parallelvirtualcluster
/
pvc
1
0
Fork 0
Code Issues 11 Pull Requests Projects Releases 111 Wiki Activity

Support uploading volume images to cluster #68

New Issue
Closed
opened 2020-01-08 20:53:18 -05:00 by JoshuaBoniface · 13 comments
JoshuaBoniface commented 2020-01-08 20:53:18 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

To help facilitate running arbitrary VMs and bypassing (most of) the provisioner, PVC should support uploading of arbitrary disk image files to the cluster.

As-is, there are a few options for how to go about this.

The Options

Node-local only

This way only allows uploading files that are actually present on the (primary) PVC node, but requires minimal changes to the logic of PVC's handling of Ceph volumes.

The administrator/user of the API (and via it the CLI as well) would pass a path to a node-local file to the client, which would then pass it on via the /cmd/ceph pipe in Zookeeper, as all current Ceph commands do, to the (primary) node daemon, which could then perform the required functions (analyzing, converting to raw format, creating Ceph volumes, writing the image to mapped Ceph volumes, etc.).

Pros

  • Uses existing PVC functionality.
  • No client-side file handling at all.
  • Somewhat limits "malicious" uploads, since SSH access to the cluster nodes would be required.
  • Could easily implement a fetch-via-HTTP/FTP option based on the "file" path to grab images from remote locations.

Cons

  • Can not use the CLI client on an arbitrary machine to upload an image on that machine.
  • Requires giving SSH access to the cluster to anyone wanting to upload images.
  • Requires more functionality in the CephInstance section of the node daemon.

Client-local

This way would involve the API client handling interaction with the file itself, including all stages of analyzing, converting, creating, and writing the image to the cluster. The CLI client would pass the raw contents of the image file to the API via HTTP.

Pros

  • Handles uploading the file from an arbitrary remote machine to the PVC cluster.
  • Provides greater administrator flexibility (SSH not required to nodes, etc.)
  • Cleaner and more consistent long-term.
  • Removes requirement of CephInstance to handle this long-running task.

Cons

  • Breaks assumptions about how all other Ceph commands currently work (see below).
  • To be fully consistent, would require a major rewrite of the Ceph management section of the client.
  • Like the provisioner (see #69), opens up potential interruptions on primary node transition.

Broken Assumptions

Currently the provisioner portion of the API makes the assumption that the machine running it has direct access to the Ceph cluster, since several stages of the provisioning create_vm sequence involve directly mapping Ceph volumes, writing to them, mounting them, etc.

This breaks the original assumptions of the "/ceph/cmd pipe" architecture, which was that the client could be running in another arbitrary location with access only to Zookeeper and still "perform" Ceph-related commands.

However, this architecture is, quite frankly, a big hack. I implemented it with the assumption that "the clients shouldn't touch the Ceph cluster", which made sense at the time, but the combination of (a) implementing the provisioner, (b) turning the CLI client into an API client; and (c) effectively requiring the API to run on the Primary coordinator, makes this assumption far less relevant. And during provisioner testing, I've seen at least one case where overloading this command pipe can be disastrous to the running daemon, so this would be a bugfix as well.

One of the original goals of this architecture was to be able to have an "API VM" on the cluster, which would have access to the "cluster" network but not the "storage" network directly. This would isolate the API from the Ceph cluster, which I saw as a security benefit. However this would still be possible with the provisioner in the current state, however, by adding a "brstorage" bridge to go alongside the "brcluster" bridge that currently exists, then simply ensuring that this special VM has access to both along with the Ceph cluster itself. That said, I've mostly abandoned the idea of separating the API like this, and doing something like this would be a completely manual operation. So the assumption that original triggered the "/cmd/ceph pipe" architecture has already been de facto abandoned.

Takeaways and future plans

Given the broken assumption and the "ideal" second method of implementing image uploads, I think it makes a lot of sense to rework the Ceph command pipe, the assumptions of the common client functions regarding Ceph commands, and likely also add the "brstorage" bridge "just in case".

This would provide two very nice changes:

  1. Simplify the client handling, deciding one-and-for-all that direct Ceph access, in addition to direct Zookeeper access, is required for the "core" clients - the API and any 3rd party, direct-binding client.

