dynamic roles in cloudstack
play

Dynamic Roles in CloudStack Boris Stoyanov Software Development - PowerPoint PPT Presentation

Oct 21, 2023 •438 likes •759 views

Dynamic Roles in CloudStack Boris Stoyanov Software Development Engineer in Test boris.stoyanov@shapeblue.com twitter: @shapeblue The Cloud Specialists About Me Break Stuff @ ShapeBlue Background: C l i c k t o e d i t More

  1. Dynamic Roles in CloudStack Boris Stoyanov Software Development Engineer in Test boris.stoyanov@shapeblue.com twitter: @shapeblue The Cloud Specialists

  2. About Me • Break Stuff @ ShapeBlue • Background: C l i c k t o e d i t • More than 10 years in Software Development and Testing • Specialize in: • Test Management • Automated Testing • Testing Frameworks Joined ShapeBlue and CloudStack last year • ShapeBlue.com @ShapeBlue The Cloud Specialists

  3. About ShapeBlue C l i c k t o e d i t “ShapeBlue are expert builders of public & private clouds. They are the leading global CloudStack services company.” @ShapeBlue ShapeBlue.com The Cloud Specialists

  4. ShapeBlue customers C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  5. ShapeBlue customers C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  6. ShapeBlue customers C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  7. C l i c k t o e d i t Dynamic Roles in CloudStack ShapeBlue.com @ShapeBlue The Cloud Specialists

  8. Static Roles in CloudStack C l i c k t o e d i t • List of pre-defined roles • All roles permissions are kept in a single file commands.properties • Each change requires a management server restart • How do we add a custom role with new set of permissions ShapeBlue.com @ShapeBlue The Cloud Specialists

  9. Dynamic Roles C l i c k t o e d i t Quiz Time ShapeBlue.com @ShapeBlue The Cloud Specialists

  10. Hint: it’s related to permissions Q1: What are these numbers and what’s their purpose: 1, 2, 4, 8 C l i c k t o e d i t Answer: These numbers represent the static roles 1 = ADMIN 2 = RESOURCE_DOMAIN_ADMIN 4 = DOMAIN_ADMIN 8 = USER ShapeBlue.com @ShapeBlue The Cloud Specialists

  11. commands.properties C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  12. Hint: related to permissions Q2: What are the 7s and 15s? C l i c k t o e d i t Answer: all users until that number can execute the command ShapeBlue.com @ShapeBlue The Cloud Specialists

  13. Hint: related to the permissions file Q3: What does this number represent: 790 C l i c k t o e d i t Answer: That’s about the number of lines commands.properties has in 4.9. ShapeBlue.com @ShapeBlue The Cloud Specialists

  14. Static Role-based Access Control • Pre-defined roles C l i c k t o e d i t • All permissions kept in a commands.properties file • Changes are difficult to maintain • Management server restart is required after change • Hard to add a new role with custom permissions ShapeBlue.com @ShapeBlue The Cloud Specialists

  15. Add Read-only Admin • Root Admin C l i c k t o e d i t • Read-only permission ShapeBlue.com @ShapeBlue The Cloud Specialists

  16. Let’s re-thing roles management • New way of managing roles C l i c k t o e d i t • Add/Change roles made easy • Apply changes without management restart ShapeBlue.com @ShapeBlue The Cloud Specialists

  17. Here’s what we did C l i c k t o e d i t • Move all permissions to the DB • Create a dynamic role based account checker (RBAC) • New UI interface • Handle migrations ShapeBlue.com @ShapeBlue The Cloud Specialists

  18. Dynamic ApiChecker C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  19. How to use it: Adding role Use case: Root Admin wants to create a root admin read-only account, who is not allowed to see Global Settings. C l i c k t o e d i t Create a custom role • Add an “allow rule” to all list APIs • • Add ”deny rule” to all configuration APIs • Assign the role to the read-only account ShapeBlue.com @ShapeBlue The Cloud Specialists

  20. How to use it: Adding role C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  21. How to use it: Good practices C l i c k t o e d i t When adding custom rules, user is allowed to select multiple APIs using “*” • Rules can be shifted in the list in set the order of the list • It’s a good practice to move deny rules on top of the list when allowing • multiple APIs at once. ShapeBlue.com @ShapeBlue The Cloud Specialists

  22. How to use it: Denied API What happens in UI when user hits a denied API? • C l i c k t o e d i t User is displayed with • the following error ShapeBlue.com @ShapeBlue The Cloud Specialists

  23. Dynamic Role-based Access Control • Pre-defined roles are available C l i c k t o e d i t • Moves all permissions into the DB • Adds UI interface to add a new role • Custom set of rules per API for a role • Does not require management restart ShapeBlue.com @ShapeBlue The Cloud Specialists

