9:52 a.m.
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
- Support launching deployables in conductor simply by allowing the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
- target: ec2, rhev-m, etc.
- target_parameters: target specific data stashed here for the push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
- target_identifier: target specific ID for the image
templates:
- object_type == "template"
- object_body: <template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body: <icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds of
an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image with
a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the target
images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI from
the specified provider
$> aeolus-image delete --image $image_id # deletes all builds,
target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a provider
image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat > update.js <<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
10:35 a.m.
On 05/24/2011 10:52 AM, Mark McLoughlin wrote:
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
OK this is the only change from what I had in my last writeup. Image
Build takes the place of Image Version -- this makes sense -- I'll just
need to update the redmine task accordingly.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
- Support launching deployables in conductor simply by allowing the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
Is the parent set automatically? i.e. for an initial build (image
doesn't exist before build), latest_build is this new build, and build
parent is null. For any subsequent build for an image, we always update
latest_build to be this new build, and the new build's parent is set to
what was previously the latest build.
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
- target: ec2, rhev-m, etc.
- target_parameters: target specific data stashed here for the push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
- target_identifier: target specific ID for the image
Hmm. We should clarify with the image factory team, but in your model
here, icicle is associated with target images but not provider images.
In the current conductor model, we have icicle on provider images but
not target images. So we should make sure we have it right (or fix
accordingly)
templates:
- object_type == "template"
- object_body:<template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body:<icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along
with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a<provider_credentials/> document
We need to work out how we intend to support the case where conductor
has more than one account on a given provider (i.e. in ec2-us-east we're
using 2 different provider accounts w/ different credentials).
Do we scope ProviderImages to a single provider account and upload for
each, or do we scope them to the provider -- in which case we upload
only once but then we have to worry about sharing the image with all
provider accounts we're using in conductor.
Also, we'll need to rename image factory's current concept of
an image
as a target image. Some initial work on that here[3].
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a<provider_credentials/> document encapsulating all of the
available provider accounts
I'd like a little more clarification on
these. Where are we using them,
and what parameters should these take (and, any more specifics needed on
the return xml doc).
The latter API would be subject to authentication and access
control.
Actually, all of the conductor APIs should be subject to this -- i.e.
even listing providers should be filtered based on what providers the
calling user is allowed to see.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds
of an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image
with a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the
target images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI
from the specified provider
$> aeolus-image delete --image $image_id # deletes all
builds, target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a
provider image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat> update.js<<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
10:48 a.m.
On Tue, 2011-05-24 at 11:35 -0400, Scott Seago wrote:
On 05/24/2011 10:52 AM, Mark McLoughlin wrote:
> Hey,
>
> Apologies for another long email, but here's my proposal for how to
> proceed with the image building CLI etc.
>
> Cheers,
> Mark.
>
> = Terminology =
>
> - Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
> region.
>
> - Target/Provider Type - the cloud type, irrespective of the specific
> instance e.g. RHEV-M vs EC2.
>
> - Provider Account - a set of user credentials for a specific
> provider.
>
> - Provider Image - these are images which have been pushed to, or
> imported from, a provider and are available for use by instances.
>
> - Target Image - these are images which have been built for a
> specific target and are available to be pushed to multiple
> providers.
>
> - Image Build - these are objects which track all target and
> provider images built from a template at a certain time, all of
> which should be equivalent to each other.
>
OK this is the only change from what I had in my last writeup. Image
Build takes the place of Image Version -- this makes sense -- I'll just
need to update the redmine task accordingly.
Yep, sorry - I'm having a terminology death match and "build" is a shade
ahead of "version" :)
> - Image - these are metadata objects which describe the
purpose of
> the image, the parameters it takes, the set of available builds of
> the image and the latest build.
>
> = Overview =
>
> As described previously[1], the short/medium term plan is that Aeolus
> will:
>
> - Have well documented deployable and template description formats
> with plenty of examples. Deployable authors will create these
> descriptions manually or with the help of simple command line
> tools and store them as they fit (e.g. in their own git repo)
>
> - Support launching deployables in conductor simply by allowing the
> user to supply a URL to a deployable description, or choosing a
> URL from a list populated by an admin.
>
> - Include a set of command line tools for building images from a
> template description. This tools will also allow deployable
> authors to list available images available to be referenced in
> their deployables.
>
> - Store images and their related metadata in IWHD. Conductor will
> use IWHD queries to resolve deployables' image references and
> allow users to launch individual images directly.
>
> - Use image factory to build and import images, including the
> updating of IWHD metadata about the images.
>
> = IHWD Metadata =
>
> The following IWHD buckets will be used, each one for a different
> object type:
>
> images:
> - object_type == "image"
> - object_body: XML document with image description and parameters,
> for deployable authors and simple instance launch from UI
> - uuid: UUID
> - latest_build: build UUID
>
> builds:
> - object_type == "build"
> - object_body: empty
> - uuid: UUID
> - image: UUID of the image object
> - parent: UUID of previous build
>
Is the parent set automatically? i.e. for an initial build (image
doesn't exist before build), latest_build is this new build, and build
parent is null. For any subsequent build for an image, we always update
latest_build to be this new build, and the new build's parent is set to
what was previously the latest build.
Exactly
> target_images:
> - object_type == "target_image"
> - object_body: target specific image, for upload builds; empty for
> snapshot builds
> - uuid: UUID
> - build: UUID of the build object
> - icicle: UUID of icicle object
> - template: UUID of template object
> - target: ec2, rhev-m, etc.
> - target_parameters: target specific data stashed here for the push
> stage
>
> provider_images:
> - object_type == "provider_image"
> - object_body: empty
> - uuid: UUID
> - target_image: UUID of image
> - provider: e.g. ec2-us-east-1, rhev-m site
> - icicle == "none"
> - target_identifier: target specific ID for the image
>
Hmm. We should clarify with the image factory team, but in your model
here, icicle is associated with target images but not provider images.
In the current conductor model, we have icicle on provider images but
not target images. So we should make sure we have it right (or fix
accordingly)
I've taken this directly from image factory code e.g.
icicle_id = self.warehouse.store_icicle(self.output_descriptor)
metadata = dict(template=template_id, target=self.target, icicle=icicle_id,
target_parameters=target_parameters)
self.warehouse.store_target_image(self.image_id, self.image, metadata=metadata)
...
metadata = dict(target_image=image_id, provider=provider, icicle="none",
target_identifier=ami_id)
self.warehouse.create_provider_image(self.image_id, metadata=metadata)
> templates:
> - object_type == "template"
> - object_body:<template/> document supplied for image build
> - uuid: UUID
>
> icicles:
> - object_type == "icicle"
> - object_body:<icicle/> document
> - uuid: UUID
>
> This fairly closely reflects the metadata currently stored by image
> factory in IWHD, with the following changes:
>
> - the current "image" type is renamed to "target_type", along
with
> the bucket and image reference on provider images[2]
>
> - new image and build object types and buckets are introduced
>
> - a build reference is added to the target image type
>
> = Image Factory APIs =
>
> Image factory currently supports building target images and pushing
> provider images, along with the appropriate updating of image
> warehouse metadata.
>
> In order to allow the CLI to fire-and-forget, we will need to add new
> build and push APIs which can handle multiple images at once.
