Resource Management for the gCube Model
This component is under development.
Role and Responsibilities
Resource Management refers to a set of software components revolving around the Resource Manager service. They are collectively responsible for delivering the following operations:
- creating contexts
- moving, editing, merging, deleting contexts
- managing resources within a context according to the gCube Resource Model.
Contexts and Resources
Some remarks on contexts and resources that affect the Resource Management:
- contexts have an arbitrary hierarchy
- a context can be empty
- a context can have no parent
- a context cannot have two children with the same name
- a resource in a context can be private or shared with other contexts
- resources can join a context from any source context (not only from the parent), if permitted.
RM should manage generic rules on the source/target of resources. For example:
- resources from context C1 can join only context C3
- resources from context C1 cannot join context C2
- resources in context C1 are private
- resources in context C1 can be shared with any other context
...and so on.
Encryption keys for contexts
To evaluate if Resource Management is also responsible for creating/distributing RSA keys to encrypt/decrypt sensitive information in the Facets.
Design requirements
On the interaction with other components
The Resource Management software is expected to deliver its operations by collaborating with the following components:
- Resource Registry and its client libraries to add/remove/edit/merge contexts and their resources. The scope of this interaction is to make the resources discoverable in a new context (or un-discoverable if removed).
- Authorization Framework to create new context tokens
- WHN Manager: to add/remove HostingNodes/EServices from a context. Once a new context is available, the HostingNodes hosting the EServices belonging to the context need to be added to it. The RM has to contact the WHN Manager (docs?) to notify the changes in the context for that node. Requesting to WHN Manager to add an Hosting Nodes or EServices to a context has the following effect:
- Smartgears requests to AuthorizationFramework a new token for the new Context for the HostingNode;
- Smartgears requests to AuthorizationFramework a new token for the new Context for the each EService hosted in the HostingNode.
- Smartgears invokes addToContext of HostingNode to the Resource Registry. Thanks to the propagation constraints also the hosted EServices are added to the new Context
- Smartgears starts to accept requests for the new Context for all hosted EServices.
It is expected that a portlet is built atop the Resource Management (and integrates with its client library) to request the operations.
On the context it operates
Considering that each token is bound to a single context, while the Resource Management needs to work across contexts, the interactions with the Resource Registry have to be trusted because of the caller identity. I.e. the RR allows the Resource Management to do whatever it wants just because of its identity and regardless the context attached to the call. We would need to set up new policies for this authZ.
The service token with the identity of the Resource Manager service is obtained by the local SmartGears lib when the webapp with the service is activated by the container.
On the deployment
- The service has to be stateless. Multiple instances will be deployed behind a HAProxy.
- The service has to be able to manage more than one context (a.k.a. scope). In principle, we will deploy just one set of instances of the service (behind the proxy) to manage the infrastructure context, the VOs, and VREs. However, it should also be possible to deploy one instance for a specific VO.
- A new instance of the service can be added at any time to the set of instances already deployed without manual configuration of the new instance or changes to the configuration of the pre-existing ones.
Architecture
The Resource Management is divided in the following software components:
- Resource Manager service
- A webapp hosted on a wHN that provides the main logic accessible through a RESTful interface
- Resource Manager client
- an abstraction over the JSON-based details of the interaction with the service
- Resource I/O library
- common definitions and utilities shared between the service and the client
Service: Context Interface
Create a Context
POST /resource-manager/context?rrURL=http://host:port/resource-registry
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rrUrl | String | false | The URL of the Resource Registry instance to contact. |
| body of the post request | String | true | The json serialization of the context to create. |
Description
Steps for creating a new context:
- Validation: the new context must be properly framed in the pre-existing context hierarchy. For example:
- its parent context must exist
- there must be no other context with the same name at the same level in the hierarchy.
- Invoke the context method of Resource Registry to create the context.
- Contact the Authorization Service by mean of its client lib to create a new context token.
- Add the token to local node, i.e. the node on which the RM is running automatically joins the new context.
Delete a Context
DELETE /resource-manager/context/{{UUID}}
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| id | String | true | The UUID of the context to delete. |
Description
TBP.
Service: Resource Interface
Add to Context
PUT resource-manager/resource/{{UUID}}
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| UUID | String | true | The UUID of the Virtual Service and/or Software to add. |
| contextID | String | true | The UUID of the context. |
Description
Steps to perform:
- Validation:
- the input context must exist
- Virtual Services and Services must not be already part of the context (unless replication is allowed).
- Add the Virtual Services to the context. To do this, RM contacts the RR to:
- query and navigate the parent context and select the pre-existing (already deployed) Virtual Services to add to the context (is that correct?)
- add the Virtual Services to the context. With a cascade policy on the callFor relation, all the Services related to each Virtual Service are automatically added to the context by the RR
- query and navigate the demands relations and discover the Software required by each Virtual Service (typically not running on SmartGears, e.g. a DBMS). Then add this Software to the context.
- Add the Software received as parameter to the context. To do this, RM contacts the RR to add each Software to the new context. Because this Software does not run on SmartGears, the only operation to do is to make it visible in a context on the IS.
