From 39fd6f43873e6d314504f53dc4cb1c8a3a3cfbc3 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 28 Oct 2010 11:33:29 -0700 Subject: wip architecture, a few auth formatting fixes, binaries, and overview --- doc/source/architecture.rst | 20 ++++++------ doc/source/auth.rst | 45 ++++++++++++++------------- doc/source/binaries.rst | 53 ++++++++++++++++++++++++-------- doc/source/concepts.and.introduction.rst | 3 ++ doc/source/services.rst | 25 +++++++-------- 5 files changed, 91 insertions(+), 55 deletions(-) (limited to 'doc/source') diff --git a/doc/source/architecture.rst b/doc/source/architecture.rst index 11813d2c8..eba6cbfb8 100644 --- a/doc/source/architecture.rst +++ b/doc/source/architecture.rst @@ -1,6 +1,6 @@ .. Copyright 2010 United States Government as represented by the - Administrator of the National Aeronautics and Space Administration. + Administrator of the National Aeronautics and Space Administration. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -30,14 +30,16 @@ Below you will find a helpful explanation. :: - [ User Manager ] ---- ( LDAP ) - | - | / [ Storage ] - ( ATAoE ) - [ API server ] -> [ Cloud ] < AMQP > - | \ [ Nodes ] - ( libvirt/kvm ) - < HTTP > - | - [ S3 ] + [ Auth Manager ] ---- ( LDAP ) + | + | + | + | / [ Storage ] - ( ATAoE/iSCSI ) + [ Web Dashboard ] -> [ nova-api ] < AMQP > - + | \ [ Nodes ] - ( libvirt/kvm ) + < HTTP > + | + [ nova-objectstore ] * API: receives http requests from boto, converts commands to/from API format, and sending requests to cloud controller diff --git a/doc/source/auth.rst b/doc/source/auth.rst index 4d3037253..adcb759a2 100644 --- a/doc/source/auth.rst +++ b/doc/source/auth.rst @@ -24,7 +24,7 @@ from etherpad todo ------------------ :: - * FIX RST IMPORT ERRORS + * Manager * Driver * ldap @@ -65,46 +65,47 @@ Roles AWS API calls are traditionally secured via Access and Secret Keys, which are used to sign API calls, along with traditional timestamps to prevent replay attacks. The APIs can be logically grouped into sets that align with five typical roles: -* System User -* System Administrator +* Base User +* System Administrator/Developer (currently have the same permissions) * Network Administrator * Project Manager -* Cloud Administrator -* IT-Security +* Cloud Administrator/IT-Security (currently have the same permissions) There is an additional, conceptual end-user that may or may not have API access: * (EXTERNAL) End-user / Third-party User -Basic operations are available to any System User: +Basic operations are available to any : -* Launch Instance -* Terminate Instance (their own) -* Create keypair -* Delete keypair -* Create, Upload, Delete: Buckets and Keys (Object Store) – their own -* Create, Attach, Delete Volume (Block Store) – their own +* Describe Instances +* Describe Images +* Describe Volumes +* Describe Keypairs +* Create Keypair +* Delete Keypair +* Create, Upload, Delete: Buckets and Keys (Object Store) -System Administrators: +System Administrators/Developers/Project Manager: +* Create, Attach, Delete Volume (Block Store) +* Launch, Reboot, Terminate Instance * Register/Unregister Machine Image (project-wide) -* Change Machine Image properties (public / private) * Request / Review CloudAudit Scans +Project Manager: + +* Add and remove other users (currently no api) +* Set roles (currently no api) + Network Administrator: +* Change Machine Image properties (public / private) * Change Firewall Rules, define Security Groups * Allocate, Associate, Deassociate Public IP addresses -Project Manager: - -* Launch and Terminate Instances (project-wide) -* CRUD of Object and Block store (project-wide) - -Cloud Administrator: +Cloud Administrator/IT-Security: -* Register / Unregister Kernel and Ramdisk Images -* Register / Unregister Machine Image (any) +* All permissions Enhancements ------------ diff --git a/doc/source/binaries.rst b/doc/source/binaries.rst index 90a9581f7..6771f345e 100644 --- a/doc/source/binaries.rst +++ b/doc/source/binaries.rst @@ -1,6 +1,6 @@ .. Copyright 2010 United States Government as represented by the - Administrator of the National Aeronautics and Space Administration. + Administrator of the National Aeronautics and Space Administration. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -18,14 +18,43 @@ Nova Binaries =============== -* nova-api -* nova-compute -* nova-manage -* nova-objectstore -* nova-volume - -The configuration of these binaries relies on "flagfiles" using the google -gflags package. If present, the nova.conf file will be used as the flagfile -- otherwise, it must be specified on the command line:: - - $ python node_worker.py --flagfile flagfile +The configuration of these binaries relies on "flagfiles" using the google +gflags package:: + + $ nova-xxxxx --flagfile flagfile + +The binaries can all run on the same machine or be spread out amongst multiple boxes in a large deployment. + +nova-manage +----------- + +Nova manage is a command line utility to administer the system. It will autmatically try to load a flagfile from /etc/nova/nova-manage.conf to save you having to type it. Info on the commands can be found :ref:`here `. + +nova-api +-------- + +Nova api receives xml requests and sends them to the rest of the system. It is a wsgi app that routes and authenticate requests. It supports the ec2 and openstack apis. + +nova-objectstore +---------------- + +Nova objectstore is an ultra simple file-based storage system for images that replicates most of the S3 Api. It will soon be replaced with glance and a simple image manager. + +nova-compute +------------ + +Nova compute is responsible for managing virtual machines. It loads a Service object which exposes the public methods on ComputeManager via rpc. + +nova-volume +----------- + +Nova volume is responsible for managing attachable block storage devices. It loads a Service object which exposes the public methods on VolumeManager via rpc. + +nova-network +------------ + +Nova network is responsible for managing floating and fixed ips, dhcp, bridging and vlans. It loads a Service object which exposes the public methods on one of the subclasses of NetworkManager. Different networking strategies are as simple as changing the network_manager flag:: + + $ nova-network --network_manager=nova.network.manager.FlatManager + +IMPORTANT: Make sure that you also set the network_manager on nova-api and nova_compute, since make some calls to network manager in process instead of through rpc. More information on the interactions between services, managers, and drivers can be found :ref:`here ` diff --git a/doc/source/concepts.and.introduction.rst b/doc/source/concepts.and.introduction.rst index 76db9e9f2..7f4aa153c 100644 --- a/doc/source/concepts.and.introduction.rst +++ b/doc/source/concepts.and.introduction.rst @@ -135,6 +135,9 @@ Concept: Services * nova-network * nova-instancemonitor + +.. _manage_usage: + Concept: nova-manage -------------------- diff --git a/doc/source/services.rst b/doc/source/services.rst index 7ff8fa6c3..607f5974b 100644 --- a/doc/source/services.rst +++ b/doc/source/services.rst @@ -1,6 +1,6 @@ .. Copyright 2010 United States Government as represented by the - Administrator of the National Aeronautics and Space Administration. + Administrator of the National Aeronautics and Space Administration. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,17 +15,18 @@ License for the specific language governing permissions and limitations under the License. -Services -======== +.. _service_manager_driver: -Admin guide should go beyoned concepts & introduction by talking about how -each service interacts with each other, what requirements for deployment are, -monotoring, logging, etc +Services Managers and Drivers +============================= +Describe division of responsibilities for each component. -* nova-api -* nova-scheduler -* nova-compute -* nova-volume -* nova-network -* nova-instancemonitor +Service +------- + +Manager +------- + +Driver +------ -- cgit