You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by bu...@apache.org on 2012/12/19 20:12:56 UTC
svn commit: r843138 - in /websites/staging/vcl/trunk/content: ./
docs/authorization/ docs/authorization/administrationconcepts.html
Author: buildbot
Date: Wed Dec 19 19:12:56 2012
New Revision: 843138
Log:
Staging update by buildbot for vcl
Added:
websites/staging/vcl/trunk/content/docs/authorization/
websites/staging/vcl/trunk/content/docs/authorization/administrationconcepts.html
Modified:
websites/staging/vcl/trunk/content/ (props changed)
Propchange: websites/staging/vcl/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Dec 19 19:12:56 2012
@@ -1 +1 @@
-1424034
+1424038
Added: websites/staging/vcl/trunk/content/docs/authorization/administrationconcepts.html
==============================================================================
--- websites/staging/vcl/trunk/content/docs/authorization/administrationconcepts.html (added)
+++ websites/staging/vcl/trunk/content/docs/authorization/administrationconcepts.html Wed Dec 19 19:12:56 2012
@@ -0,0 +1,234 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <link href="/css/vcl.css" rel="stylesheet" type="text/css">
+ <link href="/css/code.css" rel="stylesheet" type="text/css">
+ <title>Apache VCL - Administration Concepts</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body>
+ <div id="sitetitle">
+ <table width="100%" border="0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td><a href="/index.html"><img src="/img/vcl-logo.png" height="100" align="left" alt="Apache VCL logo"></a></td>
+ <td><a href="http://www.apache.org"><img src="/img/asf-logo.png" align="right" alt="Apache Software Foundation logo"></a></td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="navigation">
+ <ul>
+<li>Information<ul>
+<li><a href="/info/about.html">What is VCL?</a></li>
+<li><a href="/info/features.html">Features</a></li>
+<li><a href="/info/architecture.html">Architecture</a></li>
+<li><a href="/info/use-cases.html">Use Cases</a></li>
+<li><a href="/downloads/download.cgi">Download</a></li>
+<li><a href="http://www.apache.org/licenses/LICENSE-2.0.html">License</a></li>
+<li><a href="/info/faq.html">FAQ</a></li>
+</ul>
+</li>
+<li><a href="/docs/index.html">Documentation</a><ul>
+<li><a href="/docs/using-vcl.html">Using VCL</a></li>
+<li><a href="/docs/image-creation.html">Image Creation</a></li>
+<li><a href="/docs/administration.html">Administration</a></li>
+<li><a href="/docs/installation.html">Installation</a></li>
+<li><a href="/docs/deployment-planning.html">Deployment Planning</a></li>
+</ul>
+</li>
+<li><a href="/comm/index.html">Community</a><ul>
+<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li>
+<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li>
+<li><a href="/comm/index.html#how-do-i-join-the-project">How can I Join</a></li>
+<li><a href="/comm/wiki.html">Wiki</a></li>
+<li><a href="/dev/index.html">Development</a><ul>
+<li><a href="/dev/jira.html">Issue Tracking</a></li>
+<li><a href="/dev/code-documentation.html">Code Documentation</a></li>
+<li><a href="/dev/roadmap.html">Roadmap</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="http://www.apache.org">Apache Software Foundation</a><ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+</li>
+</ul>
+ </div>
+
+ <div id="content">
+ <h1 class="title">Administration Concepts</h1>
+ <p>There are several concepts you need to understand when administering VCL.</p>
+<div class="toc">
+<ul>
+<li><a href="#resources">Resources</a><ul>
+<li><a href="#imagesenvironments">Images/Environments</a></li>
+<li><a href="#computers">Computers</a></li>
+<li><a href="#schedules">Schedules</a></li>
+</ul>
+</li>
+<li><a href="#groups">Groups</a><ul>
+<li><a href="#user-groups">User Groups</a></li>
+<li><a href="#resource-groups">Resource Groups</a></li>
+</ul>
+</li>
+<li><a href="#resource-management">Resource Management</a><ul>
+<li><a href="#resource-grouping">Resource Grouping</a></li>
+<li><a href="#resource-mapping">Resource Mapping</a></li>
+</ul>
+</li>
+<li><a href="#privileges">Privileges</a><ul>
+<li><a href="#user-permissions">User Permissions</a></li>
+<li><a href="#resource-attributes">Resource Attributes</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<h1 id="resources">Resources</h1>
+<p>VCL manages sets of resources. There are four types of resources: images, computers,
+management nodes, and schedules. Each of these resources types are described below.</p>
+<h2 id="imagesenvironments">Images/Environments</h2>
+<p>An image is a collection of software that is installed on an operating system. For the
+most part, these images can be deployed, used, modified, and saved (captured). However,
+there are some cases where only some of the operations could be proformed on an image.
+For example, an image could exist that could be deployed and used, but not saved, or
+another image may exist that can have access to it brokered by VCL, but it cannot be
+deployed or saved. VCL provides a way to assign other images to be "subimages" of an
+image to create an environment (or cluster). Images can be designed to run directly on
+a computer (bare metal) or under a hypervisor (virtualized images). Currently, VCL
+uses xCAT as the provisioning engine to manage bare metal images. Various versions of
+VMWare can be used to provision virtualized images. The VCL backend code (vcld) is
+sturctured in a modularized way such that it is easy to add support for other
+provisioning technologies. We plan on adding support for other hypervisor technologies
+in the near future.</p>
+<h2 id="computers">Computers</h2>
+<p>Images are deployed on to computers. VCL needs to know about all of the computers it
+will be managing. Entries for both physical computers and Virtual Machines (some people
+call these "slots") need to be created in VCL for it to be able to manage them.
