[Engine-devel] Trusted Compute Pools
by Wei, Gang
------=_NextPart_000_0388_01CDC762.DCFD1B70
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Hi,
I am an engineer working in Intel Open Source Technology Center, interested
in integrating Intel initiated OpenAttestation(OAT) project
(https://github.com/OpenAttestation/OpenAttestation.git) into oVirt to
provide a way for Administrator to deploy VMs on trusted hosts hardened with
H/W-based security features, such as Intel TXT.
I made a draft feature page for this:
http://wiki.ovirt.org/wiki/Trusted_compute_pools
My draft idea is to provide trust_level requirement while doing vm creation
like below:
curl -v -u "vdcadmin(a)qa.lab.tlv.redhat.com"
-H "Content-type: application/xml"
-d '<vm><name>my_new_vm</name>
<cluster id="99408929-82cf-4dc7-a532-9d998063fa95" />
<template id="00000000-0000-0000-0000-000000000000"/>
<trust_level>trusted</trust_level></vm>'
'http://10.35.1.1/rhevm-api/vms'
Then oVirt Engine should query attestation server built with OAT via RESTful
API to get all trusted hosts and select one to create the VM.
Attestation server performs host verification through following steps:
1. Hosts boot with Intel TXT technology enabled
2. The hosts' BIOS, hypervisor and OS are measured
3. These measured data is sent to Attestation server when challenged by
attestation server
4. Attestation server verifies those measurements against good/known
database to determine hosts' trustworthiness
Hosts need to be installed with OAT host agent to report host integrity to
attestation server.
By far, I am still in process of getting familiar with oVirt code and not
get solid idea yet on how the oVirt Engine should be modified to support
this feature.
Any kind of comments or suggestions will be highly appreciated.
Thanks
Gang (Jimmy) Wei
------=_NextPart_000_0388_01CDC762.DCFD1B70
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIdxjCCAyAw
ggKJoAMCAQICBDXe9M8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0Vx
dWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw05
ODA4MjIxNjQxNTFaFw0xODA4MjIxNjQxNTFaME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVp
ZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMFdsVhnCGLuoJotHwhtkRRomAoe/toEbxOEYiHD0XzOnwXg
uAHwTjTs4oqVBGSs8WtTXwWzy2eAv0ICjv7dAQns4QAUT/z78AzdQ7pbK+EfgHCZFVeTFvEPl2q3
wmgjHMxNWTCsUR47ryvW7mNFe8XZX1DS41APOojnvxT94Me5AgMBAAGjggEJMIIBBTBwBgNVHR8E
aTBnMGWgY6BhpF8wXTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTENMAsGA1UEAxMEQ1JMMTAaBgNVHRAE
EzARgQ8yMDE4MDgyMjE2NDE1MVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fY
IyAQTzOYkJ/UMB0GA1UdDgQWBBRI5mj5K9KylddH2CMgEE8zmJCf1DAMBgNVHRMEBTADAQH/MBoG
CSqGSIb2fQdBAAQNMAsbBVYzLjBjAwIGwDANBgkqhkiG9w0BAQUFAAOBgQBYzinq/Pfetc4CuRe1
hdG54+CVzCUxDQCmkm5/tpJjnlCV0Zpv5BHeY4VumO6o/1rI01WyZnFX3sAh6z0qpyNJAQSGQnv8
7n+iFlK1Z2fTQNs7JliyKHc9rhR3Ydb6KmYnoA36p3Nc6nDxlCFlRF/6/O8paKmih3nvee9PrAd3
ODCCAz0wggKmoAMCAQICAwWw/zANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE
ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MB4XDTA2MDIxNjE4MDEzMFoXDTE2MDIxOTE4MDEzMFowUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
EUludGVsIENvcnBvcmF0aW9uMScwJQYDVQQDEx5JbnRlbCBFeHRlcm5hbCBCYXNpYyBQb2xpY3kg
Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBpd/XOb9QVqEZ8mQ1042TdOIq3ATD
IsV2xDyt30yLyMR5Wjtus0bn3B+he89BiNO/LP6+rFzEwlD55PlX+HLGIKeNNG97dqyc30FElEUj
ZzTZFq2N4e3kVJ/XAEEgANzV8v9qp7qWwxugPgfc3z9BkYot+CifozexHLb/hEZj+yISCU61kRZv
uSQ0E11yYL4dRgcglJeaHo3oX57rvIckaLsYV5/1Aj+R8DM1Ppk965XQAKsHfnyT7C4S50T4lVn4
lz36wOdNZn/zegG1zp41lnoTFfT4KuKVJH5x7YD1p6KbgJCKLovnujGuohquBNfdXKpZkvz6pGv+
iC1HawJdAgMBAAGjgaAwgZ0wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQaxgxKxEdvqNutK/D0
Vgaj7TdUDDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3Nl
Y3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAPBgNVHRMBAf8EBTAD
AQH/MA0GCSqGSIb3DQEBBQUAA4GBABMQOK2kVKVIlUWwLTdywJ+e2O+PC/uQltK2F3lRyrPfBn69
tOkIP4SgDJOfsxyobIrPLe75kBLw+Dom13OBDp/EMZJZ1CglQfVV8co9mT3aZMjSGGQiMgkJLR3j
Mfr900fXZKj5XeqCJ+JP0mEhJGEdVCY+FFlksJjV86fDrq1QMIIFijCCBHKgAwIBAgIKYR6AtwAA
AAAABzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9y
YXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBDQTAeFw0wOTA1MTUx
OTI1MTNaFw0xNTA1MTUxOTM1MTNaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw
b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSAzQTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGPgGLnOO5IOzlHRfr1XfCVb97V4BR2QVpPZ7Cr
cIQ+FGa2KHD/6dPjwxOIrtFTdfW4BYikdFmxUZVBWRWZ5Vye2cCdGzFWqIEOE1e17nNx1jM8Z6GZ
EqbDUS+vBuPlBFHKQoVm5BaNIHpyn2XZxqwjV9j5/crIfPrCGstk+2ztUhVS8OHEgzO784PgD9pO
gBnnAbZHmEM1FYYmQ6ibS+gVCHzobDYG+YReRiHpFKWBxpUuP+X0WYFw/Ja1JW7N8pELAFDw0UFB
WFgiv1QIusdLvSy8mcsLJ5wy050OVcxShqoUxhw/wvyuuoQxvmEPjhRa1C2oSCmGN0003GMhQWMC
AwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKoWZq+3PVZTYK4Nwu3z7gfL
UWB+MAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBTCKwhT
x+hdMsKCgOmWwLgjQsAV+TAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBQa
xgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5odHRwOi8vd3d3Lmlu
dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBQb2xpY3kl
MjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0lu
dGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYIKwYBBQUHAQEEgdYw
gdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh
dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNydDBsBggrBgEFBQcw
AoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMv
SW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0GCSqGSIb3DQEBBQUA
A4IBAQCUY/1d0MS6VPTlIcOho1XWh193PD5kJDJSPdphLHQdM1oKA+whMdIBoY1VzTDDK+C+Ey4J
cyna7fpC8uVmn/Rz/i9MZtyc7qezPtZTn9UyORvJmddH+Ox/RycGwe3ags8jUdspECorYOkJyZks
nDIlTVUvbR7wyY+gGJYqxWXqrcVFEiMsWu8/OIlf7F2gAYMBw1kZ55dn4lWBIM0WqvReWpPvhYeN
7Y+3MKEdSMkQ7TZiNbfdZ5D/8KfWNMTJ4VHltOgCL1lA5tx/F4R1920skpL5eu3Sj650RUe3rOXs
aV5NyJzBwB31+1zsmleVdFD0k/Fw9HxXbAQE35ucN/7CMIIFijCCBHKgAwIBAgIKYSCKYgAAAAAA
CDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp
b24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBDQTAeFw0wOTA1MTUxOTI3
MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jwb3Jh
dGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSAzQjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+eiYElmrcEWE32WUdHvWG
+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc0la87Olybzm8K9jXEfTB
vTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc2bT804HRf6YptZFa4k6Y
N94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8yN+3N6n9fUo/qBigiF2kE
n9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l575H4Lq++77OFv38CAwEA
AaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZsggQkCVvw939imYxMCvF
MAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQ5oFY2ekKQ
/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBQaxgxK
xEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5odHRwOi8vd3d3LmludGVs
LmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBQb2xpY3klMjBD
QS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVs
JTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYIKwYBBQUHAQEEgdYwgdMw
YwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNhdGVz
L0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNydDBsBggrBgEFBQcwAoZg
aHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50
ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0GCSqGSIb3DQEBBQUAA4IB
AQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+oYgpIAtfEsYXeUJu1cChq
pb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOmN4jTjfJq3ElZ7yFWpy7r
B3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNrJZX1vxlM78Lb1hjskTEN
PmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqzy1Z6KL7TcOS/PCl8RHCJ
XkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIBAgIKHtX06gABAACWPTAN
BgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24x
KzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgM0IwHhcNMTIwNjA4MDgw
NTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcxITAfBgkqhkiG9w0BCQEW
Emdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNyfS4y
C6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4ibyPSjGZ+0EM3r63384g
GcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8vAOxIFbT9KxQl1f1Mfvs
ZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+qMIfo7LMoZmY42t5Nawg
izwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL591Lv0HeUVEJye2bOmlLo1
DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1UdDwQEAwIHgDA8BgkrBgEE
AYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB3r05lfBDAgFkAgEIMB0G
A1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQOxir3WbIIEJAlb8Pd/Ypm
MTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0
b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjAzQigxKS5j
cmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw
RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNybDCB9QYIKwYBBQUHAQEE
gegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlm
aWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy
dDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j
ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwM0Io
MSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkGCSsGAQQBgjcVCgQcMBow
CgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2Fu
Zy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBAHuy
cX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqGTH+oz73HQ7L8v7QxM0Yp
1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2zB31ykzdXH93b6ZpfJk7
8eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEwHoRUyoH1nbu78aOs4mE6
fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe81QCtvDVlBGbZ4gqWR3P
ZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZCMIIFKqADAgECAgoUmebGAAEAAFPVMA0GCSqG
SIb3DQEBBQUAMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkG
A1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSAzQTAeFw0xMDEyMDEwOTMxMzla
Fw0xMzExMTUwOTMxMzlaMDcxEjAQBgNVBAMTCVdlaSwgR2FuZzEhMB8GCSqGSIb3DQEJARYSZ2Fu
Zy53ZWlAaW50ZWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkDjEHBe0Gg1
dZhmebTYRY4qWGcBCKuEGfp8DuoVXyv3gW6bXc8TcWRSXj0vxL/+/RKObwVc17Cu2XcO0MTU1EOo
ohTEl/QDnBvj0qeqKnkZGmAM0cCU7+m07N0ATPEzg0t2gJUA8dVO37iAo1KMQ72ovMJ1LU+x7tno
d6PhrgXLmbjkEjQZnHwLvuI2TdiKKDvJtd6xz6DQuIBSPyn4wYsckGQcb5NlEiQCkCaPM/ZtcKcm
Kxu0g1TfW7zIWuRhkPIOyin/bsN8RBTTq8lL74yFgTB4ybAMp13wtROVAN5FLYE31CAgJ69EBNix
xTBNsLtv+KM6sXsbDccp3H5JwQIDAQABo4IDLzCCAyswCwYDVR0PBAQDAgQwMD0GCSsGAQQBgjcV
BwQwMC4GJisGAQQBgjcVCIbDjHWEmeVRg/2BKIWOn1OCkcAJZ4S52UGHhP9OAgFkAgEMMEQGCSqG
SIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggq
hkiG9w0DBzAdBgNVHQ4EFgQUwmKbKrf26Ot7Acv/+2aZDzj7gaQwHwYDVR0jBBgwFoAUqhZmr7c9
VlNgrg3C7fPuB8tRYH4wgc8GA1UdHwSBxzCBxDCBwaCBvqCBu4ZXaHR0cDovL3d3dy5pbnRlbC5j
b20vcmVwb3NpdG9yeS9DUkwvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENB
JTIwM0EoMSkuY3JshmBodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L0NS
TC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjAzQSgxKS5jcmwwgfUG
CCsGAQUFBwEBBIHoMIHlMGwGCCsGAQUFBzAChmBodHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0
b3J5L2NlcnRpZmljYXRlcy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0El
MjAzQSgxKS5jcnQwdQYIKwYBBQUHMAKGaWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3Jl
cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl
MjBDQSUyMDNBKDEpLmNydDAfBgNVHSUEGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDBDApBgkrBgEE
AYI3FQoEHDAaMAoGCCsGAQUFBwMEMAwGCisGAQQBgjcKAwQwQQYDVR0RBDowOKAiBgorBgEEAYI3
FAIDoBQMEmdhbmcud2VpQGludGVsLmNvbYESZ2FuZy53ZWlAaW50ZWwuY29tMA0GCSqGSIb3DQEB
BQUAA4IBAQAPFjqbkKIbnvnYwFG/QpKUm2yGzieys9IJny7PU2fVV4ksTL7emcpCfhFtlg7cPEgU
7Rx6gG4hO+ZBx9oojImSGWj44Pj3EzSyRRaN+UK1VVESHgE2HKmETsAnRN/wulP9ahPJNmEOklBg
oX6BJg9NYTqp8gDS6m1QBQoh/C2/51MGcmTecM4g5BuEpgmvxovlPDHlnSq390NXwXtdh1lM5qbo
V9FBWFCR1Q7mf7n2Y6b/9m9bn9gMzbdwjMrnpYIiC5rN5WBDQtuzAios8OheGSTX0A1npuGZ3cvP
NlPbRAoD7TVAdGhr+ZztVLA0+IFYmQqHV2C8q3TybgPnp1/uMYIDhjCCA4ICAQEwZDBWMQswCQYD
VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVy
bmFsIEJhc2ljIElzc3VpbmcgQ0EgM0ICCh7V9OoAAQAAlj0wCQYFKw4DAhoFAKCCAfcwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMTIwMTMwNjA5WjAjBgkqhkiG
9w0BCQQxFgQU+nIzZXq5B+gfhE2gv1mcG8hi2mEwcwYJKwYBBAGCNxAEMWYwZDBWMQswCQYDVQQG
EwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFs
IEJhc2ljIElzc3VpbmcgQ0EgM0ECChSZ5sYAAQAAU9UwdQYLKoZIhvcNAQkQAgsxZqBkMFYxCzAJ
BgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0
ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSAzQQIKFJnmxgABAABT1TCBqwYJKoZIhvcNAQkPMYGdMIGa
MAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUDBAECMA4GCCqG
SIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAHBgUrDgMC
GjALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASC
AQCEJdPLzc141NjrlWdB5U+28z5AxlqYhO5ref55IUvaW/jP1hJJbR6K/qiTraQ5GGq1reH4zs7R
vK7QUZRGa4S8dhqJ6fx0uTF7U61uPaPdtzHaafu55Gw6YePRov9IyiJOh5GCKamcLCdyOa3tYG09
9gIp7bWnA7Y/YGgzfwhUWmJKkDl7htOPr0ez4Fy01gFGiCH26n1xHUcG22YgwnoRx/Qih863KGnV
kvtvNrj6Iixo4y8ZF3bQmPhZSn6zPzd99mAPUdwuV78bP/Cexy7UyUP00u9gydnr+YkkWnmOHc2E
jnVX8aZdhugP/pR0HbNCof4RXTX6UZ1ge0SUKsrzAAAAAAAA
------=_NextPart_000_0388_01CDC762.DCFD1B70--
11 years, 10 months
[Engine-devel] UI Plugins: PoC patch revision 7 is here
by Vojtech Szocs
------=_Part_6244399_613158090.1352995860557
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Hi guys,
the latest revisi on of UI Plugins proof-of-c on cept patch is now available for you to experiment with. I've split revision 7 changes apart from revision 6 to make it easier to review new features that were added into revision 7.
You can download and apply UI Plugins patches from oVirt Gerrit code review system:
1. revision 6 - http://gerrit.ovirt.org/#/c/8120/
2. revision 7 - http://gerrit.ovirt.org/#/c/9250/
Please read on to learn what's new in this revisi on . If you have any comments, questi on s or ideas, please let me know!
Engine REST API integration
UiInit is not the only event handler function anymore! :)
UI plugin infrastructure now integrates with Engine REST API by acquiring new REST API session [1] upon successful user authentication.
REST API session ID is provided to plugins via RestApiSessionAcquired event handler function. For example:
api.register({
RestApiSessionAcquired: function(sessionId) {
// Do something with newly acquired session ID
}
});
Note that UiInit function is still the first function to be invoked on the given plugin. Plugins can therefore expect RestApiSessionAcquired function to be called shortly after UiInit function.
For now, UI plugin infrastructure guarantees that acquired Engine REST API session will be valid while the user stays authenticated in WebAdmin. This is done by keeping REST API session alive via periodic heartbeats (HTTP requests) in the background. This also means that it's safe to store and use REST API session ID until RestApiSessionAcquired function is called again with new value. In future, we might consider dropping this kind of guarantee to avoid the keep-alive heartbeat, and use some kind of "is session valid" query to determine if the REST API session is still valid.
After the user signs out of WebAdmin, Engine REST API session will be closed, as per [1]. After signing in again, the process of acquiring new REST API session and calling RestApiSessionAcquired function repeats with new session ID value.
Engine REST API integration also works seamlessly with auto login - if the user is already logged in on the backend, running WebAdmin in new window (tab) will take him directly to the main (authenticated) section of the application. In this case, UI plugin infrastructure remembers the currently valid REST API session ID using HTML5 local storage (or cookie if the browser doesn't support it).