>
> These would look like:
>
> - image(image_id, template, targets[])
> + builds an image for the supplied targets
> + image_id should be ommitted, if a new image is required
> + template and targets may be ommitted if a previous build
> exists and the previous template and targets will be used
>
> - push(image_id, providers, credentials)
> + push the image the supplied providers
> + assumes factory can figure out which target image is
> appropriate for each provider
> + credentials argument is a<provider_credentials/> document
>
We need to work out how we intend to support the case where conductor
has more than one account on a given provider (i.e. in ec2-us-east we're
using 2 different provider accounts w/ different credentials).
Do we scope ProviderImages to a single provider account and upload for
each, or do we scope them to the provider -- in which case we upload
only once but then we have to worry about sharing the image with all
provider accounts we're using in conductor.
I have no idea :(
If we want to scope ProviderImages to provider accounts, we'd include a
provider account identifier in the provider image object
> Also, we'll need to rename image factory's current
concept of an image
> as a target image. Some initial work on that here[3].
>
> = Conductor APIs =
>
> Conductor needs APIs to support the following:
>
> 1) List the available provider types in an XML doc
> 2) List the available providers in an XML doc
> 3) Dump a<provider_credentials/> document encapsulating all of the
> available provider accounts
I'd like a little more clarification on these. Where are we using them,
and what parameters should these take (and, any more specifics needed on
the return xml doc).
Okay, these are all used by the image builder CLI
(1) and (2) for the "targets" and "providers" commands. You're
just
listing the available provider types and providers. No parameters
needed.
(3) is making ProviderAccount.build_credentials() available through the
API. We need to pass these credentials to image factory's push method.
> The latter API would be subject to authentication and access
control.
>
Actually, all of the conductor APIs should be subject to this -- i.e.
even listing providers should be filtered based on what providers the
calling user is allowed to see.
Even provider types?
Providers makes some sense, I guess ... I originally wrote "the latter
two APIs" :-)
I'd just prefer to avoid having the CLI user authenticate where it isn't
really necessary.
Thanks,
Mark.
1:12 p.m.
Mark,
Current work demands prevent me from drafting a full point-by-point
reply right now. So, I'll make a few observations:
* Because it represents the actual contents of an image, ICICLE cannot
be generated for Target Image objects for snapshot style builds/clouds.
For these clouds the Target Image object (what we used to call simply an
Image) is a pure placeholder and an actual "realized" image is only
created when you "push" to create a Provider Image.
In other words, in some cases "building" (or the existing "image()"
API
call) establishes the final image content while in others "pushing"
establishes it.
We discussed this once several months ago. At the time we tentatively
agreed that Images (old definition - new term being Target Images) _may_
contain ICICLE but only Provider Images _must_ contain ICICLE.
* Doing builds one after the other doesn't actually guarantee that they
are identical due to the dynamic nature of yum repos (or the SMB shares
or HTTP servers containing package content for Windows). As a result,
guaranteeing the cross-target and cross-provider consistency implied by
the "Image Build" object will require some non-trivial additional work
on the Factory side and may not be possible in the general case.
We will likely have to explicitly verify, after building, that the
resulting Target Images and/or Provider Images are, roughly speaking,
equivalent.
An example to illustrate some of the concerns above:
Amazon EC2 recently added a second Asia-Pacific region. (This is
actually true.)
We support both upload style and snapshot style building of Images on
EC2.
Users with "upload style" EC2 builds can simply "push" their existing
Target Image builds to the new region and will be guaranteed that they
are identical. (And the new Provider Image can actually reference a
shared ICICLE object inherited from the Target Image.)
Users with "snapshot style" EC2 builds who "push" to the new
Provider/Region will repeat the "modify in place and snapshot" step. If
their template has, for example, the "fedora-updates" repo in it, they
will almost certainly end up with newer package content in the Provider
Image.
It's not clear to me what we should do in this case. We can,
potentially, verify that the new snapshot Provider Image is different.
Should we then automatically create new object versions down the chain?
(That is, new Target Image and Image Build objects.)
-Ian
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
- Support launching deployables in conductor simply by allowing the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
- target: ec2, rhev-m, etc.
- target_parameters: target specific data stashed here for the push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
- target_identifier: target specific ID for the image
templates:
- object_type == "template"
- object_body: <template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body: <icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds of
an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image with
a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the target
images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI from
the specified provider
$> aeolus-image delete --image $image_id # deletes all builds,
target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a provider
image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat > update.js <<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
5:41 a.m.
Hi Ian,
On Tue, 2011-05-24 at 13:12 -0500, Ian McLeod wrote:
Mark,
Current work demands prevent me from drafting a full point-by-point
reply right now. So, I'll make a few observations:
* Because it represents the actual contents of an image, ICICLE cannot
be generated for Target Image objects for snapshot style builds/clouds.
For these clouds the Target Image object (what we used to call simply an
Image) is a pure placeholder and an actual "realized" image is only
created when you "push" to create a Provider Image.
In other words, in some cases "building" (or the existing "image()"
API
call) establishes the final image content while in others "pushing"
establishes it.
We discussed this once several months ago. At the time we tentatively
agreed that Images (old definition - new term being Target Images) _may_
contain ICICLE but only Provider Images _must_ contain ICICLE.
So the idea that, with snapshot builds, we will generate the icicle in
the EC2 reference during the push stage.
Why do the upload builds in FedoraBuilder not generate the icicle in the
build stage and copy the reference across in the upload stage? i.e. at
the moment, all provider image icicle references are set to 'none' by
FedoraBuilder
Also, I don't actually see image factory generating an icicle anywhere.
e.g. I don't see Oz's generate_icicle() being called anywhere
Also, I assume the "*must* contain an icicle" doesn't apply to imported
images?
* Doing builds one after the other doesn't actually guarantee
that they
are identical due to the dynamic nature of yum repos (or the SMB shares
or HTTP servers containing package content for Windows). As a result,
guaranteeing the cross-target and cross-provider consistency implied by
the "Image Build" object will require some non-trivial additional work
on the Factory side and may not be possible in the general case.
We will likely have to explicitly verify, after building, that the
resulting Target Images and/or Provider Images are, roughly speaking,
equivalent.
An example to illustrate some of the concerns above:
Amazon EC2 recently added a second Asia-Pacific region. (This is
actually true.)
We support both upload style and snapshot style building of Images on
EC2.
Users with "upload style" EC2 builds can simply "push" their
existing
Target Image builds to the new region and will be guaranteed that they
are identical. (And the new Provider Image can actually reference a
shared ICICLE object inherited from the Target Image.)
Users with "snapshot style" EC2 builds who "push" to the new
Provider/Region will repeat the "modify in place and snapshot" step. If
their template has, for example, the "fedora-updates" repo in it, they
will almost certainly end up with newer package content in the Provider
Image.
It's not clear to me what we should do in this case. We can,
potentially, verify that the new snapshot Provider Image is different.
Should we then automatically create new object versions down the chain?
(That is, new Target Image and Image Build objects.)
Instinctively, I appreciate that guaranteeing the images from a build
are identical is difficult.
But, in your example, I'm not sure I follow the problem. Assuming that
all Fedora mirrors are in sync, is it the time difference between the
build and push stages? i.e if you built your upload image a week ago and
then pushed your upload image and snapshot image today, you're likely to
have a different set of packages in each image?
