OpenNebula 4.6 is slowly cooking, getting ready to get out of the oven and being spun around the certification carrousel. We’ve created a screencast to show on of the most interesting features that will be available in the next, shiny new release: the ability to manage Virtual Data Centers natively in OpenNebula, via Sunstone or the CLI.
First, let’s define some concepts. In OpenNebula, a Group (of users) is the authorization boundary. Authorization comes using ACLs built in OpenNebula. ACLs model can be used to control who can manage the Group (that is, the Group admin) and who can deploy virtual machines. A Group can be seen as business unit if you are considering it as private cloud and complete new company if it is public cloud. You can think Human Resources, Marketing and Sales as business units represented by Groups in OpenNebula. Moreover, a Resource Provider is a OpenNebula Cluster of infrastructure resources (aggregation of physical hosts, virtual networks and datastores).
Combining the two above, OpenNebula can handle Virtual Data Centers (vDCs). vDCs are containers for the execution of virtual machines and a way of hiding physical resources from Group members. A Group is simply a boundary, you need to populate resources within the Group which can be consumed by the users of the Group. These resources are obtained from Resource Providers, ending up with the creation of a vDC by combining a Group and one or more Resource Providers. These Resource Providers can reside in other other datacenters, thus achieving a DC federation. But this a story for another screencast 😉
For other interesting screencasts, please take a look to the screencasts page.
This new feature is funded by Produban in the context of the Fund a Feature Program.
that looks really useful. Thanks to Produban for sponsoring this feature.
I’am interested in setting up vDCs as an environment for teams, in which they can do all they like as self service. Two Questions about this:
Is it also possible to give the vDC group access to system wide ressources like vm-templates? This would ease the configuration for a couple of teams. And one step further, does the concept of vDCs ressource boundarys apply to the deployment of oneflow services too?
Thanks a lot for your interest. About your questions:
* Is it also possible to give the vDC group access to system wide ressources like vm-templates?
Certainly. In the screencast this is done for Virtual Networks and Images, but can be done exactly the same for other resources, including VM Template. You need to set permissions to Others (http://docs.opennebula.org/stable/administration/users_and_groups/chmod.html)
* does the concept of vDCs ressource boundarys apply to the deployment of oneflow services too?
Absolutely, users would be able to only deploy on their allocated hosts, for all VMs, regardless if they are launched through OneFlow.