New API function: showDialog
It's now possible to open custom dialogs using showDialog function. For example:
api.register({
UiInit: function() {
api.addMainTabActionButton('Host', 'Show Test Dialog', {
onClick: function() {
api.showDialog('Test Dialog', 'http://www.ovirt.org/', 600, 400);
}
});
}
});
The signature of showDialog function is following:
showDialog (title, contentUrl, width, height)
For now, dialogs are shown using window.open API (non-modal browser popups ). This will be changed in future, providing close integration with GWTP / WebAdmin dialog infrastructure.
New API function: setMainTabContentUrl
It's now possible to update content URL of the given custom main tab using setMainTabContentUrl function. For example:
api.register({
UiInit: function() {
// Use 'about:blank' URL to display empty content
api.addMainTab('Custom Tab', 'custom-tab', 'about:blank');
},
RestApiSessionAcquired: function(sessionId) {
var url = 'http://www.ovirt.org/?s=' + encodeURIComponent(sessionId);
api.setMainTabContentUrl('custom-tab', url);
}
});
In the above example, we first add an empty custom main tab. We do this in UiInit event handler function because we know that it's the best place for one-time UI initialization :) As soon as we receive REST API session ID, we update the URL of the custom main tab. This is just an example how REST API session ID can be sent over to your server as part of main tab content URL.
The signature of setMainTabContentUrl function is following:
setMainTabContentUrl(historyToken, contentUrl)
Note that historyToken essentially identifies the custom main tab.
That's it for now, let me know what you think!
Regards,
Vojtech
[1] http://wiki.ovirt.org/wiki/Features/RESTSessionManagement
------=_Part_6244399_613158090.1352995860557
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><=
div style=3D'font-family: times new roman,new york,times,serif; font-size: =
12pt; color: #000000'>Hi guys,<br><br>the latest revisi<span id=3D"DWT4651"=
class=3D"ZmSearchResult"><span id=3D"DWT4655" class=3D"ZmSearchResult">on<=
/span></span> of <span id=3D"DWT4657" class=3D"ZmSearchResult"><span id=3D"=
DWT4661" class=3D"ZmSearchResult">UI</span></span> <span id=3D"DWT4659" cla=
ss=3D"ZmSearchResult"><span id=3D"DWT4663" class=3D"ZmSearchResult">Plugins=
</span></span> proof-of-c<span id=3D"DWT4653" class=3D"ZmSearchResult"><spa=
n id=3D"DWT4665" class=3D"ZmSearchResult">on</span></span>cept patch is now=
available for you to experiment with. I've split revision 7 changes apart =
from revision 6 to make it easier to review new features that were added in=
to revision 7.<br><br>You can download and apply UI Plugins patches from oV=
irt Gerrit code review system:<br><ol><li>revision 6 - http://gerrit.ovirt.=
org/#/c/8120/</li><li>revision 7 - http://gerrit.ovirt.org/#/c/9250/<br></l=
i></ol>Please read <span id=3D"DWT4669" class=3D"ZmSearchResult"><span id=
=3D"DWT4673" class=3D"ZmSearchResult">on</span></span> to learn what's new =
in this revisi<span id=3D"DWT4671" class=3D"ZmSearchResult"><span id=3D"DWT=
4675" class=3D"ZmSearchResult">on</span></span>. If you have any comments, =
questi<span id=3D"DWT4677" class=3D"ZmSearchResult"><span id=3D"DWT4679" cl=
ass=3D"ZmSearchResult">on</span></span>s or ideas, please let me know!<br><=
br><hr style=3D"width: 100%; height: 2px;"><br><strong>Engine REST API inte=
gration</strong><br style=3D"font-weight: bold;"><br><em>UiInit</em> is not=
the only event handler function anymore! :)<br><br>UI plugin infrastructur=
e now integrates with Engine REST API by acquiring new REST API session [1]=
upon successful user authentication.<br><br>REST API session ID is provide=
d to plugins via <span style=3D"font-style: italic;">RestApiSessionAcquired=
</span> event handler function. For example:<br><br><span style=3D"font-fam=
ily: courier new,courier,monaco,monospace,sans-serif;">api.register({</span=
><br style=3D"font-family: courier new,courier,monaco,monospace,sans-serif;=
"><span style=3D"font-family: courier new,courier,monaco,monospace,sans-ser=
if;"> RestApiSessionAcquired: function(sessionId) {</span><br style=
=3D"font-family: courier new,courier,monaco,monospace,sans-serif;"><span st=
yle=3D"font-family: courier new,courier,monaco,monospace,sans-serif;"> =
; // Do something with newly acquired session ID</span><br styl=
e=3D"font-family: courier new,courier,monaco,monospace,sans-serif;"><span s=
tyle=3D"font-family: courier new,courier,monaco,monospace,sans-serif;">&nbs=
p; }</span><br style=3D"font-family: courier new,courier,monaco,monospace,s=
ans-serif;"><span style=3D"font-family: courier new,courier,monaco,monospac=
e,sans-serif;">});</span><br><br>Note that <span style=3D"font-style: itali=
c;">UiInit</span> function is still the first function to be invoked on the=
given plugin. Plugins can therefore expect <span style=3D"font-style: ital=
ic;">RestApiSessionAcquired</span> function to be called shortly after <spa=
n style=3D"font-style: italic;">UiInit</span> function.<br><br>For now, UI =
plugin infrastructure guarantees that acquired Engine REST API session will=
be valid while the user stays authenticated in WebAdmin. This is done by k=
eeping REST API session alive via periodic heartbeats (HTTP requests) in th=
e background. This also means that it's safe to store and use REST API sess=
ion ID until <span style=3D"font-style: italic;">RestApiSessionAcquired</sp=
an> function is called again with new value. In future, we might consider d=
ropping this kind of guarantee to avoid the keep-alive heartbeat, and use s=
ome kind of "is session valid" query to determine if the REST API session i=
s still valid.<br><br>After the user signs out of WebAdmin, Engine REST API=
session will be closed, as per [1]. After signing in again, the process of=
acquiring new REST API session and calling <span style=3D"font-style: ital=
ic;">RestApiSessionAcquired</span> function repeats with new session ID val=
ue.<br><br>Engine REST API integration also works seamlessly with auto logi=
n - if the user is already logged in on the backend, running WebAdmin in ne=
w window (tab) will take him directly to the main (authenticated) section o=
f the application. In this case, UI plugin infrastructure remembers the cur=
rently valid REST API session ID using HTML5 local storage (or cookie if th=
