Ciao controller is responsible for policy choices around tenant workloads.
It provides [compute API
for access from
[ciao-webui](https://github.com/01org/ciao-webui) over HTTPS.
The ciao controller implements an
client which generates commands sent to
and receives node and workload statistics from
Controller integrates with Keystone to allow isolation both between
tenants of a cloud and the administrators of that cloud. Users within
distinct tenants are also isolated from each other. Tenant users can
access usage statistics for their tenant workloads and issue commands
to manage their workloads. Admin users can access usage statistics for
the overall cloud infrastructure and issue commands to manage it.
When a first workload is launched for a tenant,
ciao-controller automatically prepares a [CNCI
for the tenant. This provides a virtual network which spans the tenant's
workloads. Tenant workloads have access only to their tenant private
network and not any other tenant networks. New workload instances within
the tenant are automatically assigned network connectivity within that
tenant's private network.
Ciao-controller currently has early, developer oriented workload definition
files and a cloud-init template which demonstrate launching virtual
machines and docker workloads (see \*.csv and \*.yaml).
Controller has many configuration options and depends on connectivity
to a keystone server as well as ciao network node, ciao-scheduler, and
ciao compute nodes configured for ciao-launcher.
The key ciao-controller configuration options describe your keys (-cacert,
-cert, -httpscert, -httpskey), your keystone connection information
(-identity, -username, -password), and the location of your ciao-scheduler
SSNTP server (-url).
### Keystone Configuration
For demonstration purposes, your keystone server needs a the following
minimal configuration for controller:
$ openstack service create --name ciao compute
$ openstack user create --password hello csr
$ openstack role add --project service --user csr admin
$ openstack user create --password giveciaoatry demo
$ openstack role add --project demo --user demo user
This adds a ciao compute service, a keystone user and project for the
controller (aka csr) node, and a demo user with the password
Certificates are assumed to be in /etc/pki/ciao, or can be
specified on the command line via the "-cert" and "-cacert"
command line options. Certificates are created with the
You must also generate SSL certificates for use with the controller’s
HTTPS service, eg:
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout controller_key.pem -out controller_cert.pem
Copy the controller_cert.pem and controller_key.pem files to your
controller node. You can use the same location where you will be
building/running your controller binary (ciao-controller).
Usage of ciao-controller/ciao-controller:
log to standard error as well as files
CA certificate (default "/etc/pki/ciao/CAcert-server-localhost.pem")
Client certificate (default "/etc/pki/ciao/cert-client-localhost.pem")
path to persistent database (default "./ciao-controller.db")
when logging hits line file:N, emit a stack trace (default :0)
If non-empty, write log files in this directory
log to standard error instead of files
Debug with no networking
path to stats database (default "/tmp/ciao-controller-stats.db")
logs at or above this threshold go to stderr
path to csv files (default "./tables")
Server URL (default "localhost")
log level for V logs
comma-separated list of pattern=N settings for file-filtered logging
path to yaml files (default "./workloads")
sudo ./ciao-controller --cacert=/etc/pki/ciao/CAcert-ciao-ctl.intel.com.pem --cert=/etc/pki/ciao/cert-Controller-localhost.pem --url ciao.ctl.intel.com
# OpenStack Compatibility
In order to gain compatibility with common projects/tools as OpenStack Client, Rally Benchmarking and others you need to create the compute service and its corresponding endpoint for keystone. Run the following commands according to your environment as follows:
$ source <your-openrc>
$ openstack service create --name ciao --description "CIAO compute" compute
$ openstack endpoint create compute --region RegionOne public https://<controller>:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create compute --region RegionOne admin https://<controller>:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create compute --region RegionOne internal https://<controller>:8774/v2.1/%\(tenant_id\)s