How about if the image building tool didn't expose the two stages? i.e.
you do the build and push in one go, reducing the race condition. If you
want to push to a new provider, you just go through both build/push
again
The key thing we're trying to do here is get to a stage where a user can
launch an Image (or Deployable that references the Image) and be
confident that they'll get an equivalent image no matter which provider
is chosen
It sounds like if we expose the build/push stages separately, the user
can walk themselves into this race condition. So the answer might be to
discourage that?
i.e. yes, we may be unhappy that just because a user wants to push to a
new EC2 region, she also has to rebuild and upload a new RHEV-M image.
That might appear wasteful, but if it's the only way the user can be
confident that the bits are identical .... ?
(This is distinct from the capabilities of image factory itself. It can
still have the two stages, but the workflow we'd encourage people to
follow with aeolus-image wouldn't expose it)
Cheers,
Mark.
12:39 p.m.
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
I find using the term Provider here to be confusing. To me the
unqualified term indicates a high level concept of a tool that
"Provides" the infrastructure.
I thing "Provider Instance" would be more clear.
Just my 2 cents.
Joe
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
- Support launching deployables in conductor simply by allowing the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
- target: ec2, rhev-m, etc.
- target_parameters: target specific data stashed here for the push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
- target_identifier: target specific ID for the image
templates:
- object_type == "template"
- object_body: <template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body: <icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds of
an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image with
a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the target
images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI from
the specified provider
$> aeolus-image delete --image $image_id # deletes all builds,
target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a provider
image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat > update.js <<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
5:43 a.m.
On Wed, 2011-05-25 at 13:39 -0400, Joseph VLcek wrote:
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
> Hey,
>
> Apologies for another long email, but here's my proposal for how to
> proceed with the image building CLI etc.
>
> Cheers,
> Mark.
>
> = Terminology =
>
> - Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
> region.
I find using the term Provider here to be confusing. To me the
unqualified term indicates a high level concept of a tool that
"Provides" the infrastructure.
This is conductor's terminology. It's even the terminology we expose in
the UI.
(Not really commenting on whether it's confusing or not, just pointing
out that it's consistent with the project-wide terminology)
Cheers,
Mark.
8:10 a.m.
On Thu, 2011-05-26 at 11:43 +0100, Mark McLoughlin wrote:
On Wed, 2011-05-25 at 13:39 -0400, Joseph VLcek wrote:
> On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
> > Hey,
> >
> > Apologies for another long email, but here's my proposal for how to
> > proceed with the image building CLI etc.
> >
> > Cheers,
> > Mark.
> >
> > = Terminology =
> >
> > - Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
> > region.
>
> I find using the term Provider here to be confusing. To me the
> unqualified term indicates a high level concept of a tool that
> "Provides" the infrastructure.
This is conductor's terminology. It's even the terminology we expose in
the UI.
(Not really commenting on whether it's confusing or not, just pointing
out that it's consistent with the project-wide terminology)
Cheers,
Mark.
Thanks for explaining Mark.
If this term is already associated with that meaning I'm OK with it.
Joe
4:37 p.m.
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
- Support launching deployables in conductor simply by allowing the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
I don't get why this ^ doesnt go with Image object?
- target: ec2, rhev-m, etc.
We need to be careful of magic string here, I propose these values come
from deltacloud api
- target_parameters: target specific data stashed here for the
push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
Do you actually mean uuid of image here, or of target image? As imcleod
said in his reply, this probably need to be where the icicle ref is
required, and target image is an optional one (to have a ref to icicle).
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
Is this ^ really just a literal string? If so, why have it? If not,
does this just mean it is an optional association?
- target_identifier: target specific ID for the image
templates:
- object_type == "template"
- object_body: <template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body: <icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
Two alternatives to this come to mind:
* the cli could just call the existing methods sequentially for each
target passed in
* factory could provide a thin wrapper on the existing methods to do the
same thing from that side.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
If image_id _is_ passed in, is that essentially a rebuild of existing,
thereby creating an updated version (build) of the image?
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
I agree with Scott's concerns here on the multiple account per provider
thing. I don't know the answer either, so for a first pass, perhaps we
just limit it to 1 account?
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds of
an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
In the
interest of making the cli less verbose, would it be horrible to
have target take (maybe optionally) an array? So the value is something
like:
--target [ec2,rackspace,rhevm]
--image $image_id \ #
rebuild the image with a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
What is the expected value of $provider_account? is that a uui or name
from conductor, or just the un/pw of actual provider account? Something
else?
$> aeolus-image push $image_id #
push all the target images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI from
the specified provider
$> aeolus-image delete --image $image_id # deletes all builds,
target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a provider
image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat > update.js <<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
6 a.m.
On Wed, 2011-05-25 at 17:37 -0400, Jason Guiditta wrote:
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
> Hey,
>
> Apologies for another long email, but here's my proposal for how to
> proceed with the image building CLI etc.
>
> Cheers,
> Mark.
>
> = Terminology =
>
> - Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
> region.
>
> - Target/Provider Type - the cloud type, irrespective of the specific
> instance e.g. RHEV-M vs EC2.
>
> - Provider Account - a set of user credentials for a specific
> provider.
>
> - Provider Image - these are images which have been pushed to, or
> imported from, a provider and are available for use by instances.
>
> - Target Image - these are images which have been built for a
> specific target and are available to be pushed to multiple
> providers.
>
> - Image Build - these are objects which track all target and
> provider images built from a template at a certain time, all of
> which should be equivalent to each other.
>
> - Image - these are metadata objects which describe the purpose of
> the image, the parameters it takes, the set of available builds of
> the image and the latest build.
>
> = Overview =
>
> As described previously[1], the short/medium term plan is that Aeolus
> will:
>
> - Have well documented deployable and template description formats
> with plenty of examples. Deployable authors will create these
> descriptions manually or with the help of simple command line
> tools and store them as they fit (e.g. in their own git repo)
>
> - Support launching deployables in conductor simply by allowing the
> user to supply a URL to a deployable description, or choosing a
> URL from a list populated by an admin.
>
> - Include a set of command line tools for building images from a
> template description. This tools will also allow deployable
> authors to list available images available to be referenced in
> their deployables.
>
> - Store images and their related metadata in IWHD. Conductor will
> use IWHD queries to resolve deployables' image references and
> allow users to launch individual images directly.
>
> - Use image factory to build and import images, including the
> updating of IWHD metadata about the images.
>
> = IHWD Metadata =
>
> The following IWHD buckets will be used, each one for a different
> object type:
>
> images:
> - object_type == "image"
> - object_body: XML document with image description and parameters,
> for deployable authors and simple instance launch from UI
> - uuid: UUID
> - latest_build: build UUID
>
> builds:
> - object_type == "build"
> - object_body: empty
> - uuid: UUID
> - image: UUID of the image object
> - parent: UUID of previous build
>
> target_images:
> - object_type == "target_image"
> - object_body: target specific image, for upload builds; empty for
> snapshot builds
> - uuid: UUID
> - build: UUID of the build object
> - icicle: UUID of icicle object
> - template: UUID of template object
I don't get why this ^ doesnt go with Image object?
Just because it's currently in the Target Image object and I'm trying to
avoid the amount of changes I'm making
But yeah, it does make more sense on the image object
> - target: ec2, rhev-m, etc.
