Changes between Initial Version and Version 1 of DevAPI


Ignore:
Timestamp:
Mar 16, 2015 11:36:04 AM (10 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DevAPI

    v1 v1  
     1[[TOC]]
     2
     3= DETER Testbed System Programming Interface (SPI) =
     4
     5The DETER ASPI is really an interface with two sides, an outward facing side (the testbed SPI) that allows people to manage resources on the testbed and an inward facing side (the containers SPI)  that coordinates the containers that make up an experiment environment.  This document defines these interfaces and documents how to use them.  It is a living document that will gain detail as the specification grows and implementations are put into service.
     6
     7The testbed API is responsible for managing the following things:
     8
     9 Users::
     10  researchers
     11 Projects::
     12  groups of related users used to control what users have access to the testbed as a whole and to provide real-world accountability in the case of misbehavior.
     13 Circles::
     14  groups of related users used to manage what users can see and do to other testbed resources
     15 Experiments::
     16  research environments that may be stored, edited, and realized on testbed resources
     17 Libraries::
     18  groups of experiments that provide logical organization of experiments into classes or collect experiments with similar scope of interest
     19 
     20
     21The testbed SPI enables users to ask a DETER testbed to do things for them.  It will generally be called from a more user-friendly front end, tuned to the user's experience and goals, such as the evoloving DETER Beginners Interface.
     22
     23The containers API is used by the DETER control system to manage the resources that make up an experimental topology in progress. The goal of this API is to take raw resources inside the testbed that have been allocated using the testbed API, and configure them into a usable environment.  Each logical element of an experiment (a computer, a router, etc.) is represented by a container which must be managed by DETER.
     24
     25Managing a container consists of:
     26 * Allocating resources to it
     27 * Installing and configuring any virtualization software or configuring hardware
     28  * This involves translating from a more generic topology/configuration description into the setup for a specific container type
     29 * Configuring and starting MAGI software necessary to connect to the experiment management system
     30 * Exposing and using container-specific features to provide DETER services
     31
     32We discuss the testbed SPI and then the containers SPI.  Then we discuss some initial implementation details and present a roadmap for development.
     33
     34== DETER Testbed SPI ==
     35
     36The testbed SPI manipulates a few entities to provide the experimentation environment.  This section discusses the key abstractions of the testbed SPI and how they work together to create an experimental environment.
     37
     38=== Users ===
     39
     40A '''user''' is a researcher who uses the DETER testbed.  They request testbed services and allocate testbed resources.  Users are the actors that make things happen through test testbed SPI.
     41
     42Each user is identified by a unique string, their '''userid'''.  Userids are assigned when the user is created on the testbed and guaranteed to be unique.
     43
     44In addition to the user identifier DETER keeps meta-data about users.  Currently that meta-data consists of:
     45
     46 * Projects the user is in (see below)
     47 * Experiments the user owns (see below)
     48 * A password to authenticate the user
     49 * A valid e-mail address for communication and password resetting
     50 * General metadata, e.g,
     51   * Real name
     52   * Affiliation
     53   * Phone number
     54   * Address
     55
     56A user identifies themselves to the testbed SPI by proving that they hold a specific public/private keypair.  An initial such keypair is issued when the user is created, and a user can acquire another valid pair at any time by proving they know their password.  Generally those pairs are short-lived to guard against loss or theft, but the password is administered using local testbed policies.
     57
     58=== Grouping Users: Projects and Circles ===
     59
     60DETER groups users for two main reasons: to distribute the time costs of administration and to facilitate collaborative use of DETER's resources.  The first is accomplished through the Project abstraction and the second through the Circle abstraction.
     61
     62==== Projects ====
     63
     64Projects are groups of users who can access testbed resources.  They correspond to such real-world groups as classes or research projects. Each project has an owner, vetted by DETER staff, who can then add users to the project at their discretion.  Such users have access to the DETER testbed.  This is close in spirit to an Emulab project, but shorn of its access control implications.
     65
     66
     67A project always has an owner, the user vetted by DETER staff.  Ownership can be changed, but only by the owner.
     68
     69When a user is added to a project, their rights are also defined within that project.  The rights are:
     70
     71 * Can add other users to the project
     72 * Can remove users from the project
     73 * Can realize create circles in the project's name space (see below)
     74
     75Each project has a profile attached to it, as a user does, and that profile can be expanded to include other attributes.
     76
     77When a researcher wants to start a project on DETERlab, the researcher creates a user and requests a project.  Though the testbed API sees this as two steps, the user interface presented by a web page would roll these two steps together. A user sees it as a single application page.