e browser doesn't support it).<br><br><hr style=3D"width: 100%; height: 2px=
;"><br><span style=3D"font-weight: bold;">New API function: showDialog</spa=
n><br style=3D"font-weight: bold;"><br>It's now possible to open custom dia=
logs using <span style=3D"font-style: italic;">showDialog</span> function. =
For example:<br><br><span style=3D"font-family: courier new,courier,monaco,=
monospace,sans-serif;">api.register({</span><br style=3D"font-family: couri=
er new,courier,monaco,monospace,sans-serif;"><span style=3D"font-family: co=
urier new,courier,monaco,monospace,sans-serif;"> UiInit: function() {=
</span><br style=3D"font-family: courier new,courier,monaco,monospace,sans-=
serif;"><span style=3D"font-family: courier new,courier,monaco,monospace,sa=
ns-serif;"> api.addMainTabActionButton('Host', 'Show Test=
Dialog', {</span><br style=3D"font-family: courier new,courier,monaco,mono=
space,sans-serif;"><span style=3D"font-family: courier new,courier,monaco,m=
onospace,sans-serif;"> onClick: function() {<=
/span><br style=3D"font-family: courier new,courier,monaco,monospace,sans-s=
erif;"><span style=3D"font-family: courier new,courier,monaco,monospace,san=
s-serif;"> api.showDialog('Test D=
ialog', 'http://www.ovirt.org/', 600, 400);<br> &nbs=
p; }</span><br style=3D"font-family: courier new,courier,monaco,monospace,s=
ans-serif;"><span style=3D"font-family: courier new,courier,monaco,monospac=
e,sans-serif;"> });</span><br style=3D"font-family: couri=
er new,courier,monaco,monospace,sans-serif;"><span style=3D"font-family: co=
urier new,courier,monaco,monospace,sans-serif;"> }</span><br style=3D=
"font-family: courier new,courier,monaco,monospace,sans-serif;"><span style=
=3D"font-family: courier new,courier,monaco,monospace,sans-serif;">});</spa=
n><br style=3D"font-family: courier new,courier,monaco,monospace,sans-serif=
;"><br>The signature of <span style=3D"font-style: italic;">showDialog</spa=
n> function is following:<br><br><div style=3D"margin-left: 40px;"><span st=
yle=3D"font-style: italic;">showDialog(title, contentUrl, width, height)</s=
pan><br></div><br>For now, dialogs are shown using <span style=3D"font-styl=
e: italic;">window.open</span> API (non-modal browser popups). This will be=
changed in future, providing close integration with GWTP / WebAdmin dialog=
infrastructure.<br><br><hr style=3D"width: 100%; height: 2px;"><br><span s=
tyle=3D"font-weight: bold;">New API function: setMainTabContentUrl</span><b=
r style=3D"font-weight: bold;"><br>It's now possible to update content URL =
of the given custom main tab using <span style=3D"font-style: italic;">setM=
ainTabContentUrl</span> function. For example:<br><br><span style=3D"font-f=
amily: courier new,courier,monaco,monospace,sans-serif;">api.register({</sp=
an><br style=3D"font-family: courier new,courier,monaco,monospace,sans-seri=
f;"><span style=3D"font-family: courier new,courier,monaco,monospace,sans-s=
erif;"> UiInit: function() {</span><br style=3D"font-family: courier =
new,courier,monaco,monospace,sans-serif;"><span style=3D"font-family: couri=
er new,courier,monaco,monospace,sans-serif;"> // Use 'abo=
ut:blank' URL to display empty content</span><br style=3D"font-family: cour=
ier new,courier,monaco,monospace,sans-serif;"><span style=3D"font-family: c=
ourier new,courier,monaco,monospace,sans-serif;"> api.add=
MainTab('Custom Tab', 'custom-tab', 'about:blank');</span><br style=3D"font=
-family: courier new,courier,monaco,monospace,sans-serif;"><span style=3D"f=
ont-family: courier new,courier,monaco,monospace,sans-serif;"> },</sp=
an><br style=3D"font-family: courier new,courier,monaco,monospace,sans-seri=
f;"><span style=3D"font-family: courier new,courier,monaco,monospace,sans-s=
erif;"> RestApiSessionAcquired: function(sessionId) {</span><br style=
=3D"font-family: courier new,courier,monaco,monospace,sans-serif;"><span st=
yle=3D"font-family: courier new,courier,monaco,monospace,sans-serif;"> =
; var url =3D 'http://www.ovirt.org/?s=3D' + encodeURIComponent=
(sessionId);</span><br style=3D"font-family: courier new,courier,monaco,mon=
ospace,sans-serif;"><span style=3D"font-family: courier new,courier,monaco,=
monospace,sans-serif;"> api.setMainTabContentUrl('custom-=
tab', url);</span><br style=3D"font-family: courier new,courier,monaco,mono=
space,sans-serif;"><span style=3D"font-family: courier new,courier,monaco,m=
onospace,sans-serif;"> }</span><br style=3D"font-family: courier new,=
courier,monaco,monospace,sans-serif;"><span style=3D"font-family: courier n=
ew,courier,monaco,monospace,sans-serif;">});</span><br style=3D"font-family=
: courier new,courier,monaco,monospace,sans-serif;"><br>In the above exampl=
e, we first add an empty custom main tab. We do this in <span style=3D"font=
-style: italic;">UiInit</span> event handler function because we know that =
it's the best place for one-time UI initialization :) As soon as we receive=
REST API session ID, we update the URL of the custom main tab. This is jus=
t an example how REST API session ID can be sent over to your server as par=
t of main tab content URL.<br><br>The signature of <span style=3D"font-styl=
e: italic;">setMainTabContentUrl</span> function is following:<br><br><div =
style=3D"margin-left: 40px;"><span style=3D"font-style: italic;">setMainTab=
ContentUrl(historyToken, contentUrl)</span><br></div><br>Note that <span st=
yle=3D"font-style: italic;">historyToken</span> essentially identifies the =
custom main tab.<br><br><hr style=3D"width: 100%; height: 2px;"><br>That's =
it for now, let me know what you think!<br><br>Regards,<br>Vojtech<br><br><=
span style=3D"font-weight: bold;"></span><br>[1] http://wiki.ovirt.org/wiki=
/Features/RESTSessionManagement<br><br></div></body></html>
------=_Part_6244399_613158090.1352995860557--
12 years
[Engine-devel] RFD: API: Identifying vdsm objects in the next-gen API
by Adam Litke
Today in vdsm, every object (StoragePool, StorageDomain, VM, Volume, etc) is
identified by a single UUID. On the surface, it seems like this is enough info
to properly identify a resource but in practice it's not. For example, when you
look at the API's dealing with Volumes, almost all of them require an sdUUID,
spUUID, and imgUUID in order to provide proper context for the operation.