+Management Nodes</p>
+<p>Management nodes run the VCL backend code (vcld) that is responsible for deploying
+images to computers when users make reservations for images. Each management node can
+manage a mix of physical and virtual computers.</p>
+<h2 id="schedules">Schedules</h2>
+<p>Each computer must have a schedule associated with it. Schedules provide a way to
+define what times during a week a computer is available through VCL. This allows for
+computers to be managed by another system during certain parts of a week. For example,
+computers in a traditional university computing lab may be available through VCL when
+the lab is physically closed, but you wouldn't want to be assigning remote users to
+those computers when the lab is open.</p>
+<h1 id="groups">Groups</h1>
+<p>Users and resources are placed into groups to make management of them easier.</p>
+<h2 id="user-groups">User Groups</h2>
+<p>There are two types of user groups in VCL: those whose membership is manually managed
+through the web frontend or XML RPC API, and those whose membership is automatically
+managed by mirroring user groups in an LDAP system. Each user group has certain attributes
+associated with it. There are various places within VCL that user groups can be used,
+with the primary place being granting access to resources in the privilege tree.</p>
+<h2 id="resource-groups">Resource Groups</h2>
+<p>Each resource group has a type associated with it which can be one of image, computer,
+management node, or schedule. The resource groups are used to grant users access to
+resources and also to allow VCL to know which resources can be used in relation to other
+resources. One example of this is to configure which images can be deployed to which
+computers. Another example is which management nodes can manage which computers.</p>
+<h1 id="resource-management">Resource Management</h1>
+<p>VCL needs to know how resources related to one another. This is done by adding the
+resources to a resource group, and then mapping one type of resource group to another.</p>
+<h2 id="resource-grouping">Resource Grouping</h2>
+<p>Resource groups can contain any number of resources. Each resource group has a resource
+type associated with it. Only resources matching that type can be added to the group.
+Also, it is important to note that when working with computers, physical and virtual
+computers should not be combined into the same group which could result in VCL trying
+to assign a physical image to a virtual computer or vice versa. Some upcoming changes
+to the code will remove this restriction, but for now, keep this restriction in mind
+while grouping computers.</p>
+<h2 id="resource-mapping">Resource Mapping</h2>
+<p>After you have grouped your resources, you need to map them together. Image groups are
+mapped to computer groups, and management node groups are mapped to computer groups.
+Schedule groups are not mapped to anything (instead, every computer is directly assigned
+a schedule).</p>
+<p>Any image in an image group can be run on any computer in a computer group to which
+it is mapped (provided a user has sufficient privileges to do so). There are a few
+things this allows you to do. If you have incompatible hardware, you would create
+separate computer groups for each type. Then, you would have image groups corresponding
+to each type so that you don't end up with VCL trying to deploy images from one type
+of hardware to an incompatible type of hardware. Another thing you can do with the
+mapping is to partition off parts of your hardware. For example, if you had a set of
+users purchase their own hardware to be managed by VCL, you could map only their image
+groups to their computer groups.</p>
+<h1 id="privileges">Privileges</h1>
+<p>Users are granted access to parts of the VCL web site and to resources through the
+Privilege tree. User permissions and resource attributes can both be cascaded down
+from one node to all of its children. Additionally, cascaded user permissions and
+resource attributes can be blocked at a node so that they do not cascade down to that
+node or any of its children.</p>
+<h2 id="user-permissions">User Permissions</h2>
+<p>There are nine user permissions that can be granted to users. They can be granted
+to users directly or to user groups.</p>
+<ul>
+<li><strong>computerAdmin</strong> - allows users to do administrative tasks with computers in computer
+groups with administer or manageGroup granted at the same node</li>
+<li><strong>groupAdmin</strong> - grants users access to the Manage Groups portion of the site</li>
+<li><strong>imageAdmin</strong> - allows users to do administrative tasks with images in image groups
+with administer or manageGroup granted at the same node</li>
+<li><strong>imageCheckOut</strong> - allows users to make reservations for images in image groups with
+available granted at the same node</li>
+<li><strong>mgmtNodeAdmin</strong> - allows users to do administrative tasks with management nodes in
+management node groups with administer or manageGroup granted at the same node</li>
+<li><strong>nodeAdmin</strong> - allows users to add and delete child nodes at the specified node</li>
+<li><strong>resourceGrant</strong> - grants users access to control what resource attributes are assigned
+at the same node</li>
+<li><strong>scheduleAdmin</strong> - allows users to do administrative tasks with schedules in schedule
+groups with administer or manageGroup granted at the same node</li>
+<li><strong>userGrant</strong> - grants users access to control what user permissions are assigned at
+the same node</li>
+</ul>
+<h2 id="resource-attributes">Resource Attributes</h2>
+<p>There are three resource attributes that can be assigned to a resource group at any
+node in the privilege tree.</p>
+<ul>
+<li><strong>available</strong> - makes resources in the group available at the node - this is only
+has meaning for image groups and computer groups and relates to the imageCheckOut
+and imageAdmin user permissions</li>
+<li><strong>administer</strong> - makes the resources in the group available to be administered by
+users with the appropriate user permissions at the same node (i.e. imageAdmin for
+image groups, computerAdmin for computer groups, etc)</li>
+<li><strong>manageGroup</strong> - makes the resources in the group available to have their grouping
+controlled by users with the appropriate user permissions at the same node</li>
+<li><strong>manageMapping</strong> - makes the resources in the group available to have their mapping
+controlled by users with the appropriate user permissions at the same node</li>
+</ul>
+ </div>
+
+ <div id="footer">
+ <div class="copyright">
+ <p>
+ Copyright © 2012 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ <br />
+ Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div>
+
+</body>
+</html>