stoney cloud: OpenLDAP directory data organisation

From stoney-cloud.org
Jump to navigation Jump to search

Abstract

This document describes the stoney cloud (OpenStack) relevant OpenLDAP directory data organisation.

Introduction

This document describes the OpenLDAP directory data organisation for the stoney cloud service.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the stoney cloud service.

IaaS (Infrastructure as a Service)

The subtree ou=openstack,ou=service,dc=stoney-cloud,dc=org contains all the OpenStack based stoney cloud service data. The following LDIF shows the iaas entry for the stoney cloud service: 

dn: ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: openstack

Configuration

dn: ou=configuration,ou=openstack,ou=services,dc=stoney-cloud,dc=org 
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the OpenStack based stoney cloud service.

Configuration (resellers)

dn: ou=reseller,ou=configuration,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific configuration of the OpenStack based stoney cloud service.

Domains (resellers)

dn: ou=domains,ou=openstack,ou=services,dc=stoney-cloud,dc=org 
objectclass: top
objectclass: organizationalUnit
ou: domains
description: The sub tree for the domains (resellers) of the OpenStack based stoney cloud service.

Domain (OpenStack Default Domain) example

This is a very special domain and is created during the bootstrapping phase of the OpenStack installation. Therefore we never provision this domain and we don't add the objectclass: sstProvisioning to this domain. 

dn: uid=3999998,ou=domains,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackDomain
objectclass: sstRelationship
uid: 3999999
sstOpenStackId: default
sstOpenStackName: Default
description: The default domain
sstIsActive: TRUE
sstBillable: FALSE
sstBelongsToResellerUID: 4000000

Domain (OpenStack Service Provider Domain) example

This is also quite a special domain, as it collects the cloud administrators of the OpenStack based stoney cloud. It is added manually just after the bootstrapping phase. Therefore we never provision this domain and we do not add the objectclass: sstProvisioning to this domain. 

dn: uid=3999999,ou=domains,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackDomain
objectclass: sstRelationship
uid: 3999999
sstOpenStackId: abcdef2477be64c099500224864999998
sstOpenStackName: Service Provider
description: Service Provider stepping stone GmbH
sstIsActive: TRUE
sstBillable: FALSE
sstBelongsToResellerUID: 4000000

Domain (reseller) example

dn: uid=4000000,ou=domains,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackDomain
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 4000000
sstOpenStackId: b01822477be64c09950022486300c59c
sstOpenStackName: Reseller Ltd.
description: 4000000 - Reseller Ltd.
sstIsActive: TRUE
sstBillable: TRUE
sstProvisioningMode: added
sstProvisioningExecutionDate: 0
sstProvisioningState: 20180819T083208Z
sstProvisioningState: 0
sstBelongsToResellerUID: 4000000

Notes

  • sstBillable: FALSE If the attribute doesn't exist, it will take the value from the reseller ou=billing sub tree.
  • sstBelongsToCustomerUID: 4000001 Not necessary.
  • sstBelongsToPersonUID: 4000002 Not necessary.
  • Use date --utc "+%Y%m%dT%H%M%SZ" to set the attribute sstProvisioningState manually.
  • The uid normally has the same value as the sstBelongsToResellerUID attribute.

The following table describes the different attributes:

Attribute
Existence
Mandatory
 Description
uid
MUST
x
 A unique integer value with 7 digits or more. For example: 4000000.
sstOpenStackId
???
x1
 For example b01822477be64c09950022486300c59c.
sstOpenStackName
???
x1
 For example: Reseller Ltd.
description
???
x1
 Surname, example: Muster.
sstIsActive
MAY
x
 Is the entry active? Either true (yes) or false (no).
sstBillable
MAY
x2
 All hierarchical levels must have sstBillable: TRUE to actually have an invoice generated and sent. If the attribute sstBillable doesn't exist, the default is TRUE. This way, we are forced to set a reseller, customer or product manually to sstBillable: FALSE if we want to avoid sending them an invoice.
sstProvisioningMode
MUST
x
The provisioning mode, either add, modify or delete. For a new account, this attribute must be set to add. See Provisioning for details.
sstProvisioningExecutionDate
MUST
x
The date the provisioning shall occur in the form of [YYYY][MM][DD] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstProvisioningReturnValue
MAY
The provisioning return value written by the prov-backup-rsnapshot daemon. 0 means success, >0 means failure. See the prov-backup-rsnapshot Exit Codes for detailed information.
sstProvisioningState
MUST
x
The provisioning state, either 0 or in the form of [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstBelongsToResellerUID
MUST
x
 Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000.
sstBelongsToCustomerUID
MAY
x
 Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001.

Legend:

  • x: Mandatory in all cases.
  • x1: If sstIsCompany is set to TRUE, the organizationName must be set. Otherwise givenName and surname must be set.