  2. Simply the node handling, since it would no longer need to respond to the /cmd/ceph pipe or perform these functions itself.

In the time it's taken me to write this, I've effectively decided that the second method, as well as the full Ceph client handling refactor, is definitely the way to go, but feedback requested especially in light of the cons. I will take a short break (1-2 weeks) before implementing this either way.

To help facilitate running arbitrary VMs and bypassing (most of) the provisioner, PVC should support uploading of arbitrary disk image files to the cluster. As-is, there are a few options for how to go about this. ## The Options ### Node-local only This way only allows uploading files that are actually present on the (primary) PVC node, but requires minimal changes to the logic of PVC's handling of Ceph volumes. The administrator/user of the API (and via it the CLI as well) would pass a path to a node-local file to the client, which would then pass it on via the `/cmd/ceph` pipe in Zookeeper, as all current Ceph commands do, to the (primary) node daemon, which could then perform the required functions (analyzing, converting to raw format, creating Ceph volumes, writing the image to mapped Ceph volumes, etc.). #### Pros * Uses existing PVC functionality. * No client-side file handling at all. * Somewhat limits "malicious" uploads, since SSH access to the cluster nodes would be required. * Could easily implement a fetch-via-HTTP/FTP option based on the "file" path to grab images from remote locations. #### Cons * Can not use the CLI client on an arbitrary machine to upload an image on *that machine*. * Requires giving SSH access to the cluster to anyone wanting to upload images. * Requires more functionality in the `CephInstance` section of the node daemon. ### Client-local This way would involve the API client handling interaction with the file itself, including all stages of analyzing, converting, creating, and writing the image to the cluster. The CLI client would pass the raw contents of the image file to the API via HTTP. #### Pros * Handles uploading the file from an arbitrary remote machine to the PVC cluster. * Provides greater administrator flexibility (SSH not required to nodes, etc.) * Cleaner and more consistent long-term. * Removes requirement of CephInstance to handle this long-running task. #### Cons * Breaks assumptions about how all other Ceph commands currently work (see below). * To be fully consistent, would require a major rewrite of the Ceph management section of the client. * Like the provisioner (see #69), opens up potential interruptions on primary node transition. ## Broken Assumptions Currently the provisioner portion of the API makes the assumption that the machine running it has direct access to the Ceph cluster, since several stages of the provisioning `create_vm` sequence involve directly mapping Ceph volumes, writing to them, mounting them, etc. This breaks the original assumptions of the "`/ceph/cmd` pipe" architecture, which was that the client could be running in another arbitrary location with access only to Zookeeper and still "perform" Ceph-related commands. However, this architecture is, quite frankly, a big hack. I implemented it with the assumption that "the clients shouldn't touch the Ceph cluster", which made sense at the time, but the combination of (a) implementing the provisioner, (b) turning the CLI client into an API client; and (c) effectively requiring the API to run on the Primary coordinator, makes this assumption far less relevant. And during provisioner testing, I've seen at least one case where overloading this command pipe can be disastrous to the running daemon, so this would be a bugfix as well. One of the original goals of this architecture was to be able to have an "API VM" on the cluster, which would have access to the "cluster" network but not the "storage" network directly. This would isolate the API from the Ceph cluster, which I saw as a security benefit. However this would still be possible with the provisioner in the current state, however, by adding a "brstorage" bridge to go alongside the "brcluster" bridge that currently exists, then simply ensuring that this special VM has access to both along with the Ceph cluster itself. That said, I've mostly abandoned the idea of separating the API like this, and doing something like this would be a completely manual operation. So the assumption that original triggered the "`/cmd/ceph` pipe" architecture has already been _de facto_ abandoned. ## Takeaways and future plans Given the broken assumption and the "ideal" second method of implementing image uploads, I think it makes a lot of sense to rework the Ceph command pipe, the assumptions of the common client functions regarding Ceph commands, and likely also add the "brstorage" bridge "just in case". This would provide two very nice changes: 1. Simplify the client handling, deciding one-and-for-all that direct Ceph access, in addition to direct Zookeeper access, is required for the "core" clients - the API and any 3rd party, direct-binding client. 2. Simply the node handling, since it would no longer need to respond to the `/cmd/ceph` pipe or perform these functions itself. In the time it's taken me to write this, I've effectively decided that the second method, as well as the full Ceph client handling refactor, is definitely the way to go, but feedback requested especially in light of the cons. I will take a short break (1-2 weeks) before implementing this either way.
JoshuaBoniface commented 2020-01-08 21:00:15 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-08 21:04:39 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-08 21:05:18 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-08 21:05:43 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-08 21:07:31 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-08 21:07:55 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2020-01-12 23:32:56 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed milestone to %2