     78
     79The project is created but unapproved and cannot do anything.  When the group responsible for vetting projects approves the project, its state is changed (to approved) and the owner can now add other users and use testbed resources. (Each project has a circle linked to it that controls project members access to testbed resources.)
     80
     81When a new user applies to join the testbed, a user is created that can only set its password or apply to create or join a project.  When a user applies to join a project, all project members who can add that user are notified.  Any one of them can accept the user and set their permissions.  By accepting that user the project takes some responsibility for them.  If that user misbehaves, the project owner will be contacted as well as the user.
     82
     83If a user is removed from all projects, they return to a powerless state.
     84
     85==== Circles ====
     86
     87Circles are groups of users.  They are used to confer rights to groups of users, identify groups of users, and influence how resources are configured when experiments are realized on the testbed.  Circles are intended to be lightweight and encourage collaboration inside a project or across projects. This is a more general use of grouping than an Emulab testbed.
     88
     89A circle always has an owner, the user responsible for its creation.  Ownership can be changed, but only by the owner.
     90
     91Circle names are scoped one of two ways, by prefixing them with either the uid of the user that created it, or a project that the creating user is a member of.  The right to create circles with the project's prefix is controlled by a user's permissions in the project.  Because uids and project names are unique across the testbed, circle names are unique when prefixed.   The names written as prefix:circle.
     92
     93When a user is added to a circle, their rights are also defined within that circle.  The rights are:
     94
     95 * Can add other users to the circle
     96 * Can remove users from the circle
     97 * Can realize experiments under this circle (granting members of the circle access to the resources in use)
     98
     99Each circle has a profile attached to it, as a user does, and that circle can be expanded to include other attributes.
     100
     101Each user in an approved project is a member of at least two circles: a circle attached to the project (created and owned by the owner of the project in the project's name space) and a single-user circle owned (and created by) the uid.  A user bob in project newclass will be a member of the circle bob:bob and newclass:newclass.
     102
     103Bob will have the right to realize experiments in the bob:bob circle - that is bob can create experiments that only bob can access.  Bob will also have whatever rights the owner of the newclass project gave bob when he joined. If bob created the newstuff project, bob will have all rights in the newstuff:newstuff project.  No user has the right to add or remove users from their single-user circle.
     104
     105Circles are used to control sharing as well.  If bob and alice are made a team in newclass, the owner of that project, e.g., their instructor or teaching assistant, can make them a circle under the project's namespace.  bob and alice may be made members of newclass:team1.  Now experiments realized in that circle will be accessible to bob and alice.
     106
     107A user can create circles at will, but can only add users to a circle with their consent.  Because circles enable users to share resources (e.g., local files) the desire to share must be mutual.
     108
     109The circle linked to a project is manipulated through the project, not as a circle.  Users added or removed to a project are added to or removed from its linked circle.  Permissions are also manipulated through the project interface.  A simple project may never need to create additional circles.
     110
     111
     112=== Experiments ===
     113
     114All of the testbed API is ultimately geared toward the creation of experiments.  An experiment contains many aspects that define its environment and operation.  An aspect is a user-defined piece of data that is used to influence the testbed's operation.  Some aspects are understood by the base testbed, and some must be interpreted by code supplied by the user.  Initially the prototype understands only a few aspects.  These include:
     115
     116 A description of the experimental environment::
     117   topology of computers and other resources in which the experiment will take place, including infrastructure necessary to carryout and gather data from the experiment
     118 A procedure to carry out::
     119   the repeatable sequence of events and reaction to those events that tests a hypothesis.  This may also contain event descriptions and actions to take based n them.
     120 
     121
     122Not all experiments in the sense of the API data structure will have all these elements.  Testbeds are often used to create an environment in which to try ideas out and explore ideas without intending to reproduce the experience.  The other end of the spectrum is rigorous, repeatable hypothesis testing.  The API supports both by allowing some of these aspects to be omitted for some experiments (in the API sense).
     123
     124Experiments have unique names, scoped by the name of the user who created them or a project that the experiment is tied to.  Any user can create experiments scoped by their name.  The right to create experiments scoped by a project name is based on an explicit permission.  There is no functional difference between the two experiments, but projects that choose to exert editorial control of experiment content can do it by vetting experiments that members of that project create in the project space.