  24. Live demo • One must read slide title first C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  25. Availability and Upgrade Dynamic RBAC is available and • C l i c k t o e d i t enabled by default on all new installations post 4.9 Users upgrading to >4.9.x • will have the feature disabled post upgrade Migration tool is available to • do the migration and enable Dynamic RBAC ShapeBlue.com @ShapeBlue The Cloud Specialists

  26. Upgrade: Running the migration tool [root@host]# python migrate-dynamicroles.py -u cloud -p cloud -h localhost -p 3306 -f /etc/cloudstack/management/commands.properties C l i c k t o e d i t Apache CloudStack Role Permission Migration Tool (c) Apache CloudStack Authors and the ASF, under the Apache License, Version 2.0 Running this migration tool will remove any default-role permissions from cloud.role_permissions. Do you want to continue? [y/N]y The commands.properties file has been deprecated and moved at: /etc/cloudstack/management/commands.properties.deprecated Static role permissions from commands.properties have been migrated into the db Dynamic role based API checker has been enabled! ShapeBlue.com @ShapeBlue The Cloud Specialists

  27. Migrating Roles After enabling Dynamic RBAC root admin role permissions looks like this: • C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  28. Migrating Roles While other roles • have explicit rules C l i c k t o e d i t created based on the settings in commands.properties file. ShapeBlue.com @ShapeBlue The Cloud Specialists

  29. C l i c k t o e d i t Questions? ShapeBlue.com @ShapeBlue The Cloud Specialists

  30. By the way…. Next CloudStack event: Cloudstack Collaboration C l i c k t o e d i t Conference at ApacheCon North America May 16-18, 2017 InterContinental Miami MIAMI, FLORIDA United States http://events.linuxfoundation.org/events/apachecon-north- america/attend/register- ShapeBlue.com @ShapeBlue The Cloud Specialists

  31. More information C l i c k t o e d i t • Slide deck: http://www.slideshare.net/shapeblue • Blog: http://shapeblue.com/blog • Email: boris.stoyanov@shapeblue.com • Web: http://shapeblue.com ShapeBlue.com @ShapeBlue The Cloud Specialists

Recommend

Apache CloudStack & Apalia Involved with CloudStack since 2010 Dozens of CloudStack

Apache CloudStack & Apalia Involved with CloudStack since 2010 Dozens of CloudStack

Billing for Apache CloudStack Billing for Apache CloudStack CloudStack Collaboration Confer CloudStack Collaboration Conference US ence US Miami May 18 Miami May 18 th th 2017 2017 Apache CloudStack & Apalia Involved with

322 views • 15 slides
Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski

Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski

Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski (@mtutkowski on Twitter) CloudStack Software Engineer Member of CloudStack Project Management Committee (PMC) Focused on CloudStacks storage

461 views • 26 slides
Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates

Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates

Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates without user downtime CloudOpen Dublin 2015 #whoami Name: Tim Mackey Current roles: XenServer Community Manager and Evangelist; occasional coder

740 views • 29 slides
Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO,

Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO,

Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO, Cloud Platforms, Citrix CloudStack History 2008 2009 2010 2012 2011 Sept 2008: Nov 2009: May 2010: July 2011: April 2012: CloudStack

457 views • 34 slides
SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email:

SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email:

SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email: htrippaers@schubergphilis.com Twitter: @Spark404 Freenode: Spark404 http://www.schubergphilis.com Tuesday, October 15, 13 CloudStack networking - the

572 views • 35 slides
+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham

+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham

+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham Founder, CEO ActOnMagic madan@actonmagic.com + Agenda n Introduction n Different Stages of Analytics n Cloudstack Communitys concerns

438 views • 16 slides
CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue About Me Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and

1.25k views • 33 slides
Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack @ShapeBlue

1.39k views • 44 slides
CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google

CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google

CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google trends Start of Clouds Cloud computing trending down, while Big Data is booming. Virtualization remains constant . BigData on

591 views • 42 slides
Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri

Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri

Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri Cristofolini, Pedro Henrique Pereira Martins, and Rafael Weing artner August 18, 2016 Florian opolis, SC Brazil Agenda Cloud computing

266 views • 24 slides
Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration

Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration

Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration Conference Europe October 8-9, 2015 Dublin, Ireland Who Is Claude Warren? claude@xenei.com Apache Jena Project Management Committee Member and

712 views • 32 slides
CloudStack Identity and Access Management (IAM) Min Chen Prachi Damle Citrix Agenda Background

CloudStack Identity and Access Management (IAM) Min Chen Prachi Damle Citrix Agenda Background

