Ciao Controller

Ciao controller is responsible for policy choices around tenant workloads.
It provides [compute API
for access from
[ciao-cli]( and
[ciao-webui]( over HTTPS.


The ciao controller implements an
client which generates commands sent to
and receives node and workload statistics from

Controller integrates with Keystone to allow isolation both between
tenants of a cloud and the administrators of that cloud.  Users within
distinct tenants are also isolated from each other.  Tenant users can
access usage statistics for their tenant workloads and issue commands
to manage their workloads.  Admin users can access usage statistics for
the overall cloud infrastructure and issue commands to manage it.

When a first workload is launched for a tenant,
ciao-controller automatically prepares a [CNCI
for the tenant.  This provides a virtual network which spans the tenant's
workloads.  Tenant workloads have access only to their tenant private
network and not any other tenant networks.  New workload instances within
the tenant are automatically assigned network connectivity within that
tenant's private network.

Ciao-controller currently has early, developer oriented workload definition
files and a cloud-init template which demonstrate launching virtual
machines and docker workloads (see \*.csv and \*.yaml).

Running Controller

Controller has many configuration options and depends on connectivity
to a keystone server as well as ciao network node, ciao-scheduler, and
ciao compute nodes configured for ciao-launcher.

The key ciao-controller configuration options describe your keys (-cacert,
-cert, -httpscert, -httpskey), your keystone connection information
(-identity, -username, -password), and the location of your ciao-scheduler
SSNTP server (-url).

### Keystone Configuration

For demonstration purposes, your keystone server needs a the following
minimal configuration for controller:

$ openstack service create --name ciao compute
$ openstack user create --password hello csr
$ openstack role add --project service --user csr admin
$ openstack user create --password giveciaoatry demo
$ openstack role add --project demo --user demo user

This adds a ciao compute service, a keystone user and project for the
controller (aka csr) node, and a demo user with the password

### Certificates

Certificates are assumed to be in /etc/pki/ciao, or can be
specified on the command line via the "-cert" and "-cacert"
command line options.  Certificates are created with the

You must also generate SSL certificates for use with the controller’s
HTTPS service, eg:

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout controller_key.pem -out controller_cert.pem

Copy the controller_cert.pem and controller_key.pem files to your
controller node. You can use the same location where you will be
building/running your controller binary (ciao-controller).

### Usage

Usage of ciao-controller/ciao-controller:
    	log to standard error as well as files
  -cacert string
    	CA certificate (default "/etc/pki/ciao/CAcert-server-localhost.pem")
  -cert string
    	Client certificate (default "/etc/pki/ciao/cert-client-localhost.pem")
  -database_path string
    	path to persistent database (default "./ciao-controller.db")
  -log_backtrace_at value
    	when logging hits line file:N, emit a stack trace (default :0)
  -log_dir string
    	If non-empty, write log files in this directory
    	log to standard error instead of files
    	Debug with no networking
  -stats_path string
    	path to stats database (default "/tmp/ciao-controller-stats.db")
  -stderrthreshold value
    	logs at or above this threshold go to stderr
  -tables_init_path string
	path to csv files (default "./tables")
  -url string
    	Server URL (default "localhost")
  -v value
    	log level for V logs
  -vmodule value
    	comma-separated list of pattern=N settings for file-filtered logging
  -workloads_path string
	path to yaml files (default "./workloads")

### Example

sudo ./ciao-controller --cacert=/etc/pki/ciao/ --cert=/etc/pki/ciao/cert-Controller-localhost.pem --url

# OpenStack Compatibility

In order to gain compatibility with common projects/tools as OpenStack Client, Rally Benchmarking and others you need to create the compute service and its corresponding endpoint for keystone. Run the following commands according to your environment as follows:

$ source <your-openrc>
$ openstack service create --name ciao --description "CIAO compute" compute
$ openstack endpoint create  compute --region RegionOne public https://<controller>:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create  compute --region RegionOne admin https://<controller>:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create  compute --region RegionOne internal https://<controller>:8774/v2.1/%\(tenant_id\)s

Imports 17 package(s) ¶