     125
     126The experiment API is primarily concerned with:
     127
     128 * Storing the experiment specification for repeated use
     129 * Sharing the experiment specification between users subject to [wiki:NewPolicy policy]
     130 * Constructing an experiment's environment by calling out through teh Containers SPI
     131
     132We call the process of constructing the experiment's environment ''realizing'' the experiment.
     133
     134In order to support experiments that are making minimal use of experiment control systems, the API allows a user to manipulate a realized experiment, including
     135
     136 * viewing topology and state of containers
     137 * low-level operations on containers (start, shutdown, reconfigure)
     138
     139These interfaces use filtering and graph analysis to present useful views of large experiments.
     140
     141When realizing the experiment, the testbed uses the containers API to configure and control the hardware and software that create the environment.
     142
     143=== Libraries ===
     144
     145A library is a group of related experiments analogous to a circle or project being a group of related users.  Libraries make relationships between experiments explicit so that users can operate on related experiments easily.  As with users, projects, and experiments, libraries have profiles attached that store human-readable metadata about their contents.
     146
     147Libraries allow researchers and testbed administrators to group similar experiments and make them easy to find.  For example, a library of experiments for new testbed users can be maintained by testbed administrators.  A library of experiments for new members of a class or a research group can be maintained by the instructor or principal investigator.
     148
     149Access to libraries is controlled using circles as above, so once created, administration of a library can be flexible.  Different libraries will have different policies.
     150
     151As with experiments, the names of libraries are unique and scoped by a user or project name.  Only users delegated the explicit permission to create a library in the project name space may do so.  Project owners and managers may use this permission to vet libraries.
     152
     153== The Containers API ==
     154
     155The containers API is responsible for allocating resources to an experiment and configuring that hardware in ways appropriate for the user's goals - realizing it.
     156
     157The key abstraction for realizing an experiment is the '''container'''.  A container holds some of a physical resource's computational and networking power and uses it to create part of the experiment at a level of realism appropriate to the researcher's goals.  A researcher who is interested in end-system behavior will not put very much computational power into realizing the routers that forward packets, but a lot into realizing end systems.
     158
     159The containers API coordinates:
     160
     161 * Allocating the resources from the testbed's pool of resources
     162 * Configuring the physcial resources to realize the experiment
     163 * Partitioning the computational and networking power of each resource into appropriate realizations
     164 * Assigning resources to carry out the experiment
     165 * Configuring resources using containers so that the experiment can be carried out successfully on limited resources
     166 * Initializing and supporting an experiment control system like MAGI to carry out the experiment's procedure, police invariants, and gather data.
     167
     168This API supports communication between the testbed control system and the containers that make up an experiment being realized (and after it is realized).
     169
     170=== General Containers ===
     171
     172A clear kind of container is a computer running a virtual machine monitor that partitions its CPU resources between virtual machines.  This is a very useful kind of container, but not the only one.  The containers interface is intended to support new forms of computer virtualization, efficient network simulation, or new kinds of physical hardware that can be part of testbeds.
     173
     174To support these goals operations that the testbed can perform on a container are ''simple'' and ''can be specialized''.  In particular, the operations guaranteed to work on any container are:
     175
     176 Start::
     177  Begin operating as an experiment element. (For a computer, boot; for a flux capacitor, begin travelling in time)
     178 Stop::
     179  Become quiescent.  Only containers API requests will work on a stopped container
     180 Describe::
     181  Tell the testbed what extended operations the container supports, the configuration format to use, and resources allocated to it
     182 State::
     183  Tell the container state (see below)
     184 Configure::
     185  Set up the container's internal state.  (For a computer, establish accounts and mount filesystems; for a flux capacitor, set travel rate and destination date)
     186 Clean::
     187  Undo the effects of any Configure commands
     188
     189A container can be in the following states:
     190
     191 Down::
     192  The container is in communication with the testbed, but not yet configured to act as an experiment element
     193 Configured::
     194  The container is set up to act as an experiment element but is not yet doing so
     195 Pinned::
     196  The container is not acting as an experiment element, but is carrying out an operation that renders it otherwise unusable.  For example, a container that is capturing its state may be in this state.
     197 Up::
     198  The container is acting as an experiment element
     199 None::
     200  Nothing is known about the container. is is (as yet) unresponsive.
     201
     202Containers report state in response to a {{{describe}}} operation and can also spontaneously report changes in state to the testbed.
     203
     204Generally a container's life cycle looks like:
     205
     206 * Container starts in None state.
     207 * Hardware boots, containers code begins running on the resource, when that code comes up the container is Down and reports this state to the testbed.