CloudStack Identity and Access Management (IAM) Min Chen Prachi Damle Citrix Agenda Background Our Design Goal Architecture Implementation Use Cases Next Steps Background Limited IAM Services Out-of-box fixed

251 views • 22 slides
Building an autonomic CloudStack Gabriel Beims Br ascher, Lucas Berri Cristofolini, and Rafael

Building an autonomic CloudStack Gabriel Beims Br ascher, Lucas Berri Cristofolini, and Rafael

Building an autonomic CloudStack Gabriel Beims Br ascher, Lucas Berri Cristofolini, and Rafael Weing artner January 19, 2017 Florian opolis, SC Brazil Agenda Current cloud environments The cloud we want How far are we from

441 views • 27 slides
What creates community? Roles Experiences Time Community Roles What Are Roles? A role is

What creates community? Roles Experiences Time Community Roles What Are Roles? A role is

What creates community? Roles Experiences Time Community Roles What Are Roles? A role is a person, in a place, doing something predictable Janet Klees 2013 The more competencies a person is perceived or believed to have, that much

589 views • 17 slides
Standard Project Roles and Responsibilities This describes typical roles and responsibilities for

Standard Project Roles and Responsibilities This describes typical roles and responsibilities for

Standard Project Roles and Responsibilities This describes typical roles and responsibilities for projects and programs. Roles may be assigned to one or more individuals. Conversely, individuals may play one or more roles. Executive Sponsor

48 views • 3 slides
Distributed CI and testing for cloudstack in a hybrid community Daan Hoogland Not senior. Not

Distributed CI and testing for cloudstack in a hybrid community Daan Hoogland Not senior. Not

Distributed CI and testing for cloudstack in a hybrid community Daan Hoogland Not senior. Not manager. Other job titles apply. daan.hoogland@shapeblue.com +DaanHoogland https://www.slideshare.net/ShapeBlue/cccna17-distributed-ci-

620 views • 22 slides
By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that are Beyond Learn the view and motivation of each role Learn the specific tasks that each roles plays throughout a release and within each

786 views • 39 slides
Presentation Outline o Role of Cabin Crew o Role of the Airlines o Roles of the Airports o Roles of

Presentation Outline o Role of Cabin Crew o Role of the Airlines o Roles of the Airports o Roles of

Dr. Thuthukile Mashaba Mogoru AVMED South African Civil Aviation Authority Aviation Pandemic Preparedness Plan Presentation Outline o Role of Cabin Crew o Role of the Airlines o Roles of the Airports o Roles of Baggage Handlers o Roles of the

699 views • 30 slides
Championing CloudStack Development with Tools Rohit Yadav

Championing CloudStack Development with Tools Rohit Yadav

Championing CloudStack Development with Tools Rohit Yadav Software Architect, ShapeBlue rohit.yadav@shapeblue.com Twitter: @_bhaisaab About Me v Software Architect

277 views • 16 slides
Detection of latent roles in online forums Luchon- July 1, 2014 Alberto Lumbreras, Sup: Jouve

Detection of latent roles in online forums Luchon- July 1, 2014 Alberto Lumbreras, Sup: Jouve

Detection of latent roles in online forums Luchon- July 1, 2014 Alberto Lumbreras, Sup: Jouve B., Velcin J. Roles in discusion threads Task: detect roles Definition: role as archetypical behavior or social function. 2 Different roles,

459 views • 14 slides
How the Media Influences Gender Roles by: Austin Perron What are Gender Roles? Gender

How the Media Influences Gender Roles by: Austin Perron What are Gender Roles? Gender

How the Media Influences Gender Roles by: Austin Perron What are Gender Roles? Gender stereotypes typically generalized as male and female for western culture most relevant in education, profession, housework, decision making and,

249 views • 9 slides
Blended Roles Trailblazer Stephanie Butterworth 10 March 2020 1 Blended Roles Trailblazer

Blended Roles Trailblazer Stephanie Butterworth 10 March 2020 1 Blended Roles Trailblazer

Blended Roles Trailblazer Stephanie Butterworth 10 March 2020 1 Blended Roles Trailblazer Better care for older people and better jobs for care staff - messages from a trailblazer blending health and care worker roles in the community

533 views • 10 slides
Group Roles Each table will designate a role for each participant. We will maintain these roles

Group Roles Each table will designate a role for each participant. We will maintain these roles

Group Roles Each table will designate a role for each participant. We will maintain these roles for the duration of our time together. Small Group Role Reporter Recorder Caretaker Timekeeper Facilitator I have a keen I represent my I

177 views • 4 slides
Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software Test Engineer) rohit.yadav@shapeblue.com boris.stoyanov@shapeblue.com @rhtyd / @bsstoyanov The Cloud Specialists A b o u t M e Rohit Yadav

639 views • 25 slides

More recommend