Needing to provide these extra UUIDs is a burden on the API user because knowing
which values to pass requires internal knowledge of the API. For example, the
spUUID parameter is almost always just the connected storage pool. Since we
know there can currently be only one connected pool, the value is known.
I would like to move away from needing to understand all of these relationships
from the end user perspective by encapsulating the extra context into new object
identifier types as follows:
StoragePoolIdentifier:
{ 'storagepoolID': 'UUID' }
StorageDomainIdentifier:
{ 'storagepoolID*': 'UUID', 'storagedomainID': 'UUID' }
ImageIdentifier:
{ 'storagepoolID*': 'UUID', 'storagedomainID': 'UUID', 'imageID': 'UUID' }
VolumeIdentifier:
{ 'storagepoolID*': 'UUID', 'storagedomainID': 'UUID',
'imageID': 'UUID', 'volumeID': 'UUID' }
TaskIdentifier:
{ 'taskID': 'UUID' }
VMIdentifier:
{ 'vmID': 'UUID' }
In the new API, anytime a reference to an object is required, one of the above
structures must be passed in place of today's single UUID. In many cases, this
will allow us to reduce the number of parameters to the function since the
needed contextual parameters (spUUID, etc) will be part of the object's
identifier. Similarly, any time the API returns an object reference it would
return a *Identifier instead of a bare UUID.
These identifier types are basically opaque blobs to the API users and are only
ever generated by vdsm itself. Because of this, we can change the internal
structure of the identifier to require new information or (before freezing the
API) remove fields that no longer make sense.
I would greatly appreciate your comments on this proposal. If it seems
reasonable, I will revamp the current schema to make the necessary changes and
provide the Bridge patch functions to convert between the current implementation
and the new schema.
--- sample schema patch ---
commit 48f6b0f0a111dd0b372d211a4e566ce87f375cee
Author: Adam Litke <agl(a)us.ibm.com>
Date: Tue Nov 27 14:14:06 2012 -0600
schema: Introduce class identifier types
When calling API methods that belong to a particular class, a class instance
must be indicated by passing a set of identifiers in the request. The location
of these parameters within the request is: 'params' -> '__obj__'. Since this
set of identifiers must be used together to correctly instantiate an object, it
makes sense to define these as proper types within the API. Then, functions
that return an object (or list of objects) can refer to the correct type.
Signed-off-by: Adam Litke <agl(a)us.ibm.com>
diff --git a/vdsm_api/vdsmapi-schema.json b/vdsm_api/vdsmapi-schema.json
index 0418e6e..7e2e851 100644
--- a/vdsm_api/vdsmapi-schema.json
+++ b/vdsm_api/vdsmapi-schema.json
@@ -937,7 +937,7 @@
# Since: 4.10.0
##
{'command': {'class': 'Host', 'name': 'getConnectedStoragePools'},
- 'returns': ['StoragePool']}
+ 'returns': ['StoragePoolIdentifier']}
##
# @BlockDeviceType:
@@ -1572,7 +1572,7 @@
{'command': {'class': 'Host', 'name': 'getStorageDomains'},
'data': {'*storagepoolID': 'UUID', '*domainClass': 'StorageDomainImageClass',
'*storageType': 'StorageDomainType', '*remotePath': 'str'},
- 'returns': ['StorageDomain']}
+ 'returns': ['StorageDomainIdentifier']}
##
# @Host.getStorageRepoStats:
@@ -2406,7 +2406,7 @@
##
{'command': {'class': 'Host', 'name': 'getVMList'},
'data': {'*vmList': ['UUID']},
- 'returns': ['VM']}
+ 'returns': ['VMIdentifier']}
##
# @Host.ping:
@@ -2744,10 +2744,11 @@
'returns': 'ConnectionRefMap'}
## Category: @ISCSIConnection ##################################################
+
##
-# @ISCSIConnection:
+# @ISCSIConnectionIdentifier:
#
-# ISCSIConnection API object.
+# Identifier for an ISCSIConnection object.
#
# @host: A fully-qualified domain name (FQDN) or IP address
#
@@ -2757,11 +2758,21 @@
#
# @password: #optional The password associated with the given username
#
-# Since: 4.10.0
+# Since: 4.10.1
+##
+{'type': 'ISCSIConnectionIdentifier',
+ 'data': {'host': 'str', 'port': 'int', '*user': 'str', '*password': 'str'}}
+
+##
+# @ISCSIConnection:
+#
+# ISCSIConnection API object.