We need to be careful of magic string here, I propose these values come
from deltacloud api
Yes, I'm a bit worried about this. We have:
- conductor's list of provider types in db/seeds.rb
- image factory's list in e.g. FedoraBuilder.py
- deltacloud's list in server/config/drivers.yaml
A quick glance that conductor and image factory agree on "rhev-m" but
deltacloud thinks it's "rhev-m"
> - target_parameters: target specific data stashed here for the
push
> stage
>
> provider_images:
> - object_type == "provider_image"
> - object_body: empty
> - uuid: UUID
> - target_image: UUID of image
Do you actually mean uuid of image here, or of target image?
Yes, that should be "UUID of target image"
As imcleod said in his reply, this probably need to be where the
icicle ref is required, and target image is an optional one (to have a
ref to icicle).
Right, I'm not proposing any icicle related changes in this mail, just
trying to document the current state. See my reply to Ian.
> - provider: e.g. ec2-us-east-1, rhev-m site
> - icicle == "none"
Is this ^ really just a literal string? If so, why have it? If not,
does this just mean it is an optional association?
Ditto
> - target_identifier: target specific ID for the image
>
> templates:
> - object_type == "template"
> - object_body: <template/> document supplied for image build
> - uuid: UUID
>
> icicles:
> - object_type == "icicle"
> - object_body: <icicle/> document
> - uuid: UUID
>
> This fairly closely reflects the metadata currently stored by image
> factory in IWHD, with the following changes:
>
> - the current "image" type is renamed to "target_type", along
with
> the bucket and image reference on provider images[2]
>
> - new image and build object types and buckets are introduced
>
> - a build reference is added to the target image type
>
> = Image Factory APIs =
>
> Image factory currently supports building target images and pushing
> provider images, along with the appropriate updating of image
> warehouse metadata.
>
> In order to allow the CLI to fire-and-forget, we will need to add new
> build and push APIs which can handle multiple images at once.
>
Two alternatives to this come to mind:
* the cli could just call the existing methods sequentially for each
target passed in
What I mean by fire-and-forget is that the cli shouldn't have to wait
around for the build to finish in order to update metadata. So, that
needs to happen in image factory
* factory could provide a thin wrapper on the existing methods to do
the
same thing from that side.
Right, the new APIs I'm proposing are wrapping the existing methods
> These would look like:
>
> - image(image_id, template, targets[])
> + builds an image for the supplied targets
> + image_id should be ommitted, if a new image is required
If image_id _is_ passed in, is that essentially a rebuild of existing,
thereby creating an updated version (build) of the image?
Right. Perhaps we might skip this magic initially, but it makes sense
longer term - i.e. "just rebuild and repush the images with the latest
available bits"
> + template and targets may be ommitted if a previous
build
> exists and the previous template and targets will be used
>
> - push(image_id, providers, credentials)
> + push the image the supplied providers
> + assumes factory can figure out which target image is
> appropriate for each provider
> + credentials argument is a <provider_credentials/> document
>
> Also, we'll need to rename image factory's current concept of an image
> as a target image. Some initial work on that here[3].
I agree with Scott's concerns here on the multiple account per provider
thing. I don't know the answer either, so for a first pass, perhaps we
just limit it to 1 account?
We could do this two ways:
- image factory will be passed a set of credentials and, if there are
multiple credentials for a provider, it can just pick the first one
- image factory will push to all the accounts provided and, if there
are multiple accounts, conductor will only return a single account
per provider when queried by the CLI
I'm happy with either, perhaps the former is easier
> = Conductor APIs =
>
> Conductor needs APIs to support the following:
>
> 1) List the available provider types in an XML doc
> 2) List the available providers in an XML doc
> 3) Dump a <provider_credentials/> document encapsulating all of the
> available provider accounts
>
> The latter API would be subject to authentication and access control.
>
> = Conductor IWHD Queries =
>
> Conductor has basically two use cases for querying IWHD:
>
> 1) As a user, I want to launch a deployable:
>
> 2) As a user, I want to launch an instance of an image
>
> For (1), conductor needs to resolve each deployable image reference to
> a set of provider images. This can be done with something like:
>
> $> $build_id = curl http://iwhd/$image_id/latest_build
> $> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
> $> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
>
> For (2), conductor needs to list all images available for launching a
> standalone instance and, when the user launches the image, it needs to
> list the parameters for the image. Both are easily achieved by
> querying the images bucket.
>
> = Image Building CLI =
>
> The image building CLI is used by Aeolus users to build and upload
> images from templates. It is also used by deployable authors to list
> the available images.
>
> The use cases are:
>
> 1) As an image builder or deployable author, I want to list all
> images
> 2) As an image builder or deployable author, I want to list all
> builds of an image
> 3) As an image builder or deployable author, I want to list all the
> targets and providers an image has been built for
> 4) As an image builder, I want to build an image
> 5) As an image builder, I want to push an image to a provider
> 6) As an image builder, I want to import an image
> 7) As an image builder, I want to delete an image
> 8) As an image builder, I want to delete old versions of an image
> 9) As an image builder, I want to delete a provider image
> 10) As an image builder, I want to delete an image
>
> The tool needs to interact with IWHD for listing, image factory for
> building and conductor for provider/account details.
>
> It might look like:
>
> $> aeolus-image images # list available
images
> $> aeolus-image builds $image_id # list the
builds of an image
> $> aeolus-image target-images $build_id # list the
target images from a build
> $> aeolus-image provider-images $target_image_id # list the
provider images from a target image
> $> aeolus-image build --target ec2 --template my.tmpl # build a new
image for ec2 from the template
> $> aeolus-image build --image $image_id # rebuild the
image template and targets from latest build
> $> aeolus-image build --target ec2 --target rackspace \ #
In the interest of making the cli less verbose, would it be horrible to
have target take (maybe optionally) an array? So the value is something
like:
--target [ec2,rackspace,rhevm]
We could, but python's argparse module has an 'append' action that I
think is the standard way of supporting multiple values of the same
argument
I don't think it's a big enough problem to deviate from the obvious
implementation path and invent a new format
> --image $image_id \
# rebuild the image with a new template and set of targets
> --template my.tmpl #
> $> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the
target image to the specified provider
> $> aeolus-image push $build_id # push all
target images for a build, to same providers as previously
> $> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
What is the expected value of $provider_account? is that a uui or name
from conductor, or just the un/pw of actual provider account? Something
else?
I presumed it would be a ID that we could use to index into the
<provider_credentials/> XML, but I see now that there isn't an ID that
is standard to each provider type
It's not important initially to have this argument, if we're assuming
one account per provider
Thanks for the feedback,
Mark.
10:49 p.m.
On 05/26/2011 07:00 AM, Mark McLoughlin wrote:
> I agree with Scott's concerns here on the multiple account per provider
> thing. I don't know the answer either, so for a first pass, perhaps we
> just limit it to 1 account?
We could do this two ways:
- image factory will be passed a set of credentials and, if there are
multiple credentials for a provider, it can just pick the first one
- image factory will push to all the accounts provided and, if there
are multiple accounts, conductor will only return a single account
per provider when queried by the CLI
I'm happy with either, perhaps the former is easier
There's a bit of
subtlety that's missing here now. In the case where
there are multiple provider accounts in a single provider, Conductor
currently assumes that any images mapped to that provider are accessible
by both provider accounts.
