#OpenStack CVRM README
CVRM is an Attribute-based Constraint Specification and Enfrocement mechanism for virtual resource orchestration in OpenStack. The project is built on DevStack and is in beta stage. The master branch is in version 0.20. It provides REST API to specify mandatory constaints for attaching storages to virtual machines.
#Build
CVRM is developed in OpenStack Icehouse (However, it can easily incorporate to later versions(Kilo or Juno).
###The build process is as follows:
- Get it from git
git clone https://github.com/kbijon/OpenStack-CVRM.git
- Rename the directory to stack:
mv -r OpenStack-CVRM stack
- Move the directory to /opt
mv -r stack /opt/
- Get into the devstack in side stack
cd /opt/stack/devstack
- Run stach.sh
./stack.sh
- Create necessary tables in MySQL to store attributes and constraints
cd /opt/stack/mysql-script
./create_nova_tables
./create_cinder_tables
#Usage
It provides APIs for managing attributes and their values and for assigning the attributes to VM and Storages.
###The VM attributes APIs:
- Create an attribute
nova att-create --name <attribute-name>
- Delete an attribute
nova att-delete --name <attribute-name>
- List attributes
nova att-list
- Create an attribute value
nova att-value-set --name <attribute-name> --value <attribute-value>
- Delete an attribute value
nova att-value-delete --name <attribute-name> --value <attribute-value>
- List values of an attribute
nova att-value-list --name <attribute-name>
###The storage attributes APIs:
- Create an attribute
cinder att-create --name <attribute-name>
- Delete an attribute
cinder att-delete --name <attribute-name>
- List attributes
cinder att-list
- Create an attribute value
cinder att-value-set --name <attribute-name> --value <attribute-value>
- Delete an attribute value
cinder att-value-delete --name <attribute-name> --value <attribute-value>
- List values of an attribute
cinder att-value-list --name <attribute-name>
- Specify a new Constraint
nova policy-add --name <policy-name> --expression <policy-expression>
Policies are generated by the following grammer:
<Stmt>:= <Stmt> <connector><Stmt> | (<rule>)
<rule>:= <Token> | <Token>
<Token>:= (<Token> <connector> <Token>)|(<Term>)
<Term>:= <Attribute>(<resource>) <comperator> <Scope>
<Attribute>::= <letter> | <digit> | <Attribute>
<Scope>::= <letter> | <digit> <Scope>
<connector>::= ^ | V
<comparator>::= | !=
<Cls>::= c1 | c2 | ... | cn
<resoruce> ::= vr1 | vr
<digit>::= 0|1|2|. . . |8|9
<letter>::= a|b|. . . |y|z|A|B|. . . |Y|Z
Here, policy name is specific to an operation in OpenStack.
For this beta version, we only consider policy name vm-storage attachment
and
this constraint will be enforced when a VM will be attached to a storage.
For more details please read the research papper[1].
- Delete a constraint
nova policy-delete <policy>
- List a constraint
nova policy-list
Attributes values assigned to VM and Storage as meta-data in the form of key:value pairs.
CVRM enforces the specified constraint whenever a volume is attached to a VM. For detail usecase, please read the following research paper.
#References
Please refer to/cite the following paper.
- Virtual Resource Orchestration Constraints in Cloud Infrastructure as a Service, Khalid Bijon, Ram Krishnan, and Ravi Sandhu.In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY), March 2-4, 2015, San Antonio, Texas, pages 183-194.