+#
+# @ident: The object identifier
+#
+# Since: 4.10.1
##
-{'class': 'ISCSIConnection',
- 'data': {'host': 'str', 'port': 'int', '*user': 'str',
- '*password': 'str'}}
+{'class': 'ISCSIConnection', 'ident': 'ISCSIConnectionIdentifier'}
##
# @ISCSIConnection.discoverSendTargets:
@@ -2777,10 +2788,11 @@
'returns': ['str']}
## Category: @Image ############################################################
+
##
-# @Image:
+# @ImageIdentifier:
#
-# Image API object.
+# Identifier for an Image object.
#
# @imageID: The UUID of the Image
#
@@ -2788,13 +2800,24 @@
#
# @storagedomainID: The UUID of the Storage Domain associated with the Image
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'Image',
+{'type': 'ImageIdentifier',
'data': {'imageID': 'UUID', 'storagepoolID': 'UUID',
'storagedomainID': 'UUID'}}
##
+# @Image:
+#
+# Image API object.
+#
+# @ident: The object identifier
+#
+# Since: 4.10.1
+##
+{'class': 'Image', 'ident': 'ImageIdentifier'}
+
+##
# @Image.delete:
#
# Delete the Image and all of its Volumes.
@@ -2843,7 +2866,7 @@
# Since: 4.10.0
##
{'command': {'class': 'Image', 'name': 'getVolumes'},
- 'returns': ['Volume']}
+ 'returns': ['VolumeIdentifier']}
##
# @Image.mergeSnapshots:
@@ -2905,17 +2928,26 @@
## Category: @LVMVolumeGroup ###################################################
##
+# @LVMVolumeGroupIdentifier:
+#
+# An identifier for a LVMVolumeGroup object.
+#
+# @lvmvolumegroupID: The volume group UUID
+#
+# Since: 4.10.1
+##
+{'type': 'LVMVolumeGroupIdentifier', 'data': {'lvmvolumegroupID': 'UUID'}}
+
+##
# @LVMVolumeGroup:
#
# LVMVolumeGroup API object.
#
-# @lvmvolumegroupID: #optional Associate this object with an existing LVM
-# Volume Group
+# @ident: The object identifier
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'LVMVolumeGroup',
- 'data': {'lvmvolumegroupID': 'UUID'}}
+{'class': 'LVMVolumeGroup', 'ident': 'LVMVolumeGroupIdentifier'}
##
# @LVMVolumeGroup.create:
@@ -2964,21 +2996,32 @@
## Category: @StorageDomain ####################################################
##
-# @StorageDomain:
+# @StorageDomainIdentifier:
#
-# StorageDomain API object.
+# An identifier for a StorageDomain object.
#
# @storagedomainID: Associate this object with a new or existing Storage Domain
#
# @storagepoolID: #optional The Storage Pool UUID if this Storage Domain is
# attached
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'StorageDomain',
+{'type': 'StorageDomainIdentifier',
'data': {'storagedomainID': 'UUID', 'storagepoolID': 'UUID'}}
##
+# @StorageDomain:
+#
+# StorageDomain API object.
+#
+# @ident: The object identifier
+#
+# Since: 4.10.1
+##
+{'class': 'StorageDomain', 'ident': 'StorageDomainIdentifier'}
+
+##
# @StorageDomain.activate:
#
# Activate an attached but inactive Storage Domain.
@@ -3184,7 +3227,7 @@
# Since: 4.10.0
##
{'command': {'class': 'StorageDomain', 'name': 'getImages'},
- 'returns': ['Image']}
+ 'returns': ['ImageIdentifier']}
##
# @StorageDomainRole:
@@ -3295,7 +3338,7 @@
##
{'command': {'class': 'StorageDomain', 'name': 'getVolumes'},
'data': {'imageID': 'UUID'},
- 'returns': ['Volume']}
+ 'returns': ['VolumeIdentifier']}
##
# @StorageDomain.setDescription:
@@ -3355,15 +3398,26 @@
## Category: @StoragePool ######################################################
##
+# @StoragePoolIdentifier:
+#
+# An identifier for a StoragePool object.
+#
+# @storagepoolID: Associate this object with a new or existing Storage Pool
+#
+# Since: 4.10.1
+##
+{'type': 'StoragePoolIdentifier', 'data': {'storagepoolID': 'UUID'}}
+
+##
# @StoragePool:
#
# StoragePool API object.
#
-# @storagepoolID: Associate this object with a new or existing Storage Pool
+# @ident: The object identifier
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'StoragePool', 'data': {'storagepoolID': 'UUID'}}
+{'class': 'StoragePool', 'ident': 'StoragePoolIdentifier'}
##
# @StoragePool.connect:
@@ -3629,7 +3683,7 @@
##
{'command': {'class': 'StoragePool', 'name': 'getDomainsContainingImage'},
'data': {'imageID': 'UUID', '*onlyDataDomains': 'bool'},
- 'returns': ['StorageDomain']}
+ 'returns': ['StorageDomainIdentifier']}
##
# @StoragePool.getIsoList:
@@ -4058,15 +4112,27 @@
## Category: @Task #############################################################
##
+# @TaskIdentifier:
+#
+# An identifier for a Task object.
+#
+# @taskID: The task UUID
+#
+# Since: 4.10.1
+##
+{'type': 'TaskIdentifier', 'data': {'taskID': 'UUID'}}
+
+
+##
# @Task:
#
# Task API object.
#
-# @taskID: Associate this object with an existing Task
+# @ident: The object identifier
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'Task', 'data': {'taskID': 'UUID'}}
+{'class': 'Task', 'ident': 'TaskIdentifier'}
##
# @Task.clear:
@@ -4123,15 +4189,26 @@
## Category: @VM ###############################################################
##
+# @VMIdentifier:
+#
+# An identifier for a VM object.