For this to work as Conductor currently assumes, if there are two
accounts on one provider, the "push" operation must create a single
provider image (i.e. push with one provider account) and then _share_
this image with the other. In the ec2 case, this means one user must
bundle/register the AMI and then grant access to the other account. I
know you can do this via the AWS Web UI by providing the AWS account ID
of the user you want to grant AMI access to. I'm not sure how this is
done via the API. Nor do I know how other providers handle this.
The other alternative is to update our model and make Provider Images
Account-specific, and then have Factory push a separate image to each
account on a provider.
If the default use case is one account per provider, and we'll only
occasionally have multiple accounts in a provider, the latter solution
is the simplest one -- the only downside is that if there are a bunch of
accounts on one provider, the users will be wasting storage (and
incurring additional storage costs).
The downside of the former solution is the additional modeling/image
logic overhead -- we'll have to keep track of which account owns each
provider image, and in addition which accounts we've shared access with.
The more fundamental downside is we're assuming that all providers
support image sharing across accounts -- we'll need to confirm w/ the DC
API team whether this is a valid assumption.
Scott
8:26 a.m.
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
= Conductor APIs =
Conductor needs APIs to support the following:
...
3) Dump a <provider_credentials/> document encapsulating all
of the
available provider accounts
The latter API would be subject to authentication and access control.
We need to think about the access control rules here.
What users would be allowed to access these credentials?
Users who don't have access to the credentials can't build images for
those providers.
Thoughts?
Cheers,
Mark.
10:50 p.m.
On 05/26/2011 09:26 AM, Mark McLoughlin wrote:
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
> = Conductor APIs =
>
> Conductor needs APIs to support the following:
>
...
> 3) Dump a<provider_credentials/> document encapsulating all of the
> available provider accounts
>
> The latter API would be subject to authentication and access control.
We need to think about the access control rules here.
What users would be allowed to access these credentials?
Users who don't have access to the credentials can't build images for
those providers.
Thoughts?
So yes, this one is more difficult w/ the separation. When it's all
integrated in one app, it's easy enough to say that a user has "push"
access for provider images under a provider account without direct
access to the provider credentials.
Now, however, we're getting credentials from conductor and using them
elsewhere, so without additional security measures in place, we can't
really return credentials for provider accounts unless the calling user
has explicit view access on the provider account. If this restriction
is OK for beta, then the solution is relatively straightforward:
Since these API calls into conductor are essentially an XML
representation of the "index" UI actions for provider_types, providers,
and provider_accounts, respectively, we _already_ have this built into
our permissions model. For whatever user that's making the call (i.e.
whatever Conductor user's credentials that were passed into the CLI), we
filter the full list of provider_types, providers, or provider_accounts
(w/ credentials) based on what objects the user has "view" permission
on. For provider accounts, in particular (the one of greatest concern,
since that's got credentials associated), a user won't have view access
to the provider account unless he is allowed to see the credentials --
ordinary self-service/end users will have no direct rights on a provider
account, even if it's one that their instances are deployed in, since
provider account availability is determined from the "environment"
mappings rather than direct user permissions.
So, in this case the effect is that if a user doesn't have explicit
'view' access on a provider, he can't push there -- however if the user
_does_ have this access, then the user can retrieve the credentials to
the provider account via a direct API call and use them whenever/wherever.
If we want to support a more generous image building facility -- i.e.
grant a user permission to upload images to a provider _without_ also
giving this user permission to retrieve the login credentials to the ec2
account, etc, then we'll have to do something more elaborate. This gets
into another issue that we've discussed briefly regarding API
authentication. Are there cases where we want to authenticate api calls
by the calling application rather than the credentials of the user
submitting it. For example, in the context of condor, should condor be
able to make conductor API calls _as Condor_ rather than as a given
login user -- to be authenticated by some sort of cert rather than via a
user's login/password (which Condor won't have).
I'm not sure how we'd handle this in the CLI case, but we'd need some
way for the builder user to provide login credentials to say "I can
build and push things" and for image factory to somehow obtain the
provider account credentials _without_ the possibility of the CLI user
obtaining them directly. Perhaps the CLI should pass the provider
account ID to Factory and have Image Factory request the credentials
from Conductor?
/me returns to his regularly scheduled PTO...
Scott
Cheers,
Mark.
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
12:30 a.m.
On Thu, 2011-05-26 at 23:50 -0400, Scott Seago wrote:
On 05/26/2011 09:26 AM, Mark McLoughlin wrote:
> On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
>> = Conductor APIs =
>>
>> Conductor needs APIs to support the following:
>>
> ...
>> 3) Dump a<provider_credentials/> document encapsulating all of the
>> available provider accounts
>>
>> The latter API would be subject to authentication and access control.
> We need to think about the access control rules here.
>
> What users would be allowed to access these credentials?
>
> Users who don't have access to the credentials can't build images for
> those providers.
>
> Thoughts?
>
So yes, this one is more difficult w/ the separation. When it's all
integrated in one app, it's easy enough to say that a user has "push"
access for provider images under a provider account without direct
access to the provider credentials.
Now, however, we're getting credentials from conductor and using them
elsewhere, so without additional security measures in place, we can't
really return credentials for provider accounts unless the calling user
has explicit view access on the provider account. If this restriction
is OK for beta, then the solution is relatively straightforward:
Yep, I think we'll have to live with this restriction for the very short
term.
After the next Aeolus release, I think we'll need to add conductor APIs
which self-service users can use to build and push. These would pass
directly through to the image factory APIs. That way the self-service
user doesn't ever get access to the credentials.
Cheers,
Mark.
2:59 p.m.
On 05/24/2011 10:52 AM, Mark McLoughlin wrote:
Hey,
Apologies for another long email, but here's my proposal for how to
proceed with the image building CLI etc.
Cheers,
Mark.
= Terminology =
- Provider - a cloud instance, e.g. a RHEV-M installation or an EC2
region.
- Target/Provider Type - the cloud type, irrespective of the specific
instance e.g. RHEV-M vs EC2.
- Provider Account - a set of user credentials for a specific
provider.
- Provider Image - these are images which have been pushed to, or
imported from, a provider and are available for use by instances.
- Target Image - these are images which have been built for a
specific target and are available to be pushed to multiple
providers.
- Image Build - these are objects which track all target and
provider images built from a template at a certain time, all of
which should be equivalent to each other.
- Image - these are metadata objects which describe the purpose of
the image, the parameters it takes, the set of available builds of
the image and the latest build.
= Overview =
As described previously[1], the short/medium term plan is that Aeolus
will:
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
When you say 'deployable and template description formats' take you to
mean Deplaybale, Assembly and Template formats.
If you don't mean that then we are not in agreement.
- Support launching deployables in conductor simply by allowing
the
user to supply a URL to a deployable description, or choosing a
URL from a list populated by an admin.
- Include a set of command line tools for building images from a
template description. This tools will also allow deployable
authors to list available images available to be referenced in
their deployables.
I would have said.
"This tools will also allow deployable
authors to list available images and assemblies available to be referenced in
their deployables. Templates referenced by the deployable are automatically wrapped by
an assembly."
- Store images and their related metadata in IWHD. Conductor will
use IWHD queries to resolve deployables' image references and
allow users to launch individual images directly.
again, not quite right. The UUID of the assembly is passed, then the
initial boot params from the assmebly and image are combined at boot to
'create' the system.
- Use image factory to build and import images, including the
updating of IWHD metadata about the images.
