I'm looking at the following for documentation, by the way, but please let me know if there are additional resources to review:
https://cwiki.apache.org/CLOUDSTACK/storage-subsystem-20.html What I could really use is sequence diagram that starts with a user kicking off a Compute or Disk Offering that's based on a Primary Storage that makes use of a plug-in and how the calls I implement in the plug-in get invoked (in what order). That would be awesome. :) On Mon, Mar 11, 2013 at 1:45 PM, Mike Tutkowski < mike.tutkow...@solidfire.com> wrote: > Looking at this a bit more, I'm thinking DataObject represents the > volume/LUN (for me) and EndPoint is the host? > > Let's use XenServer as an example. > > The user kicks off a Compute Offering that is based on a Primary Storage > that uses my plug-in. > > The createAsync method is invoked and this is where I create my volume/LUN > on the SAN and return an IQN. At this point, I do not have any IQNs in the > Volume Access Group (VAG). Remember that if CHAP is not in use, then IQNs > that want to access this volume need to be in this VAG. If CHAP is in use, > then the credentials exist on the SAN, but have not been placed on any host > yet. > > At what point will the Storage Repository for XenServer be created (and > based on my iSCSI target)? This must happen after createAsync is called > and before grantAccess? > > Perhaps you can clarify this, Edison? > > Thanks! > > > On Mon, Mar 11, 2013 at 1:22 PM, Mike Tutkowski < > mike.tutkow...@solidfire.com> wrote: > >> As an example, in grantAccess, I'm passed in a DataObject. >> >> public interface DataObject { >> >> public long getId(); >> >> public String getUri(); >> >> public DataStore getDataStore(); >> >> public Long getSize(); >> >> public DataObjectType getType(); >> >> public DiskFormat getFormat(); >> >> public String getUuid(); >> >> public void processEvent(ObjectInDataStoreStateMachine.Event event); >> >> } >> >> >> Can you tell me what this object represents in this context? Is it the >> host that wants to access the volume? >> >> Is there somewhere I can go to find out what each of these "get" methods >> returns to me? >> >> Same basic question about the EndPoint interface. >> >> public interface EndPoint { >> >> public long getId(); >> >> public Answer sendMessage(Command cmd); >> >> public void sendMessageAsync(Command cmd, >> AsyncCompletionCallback<Answer> callback); >> >> } >> >> Thanks! >> >> >> On Mon, Mar 11, 2013 at 12:44 PM, Mike Tutkowski < >> mike.tutkow...@solidfire.com> wrote: >> >>> Hi Edison, >>> >>> Thanks for that info. >>> >>> There are two ways this storage system handles ACLs: CHAP credentials >>> or IQNs. >>> >>> If a host has the proper CHAP credentials for the volume in question, we >>> allow access to it. >>> >>> If the host is not using CHAP, then its IQN needs to be in an ACL on the >>> SAN that we call a Volume Access Group (VAG). >>> >>> I'm thinking grantAccess might be the proper place for me to get the IQN >>> of the host that wants to access the volume and put its IQN in the proper >>> VAG so that it can make use of the volume. >>> >>> I'm wondering the following: >>> >>> 1) What do I do if CHAP is in use (it will always be in use for our >>> storage systems running versions lower than 5)? For example, I can create >>> a volume with CHAP credentials when asked to do so, but how do I get these >>> CHAP credentials to the host that wants to access the volume? >>> >>> 2) If CHAP is not in use (it doesn't have to be used for our storage >>> systems at version 5 or later), how do I get the IQN of the host that wants >>> to access the volume in question? If I have this IQN, I can simply add it >>> to the VAG for the volume. >>> >>> >>> On Mon, Mar 11, 2013 at 11:34 AM, Edison Su <edison...