Projects (tenants)

dn: ou=projects,ou=openstack,ou=services,dc=stoney-cloud,dc=org 
objectclass: top
objectclass: organizationalUnit
ou: projects
description: The sub tree for the projects (tenants) of the OpenStack based stoney cloud service.

Project (tenant) examples

Due to the OpenStack project (tenant) organisation, we can have multiple tenants per domain (reseller) and customers. The following LDIF example show the first project of the customer Customer Ltd. with the sstBelongsToCustomerUID: 4000001 belonging to the reseller Reseller Ltd. with the sstBelongsToResellerUID: 4000000: 

dn: uid=4100000,ou=projects,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackProject
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 4100000
sstOpenStackId: 5a3a4fd5d6e94a87815131be42d8e6d9
sstOpenStackName: Customer Ltd. - Internal Systems
description: 4000000/4000001 - Customer Ltd. - Internal Systems
sstNetworkHostnameFormat: cur-int-%03d
sstNetworkHostnameNextFreeNumber: 1
sstIsActive: TRUE
sstBillable: TRUE
sstProvisioningMode: added
sstProvisioningExecutionDate: 0
sstProvisioningState: 20180819T083208Z
sstBelongsToDomainID: b01822477be64c09950022486300c59c
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002

Please visit the Account Naming page and the Customer VM Naming Convention for the sstNetworkHostnameFormat.

The following LDIF example show the second project of the customer Customer Ltd. with the sstBelongsToCustomerUID: 4000001 belonging to the reseller Reseller Ltd. with the sstBelongsToResellerUID: 4000000: 

dn: uid=4100001,ou=projects,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackProject
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 4100001
sstOpenStackId: 9ecb5bfdd4564f6ca52bba1e869eeea4
sstOpenStackName: Customer Ltd. - Public Systems
description: 4000000/4000001 - Customer Ltd. - Public Systems
sstNetworkHostnameFormat: cur-pub-%03d
sstNetworkHostnameNextFreeNumber: 1
sstIsActive: TRUE
sstBillable: TRUE
sstProvisioningMode: added
sstProvisioningExecutionDate: 0
sstProvisioningState: 20180819T083208Z
sstBelongsToDomainID: b01822477be64c09950022486300c59c
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002

Please visit the Account Naming page and the Customer VM Naming Convention for the sstNetworkHostnameFormat.

Units (instances)

dn: ou=units,ou=openstack,ou=services,dc=stoney-cloud,dc=org 
objectclass: top
objectclass: organizationalUnit
ou: projects
description: The sub tree for the units (instances) of the OpenStack based stoney cloud service.

Unit (instance) examples

... 

dn: uid=3733327,ou=units,ou=openstack,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackUnit
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 3733327
sstOpenStackId: 9ecb5bfdd4564f6ca52bba1e869eeea4 <- Do we need this?
sstOpenStackName: Customer Ltd. - Public Systems <- Do we need this?
description: Bla, bla ...
sstIsActive: TRUE
sstBillable: TRUE
sstNetworkDomainName: os.stoney-cloud.com
sstNetworkHostname: sst-int-001
sstDisplayName: sst-int-001: stepping stone GmbH: CentOS 7 (Odoo)<- Wird durch stoney-maintenance.pl ausgelesen.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002 <- Either this or sstBelongsToServiceUID
sstBelongsToServiceUID <- Either this or sstBelongsToPersonUID -> Links to project uid

Licences (...)

Is a main service, not a sub service of the openstack service. 

dn: ou=licences,ou=services,dc=stoney-cloud,dc=org 
objectclass: top
objectclass: organizationalUnit
ou: projects
description: The sub tree for the ...

Licences (...) examples

... 

dn: uid=1234567,ou=licences,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstOpenStackUnit
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 1234567
description: Bla, bla ...
sstIsActive: TRUE
sstBillable: TRUE
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002 <- Either this or sstBelongsToServiceUID
sstBelongsToServiceUID <- What value? Will this cause a ldap search over all the services?

Questions

  • We need a mechanism to make sure, that the internal OpenStack domain(s) and the corresponding project(s) don't get provisioned!
  • Should we have a configuraton sub tree with sane default values?
  • Should we store the current values in the LDAP (CPU, RAM, ...)?
  • Will we store the network configuraton in the LDAP?
    • If yes, how will we store the additional networks in the LDAP (shared network)?
  • How will we make sure, not to bill the IPv4 netwoks, belonging to a reseller and/or customer?
    • For example Fence IT AG?
  • Will we have both sstBelongsToDomainID and sstBelongsToDomainUID or just one or the other?
Retrieved from "https://wiki.stoney-cloud.org/w/index.php?title=stoney_cloud:_OpenLDAP_directory_data_organisation&oldid=4817"