= IHWD Metadata =
The following IWHD buckets will be used, each one for a different
object type:
images:
- object_type == "image"
- object_body: XML document with image description and parameters,
for deployable authors and simple instance launch from UI
- uuid: UUID
- latest_build: build UUID
builds:
- object_type == "build"
- object_body: empty
- uuid: UUID
- image: UUID of the image object
- parent: UUID of previous build
target_images:
- object_type == "target_image"
- object_body: target specific image, for upload builds; empty for
snapshot builds
- uuid: UUID
- build: UUID of the build object
- icicle: UUID of icicle object
- template: UUID of template object
- target: ec2, rhev-m, etc.
- target_parameters: target specific data stashed here for the push
stage
provider_images:
- object_type == "provider_image"
- object_body: empty
- uuid: UUID
- target_image: UUID of image
- provider: e.g. ec2-us-east-1, rhev-m site
- icicle == "none"
- target_identifier: target specific ID for the image
templates:
- object_type == "template"
- object_body: <template/> document supplied for image build
- uuid: UUID
icicles:
- object_type == "icicle"
- object_body: <icicle/> document
- uuid: UUID
This fairly closely reflects the metadata currently stored by image
factory in IWHD, with the following changes:
- the current "image" type is renamed to "target_type", along with
the bucket and image reference on provider images[2]
- new image and build object types and buckets are introduced
- a build reference is added to the target image type
= Image Factory APIs =
Image factory currently supports building target images and pushing
provider images, along with the appropriate updating of image
warehouse metadata.
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
What are the assumptions around push... we need to support the case
where the images are cached at the resource provider and the case that
we only move the image to the provider when it is going to be
instantiated and then removed once we destroy it. The mail later seems
to imply that the push is a user action, where in reality it needs to be
policy driven.
If the user can push the image how does this affect the policy. I would
not allow user push for rev one, we don't export the ability for the
user to push the images, which means we don't have to unwind a
complicated policy interaction mess later.
Then there is no mention on services in the mail.
The whole discussion around services has been dropped, how do they
relate. I think teh form it is taking but has big wholes.
- Dealing with seting up services. (available, etc)
- Dealing with the the creation of a definition from a re-usbale
template, ala the assembly.
We need another iteration which takes these aspects into consideration.
Mark, do you want to iterate, or would you like me to mark it up more..
Carl.
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds of
an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the provider
images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new image
for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the image
template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image with
a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the target
images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI from
the specified provider
$> aeolus-image delete --image $image_id # deletes all builds,
target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a provider
image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Some other notes:
- The tool will need to authenticate at least against conductor, so
--user/--pass arguments will be needed. We may also want to support
supplying these via environment variables and/or a dotfile.
- The build/push/import commands are long running, so we should
support displaying the progress of the builds and have a
--background parameter for fire-and-forget.
= Footnotes =
[1] - https://fedorahosted.org/pipermail/aeolus-devel/2011-May/001640.html
[2] - to migrate existing data, you can do:
$> cat > update.js <<EOF
db.main.update({ _bucket : "images", object_type : "image" }, {
\$set: { _bucket : "target_images", object_type : "target_image" } },
false, true)
db.main.find({ _bucket : "provider_images", object_type :
"provider_image" }).forEach(function upd(pi) { pi.target_image=pi.image;
db.main.save(pi); })
db.main.update({ _bucket : "provider_images", object_type :
"provider_image" }, { \$unset: { image : 1 } }, false, true)
EOF
$> mongo --port 27018 repo update.js
$> mv _fs/images _fs/provider_images
This clearly only works for IWHD with the fs_autostart, but
should be easy to adjust.
[3] - https://github.com/markmc/image_factory/commits/master
_______________________________________________
aeolus-devel mailing list
aeolus-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/aeolus-devel
4:12 p.m.
[Sorry about the late reply here, I've been a bit slammed by too many
distractions. In know, join the club :-( ]
From: Mark McLoughlin <markmc(a)redhat.com>
Date: Tue, 24 May 2011 15:52:38 +0100
[...]
- Have well documented deployable and template description formats
with plenty of examples. Deployable authors will create these
descriptions manually or with the help of simple command line
tools and store them as they fit (e.g. in their own git repo)
We're missing assemblies here. Oversight?
Per previous discussion, I'm ok with, for rev 1, having an easy way to
make skeletal assemblies. I don't think we should be skipping them.
[...]
In order to allow the CLI to fire-and-forget, we will need to add new
build and push APIs which can handle multiple images at once.
These would look like:
- image(image_id, template, targets[])
+ builds an image for the supplied targets
+ image_id should be ommitted, if a new image is required
+ template and targets may be ommitted if a previous build
exists and the previous template and targets will be used
- push(image_id, providers, credentials)
+ push the image the supplied providers
+ assumes factory can figure out which target image is
appropriate for each provider
+ credentials argument is a <provider_credentials/> document
Also, we'll need to rename image factory's current concept of an image
as a target image. Some initial work on that here[3].
= Conductor APIs =
Conductor needs APIs to support the following:
1) List the available provider types in an XML doc
2) List the available providers in an XML doc
3) Dump a <provider_credentials/> document encapsulating all of the
available provider accounts
The latter API would be subject to authentication and access control.
I believe all those above apis need to be subject to some level of
auth and access control, correct?
= Conductor IWHD Queries =
Conductor has basically two use cases for querying IWHD:
1) As a user, I want to launch a deployable:
2) As a user, I want to launch an instance of an image
For (1), conductor needs to resolve each deployable image reference to
a set of provider images. This can be done with something like:
$> $build_id = curl http://iwhd/$image_id/latest_build
$> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
$> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
For (2), conductor needs to list all images available for launching a
standalone instance and, when the user launches the image, it needs to
list the parameters for the image. Both are easily achieved by
querying the images bucket.
= Image Building CLI =
The image building CLI is used by Aeolus users to build and upload
images from templates. It is also used by deployable authors to list
the available images.
The use cases are:
1) As an image builder or deployable author, I want to list all
images
2) As an image builder or deployable author, I want to list all
builds of an image
3) As an image builder or deployable author, I want to list all the
targets and providers an image has been built for
4) As an image builder, I want to build an image
5) As an image builder, I want to push an image to a provider
6) As an image builder, I want to import an image
7) As an image builder, I want to delete an image
8) As an image builder, I want to delete old versions of an image
9) As an image builder, I want to delete a provider image
10) As an image builder, I want to delete an image
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
It might look like:
$> aeolus-image images # list available
images
$> aeolus-image builds $image_id # list the builds
of an image
$> aeolus-image target-images $build_id # list the target
images from a build
$> aeolus-image provider-images $target_image_id # list the
provider images from a target image
$> aeolus-image build --target ec2 --template my.tmpl # build a new
image for ec2 from the template
$> aeolus-image build --image $image_id # rebuild the
image template and targets from latest build
$> aeolus-image build --target ec2 --target rackspace \ #
--image $image_id \ # rebuild the image
with a new template and set of targets
--template my.tmpl #
$> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the target
image to the specified provider
$> aeolus-image push $build_id # push all target
images for a build, to same providers as previously
$> aeolus-image push --account $provider_account $build_id # ditto, using a
specific provider account
$> aeolus-image push $image_id # push all the
target images for the latest build
$> aeolus-image import --provider ec2-us-east-1 $ami_id # import an AMI
from the specified provider
$> aeolus-image delete --image $image_id # deletes all
builds, target images and provider images
$> aeolus-image delete --build $build_id # deletes a build,
updating latest/parent references as appropriate
$> aeolus-image delete --target-image $target_image # deletes a target
image and its provider images
$> aeolus-image delete --provider-image $provider_image # deletes a
provider image
$> aeolus-image targets # list the values
available for the --target parameter
$> aeolus-image providers # list the values
available for the --provider parameter
$> aeolus-image accounts #
list the values available for the --account parameter
Ok, so I think I get this, but to be very clear, what you're talking
about is a tool (or set of them) which culls information both from
iwhd and from conductor's internal db, right. And maybe in some cases
from kalpana too?
