3.0 CloudStack Project Feature
3.0 CloudStack Project Feature
July 22, 2011
© 2011 Cloud.com, Inc. All rights reserved.
1
3.0 CloudStack Project Feature
© 2011 Cloud.com, Inc. All rights reserved. Specifications are subject to change without notice. The Cloud.com logo, Cloud.com,
CloudStack, Hypervisor Attached Storage, HAS, Hypervisor Aware Network, HAN, and VMSync are trademarks or registered
trademarks of Cloud.com, Inc. All other brands or products are trademarks or registered trademarks of their respective holders.
© 2011 Cloud.com, Inc. All rights reserved.
2
3.0 CloudStack Project Feature
Contents
Introduction ............................................................................................................................................................................................... 4
1.1
1.1.1
2
Project Management ................................................................................................................................................................ 4
Network Affinity ................................................................................................................................................................... 6
1.2
Project View ............................................................................................................................................................................. 6
1.3
Project Limits ............................................................................................................................................................................ 8
1.4
Project Usage............................................................................................................................................................................ 8
Functional Specification ..................................................................................................................................................................... 9
2.1
Project’s life cycle ..................................................................................................................................................................... 9
2.1.1 Create project ............................................................................................................................................................................... 9
2.1.2 Modify project .............................................................................................................................................................................. 9
2.1.3 List project and its properties ..................................................................................................................................................... 10
2.1.4 Project removal ........................................................................................................................................................................... 10
2.2
2.2.1
Project users management..................................................................................................................................................... 11
User roles ........................................................................................................................................................................... 11
2.2.2 Invitation process ........................................................................................................................................................................ 11
2.2.3 Un-assign account from the project ........................................................................................................................................... 12
2.3 Resource creation within the project............................................................................................................................................. 12
2.4 Usage/Events/Alerts ...................................................................................................................................................................... 12
2.5 Security .......................................................................................................................................................................................... 12
© 2011 Cloud.com, Inc. All rights reserved.
3
3.0 CloudStack Project Feature
Introduction
The 3.0 CloudStack™ Project introduces the concept of allowing users to now collaborate and share virtual resources as a group to
allowing project admins to monitor usage as well as setting guidelines and limits to resource consumption. The highlights of the
feature include:




Project Management – A brand new set of API and UI to support the management of the project including the lifecycle
management of projects users, network affinity, and resource limits
Project View – The CloudStack User Interface has been enhanced to allow users to quickly switch their “view” to a project
view to efficiently manage all their resources in the context of a project.
Project Limits – CloudStack administrators can manage the resource limits of each project that has been created.
Project Usage – All usage for resources are reported for the project and the project owner.
1.1 Project Management
The ability to create projects can be globally configured to allow regular user accounts to create a project or only allow admins to do
so. Once created, the project owner can now invite additional accounts to join the project. Project invites can be accepted or
denied.
All project users are assigned a role once they join. The default role is the Project User. However they can later be promoted.
Project roles are now defined as the following:



Project Owner – There is only at most one owner per project. The project owner has all the abilities of a project admin and
the additional capability to destroy the project, add/remove user accounts, promote/demote user accounts, and set
network affinity.
Project Admin – One or more accounts can be designated as project admins. A project admin has the capability to view and
manage all virtual resources created within a project.
Project User – One or more accounts can be designated as a project user. A project user has the ability to manage only the
resources they have created within a project. Project users can also manage network elements such as Port Forwarding or
Load Balancer rules that belong to the project.
The following are some sample screens of what the 3.0 User Interface will have to support Projects in terms of Project creations and
user management.
Project Creation Page
© 2011 Cloud.com, Inc. All rights reserved.
4
3.0 CloudStack Project Feature
Project User Management
© 2011 Cloud.com, Inc. All rights reserved.
5
3.0 CloudStack Project Feature
1.1.1 Network Affinity
In 3.0, Cloudstack will only support allowing a Project Owner to assign a virtual network to the project. A virtual network will allow
Cloudstack to isolate all network traffic between projects and to include network features such as port forwarding, load balancing,
virtual private network (VPN), and allowing static NAT rules. Future network support will be added in subsequent Cloudstack
releases.
1.2 Project View
To support easier project resource management in 3.0, the CloudStack User Interface will allow all users to change their “views”.
Once changed, the user is then presented with only the resources that belong to the view. This allows for easier management and
tracking of resources belonging to multiple projects.
Project View Selection
© 2011 Cloud.com, Inc. All rights reserved.
6
3.0 CloudStack Project Feature
The project selection page shows how a user is presented a list of projects to “view” into. Once selected, they will be presented a
dashboard of the project summary details.
Project View
Once the user is within a project view, the UI will be shown similarly to the default view with the addition of background colors to
indicate that the user is now in a project view. Notice the lighter blue title highlights on the following screenshot. Users will also be
able to select a different “view” or to go back to their default view as shown on the upper right portion of the screenshot. The
following screenshots shows what a default project dashboard could look like. For example, it shows a summary of virtual machines,
storage, network traffic, network elements, events, and users of the projects.
© 2011 Cloud.com, Inc. All rights reserved.
7
3.0 CloudStack Project Feature
1.3 Project Limits
Once projects are created, they will inherit a default set of resource limits as configured by the CloudStack ROOT admin. These
limits can be reduced by the Project Owner of each project. Limits include but are not limited to number of virtual instances, disk
volumes, snapshots, IP address, etc.
1.4 Project Usage
All virtual resource consumption is now reported as being owned by the original account creator as well as the project. This allows
flexibility in billing engines to decide whether to bill/report usage under a user account or under a particular project.
© 2011 Cloud.com, Inc. All rights reserved.
8
3.0 CloudStack Project Feature
2
Functional Specification
2.1 Project’s life cycle
This section of the document explains project life cycle – from creation to removal – and presents new APIs used for this purpose.
2.1.1 Create project
To create project, use createProject API. This call is always available to cloudStack Root/Domain admin and available to cloudStack
regular user only when global configuration parameter “allow.user.project.creation” is set to true.
createProject parameters:




zoneId (required) - zone the project belongs to (the project can't belong to more than one zone)
owner (required) - the owner of the project
name (required) – the name of the project, should be unique per cloudstack
displayText (required) - display text of the project.
Project's resource limits (# of snapshots, volumes, virtual machines, etc.)- are being set automatically and defaulted to values
defaulted by global configuration.
The same has to be implemented for project's resource pool (CPU/RAM)
Resource limits for the project are independent of account/domain resource limits
2.1.2 Modify project
To modify displayText or change the project owner, use new modifyProject API. Can be called only by the project owner and
cloudStack domain/Root admin:
modifyProject parameters:



displayText (optional) - new display text of the project
newOwner (optional) - new owner of the project.
To change project's resource limit, existing API updateResourceLimit has to be used. New parameter "projectId" will be added to
this call.
© 2011 Cloud.com, Inc. All rights reserved.
9
3.0 CloudStack Project Feature
2.1.3 List project and its properties
New API listProjects displays the project and all users that belong to it.
listProjects parameters:




Name (optional)
dispalyText (optional)
owner (optional)
zoneId (optional)
Existing API "listResourceLimits" with projectId parameter will list project's resource limits
2.1.4 Project removal
Project removal can be done in 2 following ways:


Using new API "deleteProject" - deletes the project and cleans up all the resources belonging to the project
As a part of deleteDomain call - deletes all the projects belonging to the domain
© 2011 Cloud.com, Inc. All rights reserved.
10
3.0 CloudStack Project Feature
2.2 Project users management
This section reviews users’ management process within the project.
2.2.1 User roles



Project owner - can invite/remove users; change the project ownership; manage other users' resources within the project
Project admin - can manage other users' resources within the project
Project regular user - can manage only his own resources within the project
Every project member can always list all the resources belonging to the project
Account can own multiple projects
Account can belong to multiple projects
Limitations:


No cross domain projects; 2 accounts from different domains can't join the same project.
As long as the project exists, its owner can't be removed. If deleteAccount called for the project owner, error message
saying "The account manages project(s) <name(s)> and can't be removed" would be thrown. Only after the 1) the
ownership of the project changes or 2) the project(s) are removed, the account can be removed.
2.2.2 Invitation process
New global configuration parameter "project.invite.required" defines the invitation process flow.

"project.invite.required" = false:
-

"addAccountToProject" API automatically assigns account to the project
"project.invite.required" = true:
-
"addAccountToProject" API adds account to the project with "pending" flag set to true. While pending is true, the
invitee can't see projects resources unless he confirms the invitation with joinProject API call - see next.
-
"joinProject" API sets "pending" flag to false, and joinee account can create/list resources within the project.
addAccountToProject API parameters:


projectId (required)
accountId (required)
joinProject API parameters:


projectId (required)
accountId (required)
© 2011 Cloud.com, Inc. All rights reserved.
11
3.0 CloudStack Project Feature
2.2.3 Un-assign account from the project
For removing account from the project, use removeAccountFromProject API.
removeAccountFromProject API parameters:


projectId (required)
accountId (required)
IMPORTANT: After the account is removed from the project, all his resources stay with the project.
2.3 Resource creation within the project
Following resources can be created within the project scope:








network - available for the project in Advanced zone only. Allow to create only one network per Project, and it should be
Guest Virtual network
virtualMachine
volume
template
snapshot
ipAddress
PF/LB/VPN rules
Security groups in Basic zone
2.4 Usage/Events/Alerts
Project id information will be added to following objects and corresponding APIs:



Usage events
Action events
Alerts
2.5 Security
Added new checker - Project checker - in addition to account/domain permission checkers; exercise it for every list* API command.
© 2011 Cloud.com, Inc. All rights reserved.
12