provided to meet requirements such as auto-scaling, load-balancing, high-availability etc.

Senlin provides an OpenStack-native ReST API and a command line interface tool to other services and the users.

How it works

  • A Senlin profile describes the information needed to create a node (or a cluster). A user will create a profile via Senlin first. Different profile types talk to different backend drivers.
  • The profile then can be used to create a node or a cluster.
  • The cluster membership can be changed by explicit adding or removal of nodes, or by a scale-in/out operation.
  • User can instruct a node to join a cluster or leave its current cluster.
  • A Senlin policy describes certain rules that will be checked and enforced.
  • (TBC)

Architecture

Senlin comprises a number of Python applications:

senlin

The senlin tool is a CLI tool.

senlin-api

The senlin-api component provides an OpenStack-native ReST API.

senlin-engine

The senlin engine does the main work of managing clusters, nodes, profiles, policies, actions, events and webhooks.

Development

Privilege management:
The basic idea is a framework similar to Linux privilege management: e.g. the owner can show, delete and update a cluster; the user in the same group can only show the cluster; users belong to other groups even can't see this cluster.

  • A keystone project will be created for each cluster, the *admin* role of this project is added to the owner user;
  • If a owner of a cluster want to share a cluster to new user, the *Member* role of the cluster project will be added to the new user;
  • Only the owner user can share cluster to another user;
  • Normal user of the cluster can invoke all action interfaces like, scaling, attach_policy, (bond webhook).
  • If the owner want to change owner of its cluster, its admin role of this cluster project will be remove and given to the new owner;


We may need to extend current senlin.common.policy module to support following check of a API request to *Cluster* resource: 

 1. check whether this user has some roles(member, admin)  in this cluster’s project, if not, reject directly, else, pass;
 2. check what role this user has and decide whether allow to do the action(using openstack.common.policy, oslo_policy);


Node doesn’t have any project info before being added to a cluster. Only the node’s owner(project_id=project_id) can manipulate it. After being added to a cluster, it will use the cluster project_id as its project_id to do above check for actions(sharing). (Or we don’t allow node sharing?)
Only do normal check(is_admin or is_owner) for other senlin resources, like policy, profile. Don’t allow sharing, changing owner of them.

Directly using keystone project/role to implement this.

Get involved

IRC

The developers use IRC in #senlin on Freenode for development discussion.

Meetings

[TBD]

Mailing list

Discussions about Senlin happens on the openstack-dev mailing list. Please use the tag [Senlin] in the subject line for new threads.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Senlin&oldid=75910"