stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathyasuriya Priya <sathyasur...@gmail.com>
Subject Re: [gsoc] GCE support - important aspects
Date Sun, 03 Aug 2014 06:55:09 GMT
Thanks Nirmal.

I am moving the changes to latest codebase.
I will send PR shortly after that.


On Sat, Aug 2, 2014 at 9:48 PM, Nirmal Fernando <nirmal070125@gmail.com>
wrote:

> Hi Suriya,
>
> Please see my comments inline.
>
>
> On Sun, Aug 3, 2014 at 4:33 AM, Sathyasuriya Priya <sathyasuriya@gmail.com
> > wrote:
>
>> Hi Nirmal, devs,
>>
>> Following are some important aspects of GCE design/implementation.
>> Let me know of any changes/suggestions.
>>
>> *1. GCE credential: *Jclouds uses GCE service accounts for communicating
>> with IaaS. This includes a service account email address (for example,
>> 607132743639-fihqilsm9pemf9c98ppmv1otbvtmgdij@developer.gserviceaccount.com)
>> and a private key in text(~1000 chars). This identity, credential can be
>> specified in cloud-controller.xml as follows. Currently mode 1 is
>> implemented. Based on suggestions we can implement mode 2 or 3.
>>
>> *Mode 1:* private key in pem text.
>>   <identity svns:secretAlias="cloud.controller.gce.identity">
>>
>> 607132743639-fihqilsm9pemf9c98ppmv1otbvtmgdij@developer.gserviceaccount.com
>>   </identity>
>>   <credential svns:secretAlias="cloud.controller.gce.credential">
>> -----BEGIN PRIVATE KEY-----
>> #### ~15 lines of private key
>> -----END PRIVATE KEY-----
>>   </credential>
>>
>> *Mode 2:* Instead of giving the private key in text format, we can give
>> a path to a file. The file will have the key in pem format.
>>   <identity svns:secretAlias="cloud.controller.gce.identity">
>>
>> 607132743639-fihqilsm9pemf9c98ppmv1otbvtmgdij@developer.gserviceaccount.com
>>   </identity>
>>   <credential svns:secretAlias="cloud.controller.gce.credential">
>>   /home/suriya/key/privatekey.pem
>>   </credential>
>>
>> *Mode 3:* Mixed mode 1 & 2. Either pem text or path to file can be
>> there. Stratos code can try to autodetect the mode.
>>
>
> Ok, GCE's account authentication mechanism is key based then. It's bit
> different to other IaaS providers. Out of curiosity does GCE use another
> key pair to spawn instances?
>
> I'd like to have Mode2, but for the first iteration, Mode1 is perfectly
> fine.
>
>
>> *2. Network*: GCE instance can connect to only one network [1]. I think,
>> this is different from EC2 or openstack, where one instance can connect to
>> many networks. So stratos server needs to be in same network as cartridge
>> instances. I hope this is ok for multi-tenant mode in stratos. This network
>> name can be mentioned in cartridge json as follows (similar to EC2, but
>> only one name should be specified)
>>       "networkInterfaces": [
>>         {
>>           "networkUuid": "default-network-name"
>>         }
>>       ]
>>
>>
> Ya, there's no issue in multi-tenant mode. I hope this is not mandatory.
>
> Connecting only to one network, is certainly not a blocker IMO.
>
>  *3. Naming convention:* I have used 'gce' in all stratos code, and
>> wherever needed in xml, etc. But in jclouds [2] 'google-compute-engine' is
>> being used. So in the code copied from jclouds to stratos
>> dependencies/jclouds/apis/google-compute-engine/, 'gce' is not used. I hope
>> this is ok.
>>
>
> Ya, this is ok.
>
> Looking forward to see a PR soon :)
>
> Great work so far!
>
>>
>> [1] https://developers.google.com/compute/docs/instances-and-network
>> [2] https://github.com/jclouds/jclouds-labs-google
>> [3]
>> https://github.com/suriyapriya/incubator-stratos/tree/gce/dependencies/jclouds/apis/google-compute-engine
>>
>> Thanks
>> Suriya
>>
>
>
>
> --
> Best Regards,
> Nirmal
>
> Nirmal Fernando.
> PPMC Member & Committer of Apache Stratos,
> Senior Software Engineer, WSO2 Inc.
>
> Blog: http://nirmalfdo.blogspot.com/
>

Mime
View raw message