     208 * The testbed asks the container to describe itself and sends an appropriate contfiguration request
     209 * When the configuration is successful the container moves to Configured and reports it
     210 * When the testbed tells the contatiner to start, it reports when it comes up and changes its state to Up. At this point, if an experiment control system like MAGI was part of the configuration, that system will take over running any experiment procedure.
     211 * When the experiment (or a phase of the experiment is done) the testbed can issue a Stop to the container, which will move to Configured.
     212
     213From that point the testbed can issue Clean, Configure, and Start commands to adjust the container state and operation.
     214
     215=== Resources ===
     216
     217Resources are the physical and conceptual objects managed by the testbed that are used to build experimental environments.  They are the computers, network ports, externally routable addresses, virtual machine images, et al. from which experiments are constructed.
     218
     219Resources are a class of objects that are user to build experiments.  Now there are are a few well known resources that are visible to the SPI, but generic resource objects are also supported by the SPI and provide a way to integrate new building blocks.  Some of the specialized resources are:
     220
     221 * computers
     222 * links
     223 * disk images
     224 * ssh keys
     225
     226Access to and configuration of resources is affected by the project(s) a user is acting as a member of.  When a user requests resources, thay specify the projects under which they are requesting them.  A user requesting resources as a member of a project representing a university class may have access to different resources than one acting as a member of the testbed administration.  How membership affects the resources a group can claim is set by testbed [wiki:NewAdmin policy].
     227
     228In addition, the membership in projects controls how resources will be configured.  A resource in use by a particular project will generally be configured to be accessible to all members of that project.  A student who allocates resources as a member of a small design group while implementing a class project may later allocate resources as a member of the whole class when presenting the work to the class's TA and professor.
     229
     230
     231=== Configuration and Specialization ===
     232
     233The most common form of container specialization is the configuration format that the container expects. We have defined formats for containers that look like computers that define accounts, filesystems, software installations, etc. Other configuration formats will evolve and move into the mainstream.
     234
     235In addition we define low-level commands in an experiment description that bind a configuration message content to a node in an experiment.  This allows new container configurations to be communicates even when the testbed does not understand them.
     236
     237In addition to custom configuration systems, containers can export custom operations.  For example, some virtual machines support snapshotting their state.  That can be useful to experimenters.  Again containers can advertise operations that the testbed is unaware of and the testbed API presents a way for users to pass a request through to a container directly.
     238
     239
     240== Putting It All Together ==
     241
     242To understand how the pieces above fit together, here is an example of a researcher using DETER.
     243
     244A person has an idea for research they would like to to conduct on DETER.  That researcher accesses a DETER user interface - for example the DETER web interface - and fills out a form that gathers information about them and their proposed research.  The web interface translates this into a request to create a user and then to create a vetting project for that user.  The information about the research is routed to the DETER administration.
     245
     246After the DETER administration decides that the research is reasonable and meets their criteria, they authorize creation of the vetting project.  The administration sends the user e-mail telling them they can use DETER.  Additionally the testbed may add the new user to a project for new users or other projects for researchers in similar fields.
     247
     248When the user visits the DETER web interface, it notices that the user is a member of the new users project and presents an opportunity to take a tutorial.  In addition, the user has access to sample experiments accessible to users in the new user's project.  These experiments are organized into samples based on their membership in libraries accessible by the new user.  The library structure helps the tutorial writer guide the user through the sample experiments. Working from the tutorial and documentation and starting from a sample experiment, the user may create a new experiment with an environment, constraints, procedure and data collection specced out.
     249
     250The web interface uses the testbed API to review an experiment in the new users project, copy it to the user's vetting project and edit the new experiment to meet the user's goals.
     251
     252The user then realizes the experiment using the testbed API, uses the experiment control API - usually MAGI - to carry out the experiment and collect the data.  When the experiment is complete, the testbed API is used to release resources.
     253
     254Now the user assesses the data, and may go off to publish results or create a new experiment from this one that tests a different hypothesis or something else.
     255
     256
     257== More Information ==
     258
     259From here, readers may be interested in the
     260
     261 * [wiki:NewTestbedAPISpec Detailed Specification of the testbed API]
     262 * [wiki:NewContainersAPISpec Detailed Specification of the containers API]
     263 * [wiki:NewImpl Implementation plan/roadmap]
     264   * [wiki:TopologyDescription Topology Description]
     265 * [wiki:NewImplNotes Implementation Notes]
     266 * [wiki:UIImplNotes UI Implementation Notes]