+#
+# @vmID: The task UUID
+#
+# Since: 4.10.1
+##
+{'type': 'VMIdentifier', 'data': {'vmID': 'UUID'}}
+
+##
# @VM:
#
# VM API object.
#
-# @vmID: Associate this object with an existing VM
+# @ident: The object identifier
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'VM', 'data': {'vmID': 'UUID'}}
+{'class': 'VM', 'ident': 'VMIdentifier'}
##
# @DriveSpecVolume:
@@ -5161,9 +5238,9 @@
## Category: @Volume ###########################################################
##
-# @Volume:
+# @VolumeIdentifier:
#
-# Volume API object.
+# An identifier for a Volume object.
#
# @volumeID: The UUID of the Volume
#
@@ -5173,13 +5250,24 @@
#
# @imageID: The Image associated with @UUID
#
-# Since: 4.10.0
+# Since: 4.10.1
##
-{'class': 'Volume',
+{'type': 'VolumeIdentifier',
'data': {'volumeID': 'UUID', 'storagepoolID': 'UUID',
'storagedomainID': 'UUID', 'imageID': 'UUID'}}
##
+# @Volume:
+#
+# Volume API object.
+#
+# @ident: The object identifier
+#
+# Since: 4.10.1
+##
+{'class': 'Volume', 'ident': 'VolumeIdentifier'}
+
+##
# @VolumeRole:
#
# An enumeration of Volume Roles.
--
Adam Litke <agl(a)us.ibm.com>
IBM Linux Technology Center
12 years
[Engine-devel] [ATTENTION] vdsm-bootstrap/host deployment (pre-3.2)
by Alon Bar-Lev
Hello All,
Preparing to ovirt-engine 3.2 the entire "vdsm-bootstrap" bootstrap was re-written from scratch into more pluggable and flexible implementation, available at git master and nightly snapshots.
As far as packaging is concerned there are now two more dependencies to ovirt-engine:
* otopi -- oVirt Task Oriented Pluggable Installer/Implementation
* ovirt-host-deploy -- oVirt host deploy tool
These packages replace the legacy vdsm-bootstrap package that was distributed with vdsm.
Git repositories are available at at[1][2].
Documentation is available at Git repositories - README*.
Builds are available at usual place[3].
Bugzilla components will be available shortly.
Change log is attached.
There is no change in the way the engine is performing the host deployment process in term of user experience, other than event log messages during deployment were improved.
The log of the deployment is fetched from host and stored at engine machine at /var/log/ovirt-engine/host-deploy, on host it is at /tmp/ovirt-host-deploy*.log and deleted when fetched to engine.
Among other features, the ovir-host-deploy package can be installed manually on host and executed to prepare host for installation, in future we may be able to add host to engine without performing the deployment process, for now it will be usable for integration tests.
The internals are completely different, instead of having 3 different bootstrap sequences:
1. host install
2. ovirt-node install
3. ovirt-node approve
We now have single sequence which is common to host and node installation or re-installation, end result is much simpler implementation.
Please report any issues even minor issues, so we can stabilize it for 3.2 release.
Best Regards,
Alon Bar-Lev.
[1] http://gerrit.ovirt.org/gitweb?p=otopi.git;a=tree
[2] http://gerrit.ovirt.org/gitweb?p=ovirt-host-deploy.git;a=tree
[3] http://www.ovirt.org/releases/nightly/rpm/Fedora/17/noarch/
---
Change Log
* offline packager feature.
* tuned is installed with virtual-host profile.
* initial implementation based on otpoi.
* implementation is based on legacy vdsm-bootstrap pacakge functionality.
* legacy-removed: legacy VDSM (<3.0) config upgrade.
* legacy-removed: change machine width core file
# echo /var/lib/vdsm/core > /proc/sys/kernel/core_pattern
* legacy-removed: kernel version test, package dependency is sufficient.
* legacy-removed: do not add kernel parameter processor.max_cstate=1
warn if not have constant_tsc
https://bugzilla.redhat.com/show_bug.cgi?id=770153
* legacy-change: io elevator scheduler set in kernel command-line
use either udev rule in vdsm package or tuned.
* legacy-change: vdsm libvirt reconfigure
vdsm is reconfigured with file based trigger instead unsupported systemd
init.d parameter.
* legacy-change: distribution checks are simpler based on Python platform,
minimum:
- rhel-6.2
- fedora-17
* legacy-change: minimum vdsm version is taken from engine not hard coded.
* legacy-change: pki is now using m2crypto to generate certificate request
and parse certificates.
* legacy-change: use iproute2 instead of python ethtool to avoid another
dependency for host name validation.
* legacy-change: use iproute2 instead of reading /proc/net/route for route
information and interface information.
* legacy-change: do not use vdsm.netinfo for vlan and bonding as it requires
/usr/share/vdsm modules, and it is trivial anyway.
* legacy-change: use vdsm-store-net-config script to commit network config
instead of internal duplicate implementation.
* legacy-change: /etc/vdsm/vdsm.conf is overridden unless VDSM/configOverride
environment is set to True
* legacy-change: /etc/vdsm/vdsm.conf is not read of fake_qemu.
set VDSM/checkVirtHardware environment to False to avoid hardware detection.
* legacy-change: following gluster packages not installed:
- glusterfs-rdma
- glusterfs-geo-replication
12 years
[Engine-devel] maven settings.xml in building ovirt engine wiki
by Alissa Bonas
Hi,
In this wiki http://wiki.ovirt.org/wiki/Building_oVirt_engine
The suggested maven settings.xml contains hardcoded paths to jboss_home and java_home.
IMHO it's better to use environment variables to take the above settings from there, instead of managing those settings twice in 2 different places.
The current settings look like this (note that java path is incorrect anyway, including /bin/java)
<jbossHome>/usr/share/jboss-as</jbossHome>
<JAVA_HOME>/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.0.x86_64/bin/java</JAVA_HOME>
How about changing settings.xml to something like:
<jbossHome>${env.JBOSS_HOME}</jbossHome>
<JAVA_HOME>${env.JAVA_HOME}</JAVA_HOME>
Does anyone see a problem with the suggested approach?
Thanks
Alissa
12 years