From: Carl Trieloff <cctrieloff(a)redhat.com>
Date: Thu, 26 May 2011 15:59:01 -0400
[...]
> - Support launching deployables in conductor simply by allowing the
> user to supply a URL to a deployable description, or choosing a
> URL from a list populated by an admin.
>
> - Include a set of command line tools for building images from a
> template description. This tools will also allow deployable
> authors to list available images available to be referenced in
> their deployables.
I would have said.
"This tools will also allow deployable
authors to list available images and assemblies available to be referenced in
their deployables. Templates referenced by the deployable are automatically
wrapped by an assembly."
Sure. Though if you're going to auto-generate things like assemblies
from that context, you need to be clear about where they go.
I'd be happy to have the answer be that they get dropped in iwhd, but
since we're proposing to not a-priori store stuff there, the policy
needs to be articulated.
[...]
>
> Also, we'll need to rename image factory's current concept of an image
> as a target image. Some initial work on that here[3].
What are the assumptions around push... we need to support the case
where the images are cached at the resource provider and the case that
we only move the image to the provider when it is going to be
instantiated and then removed once we destroy it. The mail later seems
to imply that the push is a user action, where in reality it needs to be
policy driven.
We *do* have a relatively flexible policy engine in iwhd, which was
meant to be part of that solution. I'm pretty sure nobody's ever used
it other than for testing.
If we can convince ourselves that we don't need the smarter use case,
I think it's ok to leave it all manual. I don't know whether we can
convince ourselves of that for rev1.
If the user can push the image how does this affect the policy. I would
not allow user push for rev one, we don't export the ability for the
user to push the images, which means we don't have to unwind a
complicated policy interaction mess later.
Then there is no mention on services in the mail.
I guess I had assumed that service descriptors were along for the ride
in all the discussion of building images and all the related horsing
around. If that's not the case, I don't think it's an image-build
issue per se, but it has consequences for the rest of the project. I
hope we're not proposing to drop them.
4:20 a.m.
On Thu, 2011-05-26 at 17:12 -0400, John R. Dunning wrote:
[Sorry about the late reply here, I've been a bit slammed by too
many
distractions. In know, join the club :-( ]
> From: Mark McLoughlin <markmc(a)redhat.com>
> Date: Tue, 24 May 2011 15:52:38 +0100
>
[...]
>
> - Have well documented deployable and template description formats
> with plenty of examples. Deployable authors will create these
> descriptions manually or with the help of simple command line
> tools and store them as they fit (e.g. in their own git repo)
We're missing assemblies here. Oversight?
Per previous discussion, I'm ok with, for rev 1, having an easy way to
make skeletal assemblies. I don't think we should be skipping them.
We're considering assemblies to just be part of the deployable format
for now. We can allow them to be externally referenced in future so that
they can be re-used by multiple deployments.
[...]
>
> In order to allow the CLI to fire-and-forget, we will need to add new
> build and push APIs which can handle multiple images at once.
>
> These would look like:
>
> - image(image_id, template, targets[])
> + builds an image for the supplied targets
> + image_id should be ommitted, if a new image is required
> + template and targets may be ommitted if a previous build
> exists and the previous template and targets will be used
>
> - push(image_id, providers, credentials)
> + push the image the supplied providers
> + assumes factory can figure out which target image is
> appropriate for each provider
> + credentials argument is a <provider_credentials/> document
>
> Also, we'll need to rename image factory's current concept of an image
> as a target image. Some initial work on that here[3].
>
> = Conductor APIs =
>
> Conductor needs APIs to support the following:
>
> 1) List the available provider types in an XML doc
> 2) List the available providers in an XML doc
> 3) Dump a <provider_credentials/> document encapsulating all of the
> available provider accounts
>
> The latter API would be subject to authentication and access control.
I believe all those above apis need to be subject to some level of
auth and access control, correct?
We had some debate about this and I think Scott/Jay said the same thing.
It's not clear to me that e.g. the list of provider types supported by
Conductor is something that needs access control, but it's not a big
deal.
> = Conductor IWHD Queries =
>
> Conductor has basically two use cases for querying IWHD:
>
> 1) As a user, I want to launch a deployable:
>
> 2) As a user, I want to launch an instance of an image
>
> For (1), conductor needs to resolve each deployable image reference to
> a set of provider images. This can be done with something like:
>
> $> $build_id = curl http://iwhd/$image_id/latest_build
> $> curl -d '$build=="'$build_id'"'
http://iwhd/target_images/_query
> $> foreach $target_image_id; do curl -d
'$target_image=="'$target_image_id'"'
http://iwhd/provider_images; done
>
> For (2), conductor needs to list all images available for launching a
> standalone instance and, when the user launches the image, it needs to
> list the parameters for the image. Both are easily achieved by
> querying the images bucket.
>
> = Image Building CLI =
>
> The image building CLI is used by Aeolus users to build and upload
> images from templates. It is also used by deployable authors to list
> the available images.
>
> The use cases are:
>
> 1) As an image builder or deployable author, I want to list all
> images
> 2) As an image builder or deployable author, I want to list all
> builds of an image
> 3) As an image builder or deployable author, I want to list all the
> targets and providers an image has been built for
> 4) As an image builder, I want to build an image
> 5) As an image builder, I want to push an image to a provider
> 6) As an image builder, I want to import an image
> 7) As an image builder, I want to delete an image
> 8) As an image builder, I want to delete old versions of an image
> 9) As an image builder, I want to delete a provider image
> 10) As an image builder, I want to delete an image
>
> The tool needs to interact with IWHD for listing, image factory for
> building and conductor for provider/account details.
>
> It might look like:
>
> $> aeolus-image images # list
available images
> $> aeolus-image builds $image_id # list the
builds of an image
> $> aeolus-image target-images $build_id # list the
target images from a build
> $> aeolus-image provider-images $target_image_id # list the
provider images from a target image
> $> aeolus-image build --target ec2 --template my.tmpl # build a new
image for ec2 from the template
> $> aeolus-image build --image $image_id # rebuild the
image template and targets from latest build
> $> aeolus-image build --target ec2 --target rackspace \ #
> --image $image_id \ # rebuild the
image with a new template and set of targets
> --template my.tmpl #
> $> aeolus-image push --provider ec2-us-east-1 $target_image_id # push the
target image to the specified provider
> $> aeolus-image push $build_id # push all
target images for a build, to same providers as previously
> $> aeolus-image push --account $provider_account $build_id # ditto,
using a specific provider account
> $> aeolus-image push $image_id # push all
the target images for the latest build
> $> aeolus-image import --provider ec2-us-east-1 $ami_id # import an
AMI from the specified provider
> $> aeolus-image delete --image $image_id # deletes all
builds, target images and provider images
> $> aeolus-image delete --build $build_id # deletes a
build, updating latest/parent references as appropriate
> $> aeolus-image delete --target-image $target_image # deletes a
target image and its provider images
> $> aeolus-image delete --provider-image $provider_image # deletes a
provider image
> $> aeolus-image targets # list the
values available for the --target parameter
> $> aeolus-image providers # list the
values available for the --provider parameter
> $> aeolus-image accounts #
> list the values available for the --account parameter
Ok, so I think I get this, but to be very clear, what you're talking
about is a tool (or set of them) which culls information both from
iwhd and from conductor's internal db, right.