changed milestone to %2
JoshuaBoniface commented 2020-02-08 23:35:19 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

mentioned in issue #80

mentioned in issue #80
JoshuaBoniface commented 2020-02-08 23:48:07 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

Went with the "Client-local" methodology and have already eliminated the /ceph/cmd pipe in #80. Next step is implementing image upload functionality directly through the API.

Went with the "Client-local" methodology and have already eliminated the `/ceph/cmd` pipe in #80. Next step is implementing image upload functionality directly through the API.
JoshuaBoniface commented 2020-02-09 14:41:00 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

mentioned in commit 49e5ce1176

mentioned in commit 49e5ce11763146dde1551f24926f6f22375b1e87
JoshuaBoniface commented 2020-02-09 20:43:20 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

mentioned in commit e419855911

mentioned in commit e4198559113ef7917f4aaede0ed7a83b341c1814
JoshuaBoniface commented 2020-02-09 20:43:20 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

closed via commit 1de57ab6f3

closed via commit 1de57ab6f30fe774d119c6c396249a02f8ee663f
JoshuaBoniface commented 2020-02-09 20:46:09 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

mentioned in commit 1231ba19b7

mentioned in commit 1231ba19b77d18ab983dab18a6608faa05811c52
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
v0.9.105
v0.9.104
v0.9.103
v0.9.102
v0.9.101
v0.9.100
v0.9.99
v0.9.98
v0.9.97
v0.9.96
v0.9.95
v0.9.94
v0.9.93
v0.9.92
v0.9.91
v0.9.90
v0.9.89
v0.9.88
v0.9.87
v0.9.86
v0.9.85
v0.9.84
v0.9.83
v0.9.82
v0.9.81
v0.9.80
v0.9.79
v0.9.78
v0.9.77
v0.9.76
v0.9.75
v0.9.74
v0.9.73
v0.9.72
v0.9.71
v0.9.70
v0.9.69
v0.9.68
v0.9.67
v0.9.66
v0.9.65
v0.9.64
v0.9.63
v0.9.62
v0.9.61
v0.9.60
v0.9.59
v0.9.58
v0.9.57
0.9.56
v0.9.55
v0.9.54
v0.9.53
v0.9.52
v0.9.51
v0.9.50
v0.9.49
v0.9.48
v0.9.47
v0.9.46
v0.9.45
v0.9.44
v0.9.43
v0.9.42
v0.9.41
v0.9.40
v0.9.39
v0.9.38
v0.9.37
v0.9.36
v0.9.35
v0.9.34
v0.9.33
v0.9.32
v0.9.31
v0.9.30
v0.9.29
v0.9.28
v0.9.27
v0.9.26
v0.9.25
v0.9.24
v0.9.23
v0.9.22
v0.9.21
v0.9.20
v0.9.19
v0.9.18
v0.9.17
v0.9.16
v0.9.15
v0.9.14
v0.9.13
v0.9.12
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
list
v0.8-1
v0.8
v0.7
v0.6
v0.5
v0.3
Labels
Clear labels   
API

   
blocked

Issue blocked by another issue

  
bug

   
CLI

   
Client

Issues abut the client frontends

  
Daemon

Issues abut the node daemon

  
debt

Technical debt that should be investigated or cleaned up

  
documentation

   
feature

   
improvement
No Label
API
blocked
bug
CLI
Client
Daemon
debt
documentation
feature
improvement
Milestone
Clear milestone
No items
No Milestone
v0.7
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: parallelvirtualcluster/pvc#68
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?