@citrix.com>wrote: >>> >>>> You can think grantaccess and revokeaccess API are the hookup >>>> interfaces to your storage plugin. Every time, when cloudstack mgt server >>>> wants to access the LUN, it will call grantaccess to get the information >>>> about the LUN, then send down the information to hypervisor host.**** >>>> >>>> The information returned by grantaccess API, and what you actually do >>>> inside this API, are up to the implementation. You can do nothing inside >>>> grantaccess api, but just returns a SR UUID.**** >>>> >>>> Regarding to CHAP credentials, it’s not really related to grantaccess >>>> api. Could you tell me, how the CHAP is used in your storage box? **** >>>> >>>> ** ** >>>> >>>> *From:* Mike Tutkowski [mailto:mike.tutkow...@solidfire.com] >>>> *Sent:* Sunday, March 10, 2013 9:28 PM >>>> *To:* cloudstack-dev@incubator.apache.org >>>> *Cc:* Edison Su >>>> *Subject:* Re: Storage Subsystem 2.0 Questions**** >>>> >>>> ** ** >>>> >>>> Hey Edison,**** >>>> >>>> ** ** >>>> >>>> Thanks for that info.**** >>>> >>>> ** ** >>>> >>>> When grantAccess and revokeAccess are invoked, do I have access to the >>>> IQN of the host in question? What about if that host is using CHAP >>>> credentials? Where do those come into play?**** >>>> >>>> ** ** >>>> >>>> Thanks!**** >>>> >>>> ** ** >>>> >>>> On Thu, Mar 7, 2013 at 8:29 PM, Mike Tutkowski < >>>> mike.tutkow...@solidfire.com> wrote:**** >>>> >>>> Hey Edison,**** >>>> >>>> ** ** >>>> >>>> Thanks for that info.**** >>>> >>>> ** ** >>>> >>>> When grantAccess and revokeAccess are invoked, do I have access to the >>>> IQN of the host in question? What about if that host is using CHAP >>>> credentials? Where do those come into play?**** >>>> >>>> ** ** >>>> >>>> Thanks!**** >>>> >>>> ** ** >>>> >>>> On Thu, Mar 7, 2013 at 5:36 PM, Edison Su <edison...@citrix.com> wrote: >>>> **** >>>> >>>> >>>> >>>> > -----Original Message----- >>>> > From: Mike Tutkowski [mailto:mike.tutkow...@solidfire.com] >>>> > Sent: Monday, March 04, 2013 9:22 PM >>>> > To: cloudstack-dev@incubator.apache.org >>>> > Subject: Storage Subsystem 2.0 Questions >>>> >**** >>>> >>>> > Hi, >>>> > >>>> > I'm working on implementing a storage plug-in for CS 4.2. >>>> > >>>> > I'm looking at the following Wiki page for guidance, but have some >>>> > questions: >>>> > >>>> > https://cwiki.apache.org/CLOUDSTACK/storage-subsystem-20.html >>>> > >>>> > One interface that needs to be implemented is PrimaryDataStoreDriver. >>>> I'm >>>> > not sure what is expected for all of the following methods: >>>> > >>>> > * grantAccess: It looks like this is called in an attempt to confirm >>>> that the host >>>> > which desires access to the volume in question is allowed to do so. >>>> I suspect >>>> > this is where CHAP credentials might be provided? In my situation, >>>> there are >>>> > a couple ways I'd like to restrict access: 1) CHAP or >>>> > 2) allow a subset of IQNs to access the volume in question. Is this >>>> kind of >>>> > information provided to me here? Do I simply return the IQN of the >>>> volume >>>> > as a successful response from this method? What if the access sent >>>> is not >>>> > sufficient? How do I deny access?