Yes.
And maybe in some cases from kalpana too?
No, Aeolus doesn't have a dependency on Kalpana. We're expecting Kalpana
to consume similar IWHD and Conductor APIs to the ones the CLI uses.
Cheers,
Mark.
2:26 p.m.
On Tue, 2011-05-24 at 15:52 +0100, Mark McLoughlin wrote:
I have to say, as I ran through this exercise, I began to favor the
separate command approach, especially for the list command. It feels
like less typing for the user, though I could be persuaded either way.
One last thought (and I didn't think it worthwhile to enumerate all the
options to show this one, though I can if requested) - in the 'one
executable per command' scenario, it could make simpler interaction to
have some commands take a sub-command rather than a parameter all the
time (as I did above). I mainly did not do this in the interest of
consistency between commands, but it may be worth considering.
-j
Hey,
<snip>
The tool needs to interact with IWHD for listing, image factory for
building and conductor for provider/account details.
As I was beginning to work on the setup of this script, something
occurred to me. This list of interactions boils down to 5 actual
commands:
* list
* build
* push
* import
* delete
I propose we simplify the below list to simply use these commands, and
either:
A) take some of the existing commands as parameters, or
B) build the above into the command-names, which gets us bash
completion.
I have put the both versions of proposed changes, if any, below the
existing version. One other minor change I would like to propose a short
and long version of all options, also included below for feedback.
It might look like:
$> aeolus-image images # list available
images
A)
$> aeolus-image list --images
$> aeolus-image list -i
B)
$> aeolus-image-list --images
$> aeolus-image-list -i
$> aeolus-image builds $image_id #
list the builds of an image
A)
$> aeolus-image list --builds $image_id
$> aeolus-image list -b $image_id
B)
$> aeolus-image-list --builds $image_id
$> aeolus-image-list -b $image_id
$> aeolus-image target-images $build_id #
list the target images from a build
A)
$> aeolus-image list --targetimages $build_id
$> aeolus-image list -t $build_id
B)
$> aeolus-image-list targetimages $build_id
$> aeolus-image-list t $build_id
$> aeolus-image provider-images $target_image_id #
list the provider images from a target image
A)
$> aeolus-image list --providerimages $target_image_id
$> aeolus-image list -p $target_image_id
B)
$> aeolus-image-list --providerimages $target_image_id
$> aeolus-image list -p $target_image_id
$> aeolus-image build --target ec2 --template my.tmpl #
build a new image for ec2 from the template
A)
$> aeolus-image build -t ec2 -e my.tmpl
B)
$> aeolus-image-build --target ec2 --template my.tmpl
$> aeolus-image-build -t ec2 -e my.tmpl
$> aeolus-image build --image $image_id #
rebuild the image template and targets from latest build
A)
$> aeolus-image build -i $image_id
B)
$> aeolus-image build --image $image_id
$> aeolus-image build -i $image_id
$> aeolus-image build --target ec2 --target rackspace \
#
--image $image_id \ # rebuild the image with
a new template and set of targets
--template my.tmpl #
A)
$> aeolus-image build --target ec2,rackspace \
--image $image_i \
--template my.tmpl
$> aeolus-image build -t ec2,rackspace -i $image_i -a my.tmpl
B)
$> aeolus-image-build --target ec2,rackspace \
--image $image_i \
--template my.tmpl
$> aeolus-image-build -t ec2,rackspace -i $image_i -a my.tmpl
$> aeolus-image push --provider ec2-us-east-1 $target_image_id #
push the target image to the specified provider
A)
$> aeolus-image push --provider ec2-us-east-1 --id $target_image_id
$> aeolus-image push -p ec2-us-east-1 -i $target_image_id
B)
$> aeolus-image-push --provider ec2-us-east-1 --id $target_image_id
$> aeolus-image-push -p ec2-us-east-1 -i $target_image_id
$> aeolus-image push $build_id #
push all target images for a build, to same providers as previously
B)
$> aeolus-image-push $build_id
$> aeolus-image push --account $provider_account $build_id #
ditto, using a specific provider account
A)
$> aeolus-image push --account $provider_account --id $build_id
$> aeolus-image push -a $provider_account -i $build_id
B)
$> aeolus-image-push --account $provider_account --id $build_id
$> aeolus-image-push -a $provider_account -i $build_id
$> aeolus-image push $image_id #
push all the target images for the latest build
B)
$> aeolus-image-push $image_id
$> aeolus-image import --provider ec2-us-east-1 $ami_id #
import an AMI from the specified provider
A)
$> aeolus-image import --provider ec2-us-east-1 --id $ami_id
$> aeolus-image import -p ec2-us-east-1 -i $ami_id
B)
$> aeolus-image-import --provider ec2-us-east-1 $ami_id
$> aeolus-image-import -p ec2-us-east-1 -i $ami_id
$> aeolus-image delete --image $image_id #
deletes all builds, target images and provider images
A)
$> aeolus-image delete -i $image_id
B)
$> aeolus-image-delete --image $image_id
$> aeolus-image-delete -i $image_id
$> aeolus-image delete --build $build_id #
deletes a build, updating latest/parent references as appropriate
A)
$> aeolus-image delete -b $build_id
B)
$> aeolus-image-delete --build $build_id
$> aeolus-image-delete -b $build_id
$> aeolus-image delete --target-image $target_image #
deletes a target image and its provider images
A)
$> aeolus-image delete --targetimage $target_image
$> aeolus-image delete -t $target_image
B)
$> aeolus-image-delete --targetimage $target_image
$> aeolus-image-delete -t $target_image
$> aeolus-image delete --provider-image $provider_image #
deletes a provider image
A)
$> aeolus-image delete --providerimage $provider_image
$> aeolus-image delete -p $provider_image
B)
$> aeolus-image-delete --providerimage $provider_image
$> aeolus-image-delete -p $provider_image
$> aeolus-image targets #
list the values available for the --target parameter
A)
$> aeolus-image list --targets
$> aeolus-image list -g
B)
$> aeolus-image-list --targets
$> aeolus-image-list -g
$> aeolus-image providers #
list the values available for the --provider parameter
A)
$> aeolus-image list --providers
$> aeolus-image list -r
B)
$> aeolus-image-list --providers
$> aeolus-image-list -r
$> aeolus-image accounts
#
list the values available for the --account parameter
A)
$> aeolus-image list --accounts
$> aeolus-image list -a
B)
$> aeolus-image-list --accounts
$> aeolus-image-list -a
4704
days inactive
4718
days old
aeolus-devel@lists.fedorahosted.org
17 comments
7 participants
participants (7)
-
Carl Trieloff -
Ian McLeod -
Jason Guiditta -
Joseph VLcek -
jrd@redhat.com -
Mark McLoughlin -
Scott Seago