**** >>>> >>>> In the original design, it has two purposes: >>>> 1. Make the volume accessible to a storage client(e.g. a hypervisor >>>> host who wants to access this volume). If the storage box has its ACL, it's >>>> the place to enforce this kind of ACL. How to implement it, it's up to >>>> device vendor. For example, when creating a volume, I make it inaccessible >>>> to anybody, later on, when cloudstack selects an hypervisor host to access >>>> this volume(e.g attach the volume to VM created on this hypervisor host), >>>> cloudstack will call this API to make the volume accessible to this >>>> hypervisor host. >>>> It's not exactly the same as CHAP credentials. Per my understanding, >>>> CHAP credential is an access token, it already implies, anybody who has >>>> this credential, can access this volume. You can think this API as the way >>>> to generate this token. >>>> 2. Return a string to represent the volume, either an IQN, or uuid, or >>>> IQN + CHAP credentials, or an URI, etc, cloudstack will send down the >>>> string to hypervisor host, in order to access the volume.**** >>>> >>>> >>>> > >>>> > * revokeAccess: I don't really understand when this method would be >>>> called >>>> > or why. Perhaps I can simply implement it to return true (or false)? >>>> In my >>>> > situation, when a volume is dynamically created for a hypervisor of a >>>> cluster, >>>> > I'd want to allow access to it from all hosts in the app cluster in >>>> question. >>>> > Maybe this method is called before the volume is deleted or something? >>>> **** >>>> >>>> It's the reverse step as grantaccess. Whatever you did in grantaccess >>>> should be reversed in this API.**** >>>> >>>> >>>> > >>>> > * listObjects: I don't really understand when this method would be >>>> called or >>>> > why. >>>> >>>> **** >>>> >>>> This is the API to list existing volumes on the storage box. The usage >>>> case will be able to import existing volumes/templates into cloudstack, if >>>> the DB is wiped out. >>>> You can don't implement it as nobody uses it yet.**** >>>> >>>> >>>> > >>>> > * createAsync: I believe this is where I place my code to create a >>>> volume >>>> > (LUN) on our SAN. >>>> > >>>> > * deleteAsync: I believe this is where I place my code to delete a >>>> volume >>>> > (LUN) on our SAN. >>>> > >>>> > Thanks for any guidance here! >>>> > >>>> > --**** >>>> >>>> > *Mike Tutkowski* >>>> > *Senior CloudStack Developer, SolidFire Inc.***** >>>> >>>> > e: mike.tutkow...@solidfire.com >>>> > o: 303.746.7302 >>>> > Advancing the way the world uses the**** >>>> >>>> > cloud<http://solidfire.com/solution/overview/?video=play> >>>> > *(tm)***** >>>> >>>> >>>> >>>> **** >>>> >>>> ** ** >>>> >>>> -- >>>> *Mike Tutkowski***** >>>> >>>> *Senior CloudStack Developer, SolidFire Inc.***** >>>> >>>> e: mike.tutkow...@solidfire.com**** >>>> >>>> o: 303.746.7302**** >>>> >>>> Advancing the way the world uses the >>>> cloud<http://solidfire.com/solution/overview/?video=play> >>>> *™***** >>>> >>>> >>>> >>>> **** >>>> >>>> ** ** >>>> >>>> -- >>>> *Mike Tutkowski***** >>>> >>>> *Senior CloudStack Developer, SolidFire Inc.***** >>>> >>>> e: mike.tutkow...@solidfire.com**** >>>> >>>> o: 303.746.7302**** >>>> >>>> Advancing the way the world uses the >>>> cloud<http://solidfire.com/solution/overview/?video=play> >>>> *™***** >>>> >>> >>> >>> >>> -- >>> *Mike Tutkowski* >>> *Senior CloudStack Developer, SolidFire Inc.* >>> e: mike.tutkow...@solidfire.com >>> o: 303.746.7302 >>> Advancing the way the world uses the >>> cloud<http://solidfire.com/solution/overview/?video=play> >>> *™* >>> >> >> >> >> -- >> *Mike Tutkowski* >> *Senior CloudStack Developer, SolidFire Inc.* >> e: mike.tutkow...@solidfire.com >> o: 303.746.7302 >> Advancing the way the world uses the >> cloud<http://solidfire.com/solution/overview/?video=play> >> *™* >> > > > > -- > *Mike Tutkowski* > *Senior CloudStack Developer, SolidFire Inc.* > e: mike.tutkow...@solidfire.com > o: 303.746.7302 > Advancing the way the world uses the > cloud<http://solidfire.com/solution/overview/?video=play> > *™* > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud<http://solidfire.com/solution/overview/?video=play> *™*
