)]}'
{"doc/source/ideas/aurora.rst":[{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":2,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"Project Aurora aims to provide an Openstack experience to a community, by allowing that community to contribute"},{"line_number":5,"context_line":"those resources together in physically-separated locations."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"An exclusive non-goal for this project is to provide a framework where trust can be created between many different"},{"line_number":8,"context_line":"parties, the project only builds off a foundation of OOB (out-of-band) trust, and furthermore then only provides"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_fcbb0872","line":5,"updated":"2020-07-21 20:10:25.000000000","message":"This sounds more like a product than something an open source project could tackle.","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":39,"context_line":"The following tools can be given to cloud users and system configuration to fine-tune an experience according to the"},{"line_number":40,"context_line":"degrees of trust:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"*   Whitelist/Blacklist community members (and therefore their resources) to be selected by the orchestrator for"},{"line_number":43,"context_line":"    provisioning."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"*   Making cross-resource accessibility (e.g. cinder block storage volume access for nova compute instances)"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_f734c1ae","line":42,"updated":"2020-07-21 20:10:25.000000000","message":"ahem https://tools.ietf.org/id/draft-knodel-terminology-00.html#rfc.section.1.2","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":40,"context_line":"degrees of trust:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"*   Whitelist/Blacklist community members (and therefore their resources) to be selected by the orchestrator for"},{"line_number":43,"context_line":"    provisioning."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"*   Making cross-resource accessibility (e.g. cinder block storage volume access for nova compute instances)"},{"line_number":46,"context_line":"    ticket-based, where a central authority provides access on a principle of Least Privilege and Requirements."}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_b719a923","line":43,"updated":"2020-07-21 20:10:25.000000000","message":"I don\u0027t think it\u0027s sufficient to merely prevent scheduling of user workloads to hosts not trusted by that user. The architecture of OpenStack also assumes that there is no trust boundary between the control plane and the hypervisors.","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"3 aspects must be balanced: Service of Quality, User Preference, and Resource Availability."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"It is likely that as a background process, the orchestration engine would constantly be reshuffling resource locality,"},{"line_number":56,"context_line":"to get the \"best fit\", and have instances, storage volumes, and networking devices migrate between different"},{"line_number":57,"context_line":"community-provided compute resources. Furthermore, the orchestration engine must be ready at all times to fail over"},{"line_number":58,"context_line":"certain resources in case of fault, or to migrate resources if one user\u0027s hardware is being decommissioned or removed"},{"line_number":59,"context_line":"from the larger resource pool."},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_370d99e8","line":57,"range":{"start_line":55,"start_character":47,"end_line":57,"end_character":37},"updated":"2020-07-21 20:10:25.000000000","message":"At least with the default libvirt driver, live migration of Nova servers in OpenStack requires ssh access between the hypervisors.","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":89,"context_line":"--------------------"},{"line_number":90,"context_line":"In such a system as this, a \"resource\" could be anything from old desktops, old refurbished servers, a NAS with a few TB"},{"line_number":91,"context_line":"of storage ready, a legion of raspberry PIs, a partition of existing server infrastructure, or simply professional and"},{"line_number":92,"context_line":"high-powered rack servers."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"Any of these are of \"value\" to a wider community, with each being able to carry a fraction of the burden that might be"},{"line_number":95,"context_line":"applied to it, so an orchestration engine must be able to:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_b7eec9ea","line":92,"updated":"2020-07-21 20:10:25.000000000","message":"What value would one get by contributing these resources to a community?","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"929d45de5f372657a2cfa839b521f055412c3b8f","unresolved":false,"context_lines":[{"line_number":99,"context_line":"*   Find others resources local to this one, if they exist on the same network, or relatively close enough to have a low"},{"line_number":100,"context_line":"    access latency."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"*   Identify an owner with this resource, used for attributing removal permissions, and for users to black/whitelist"},{"line_number":103,"context_line":"    these users if possible."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"*   Find out a level of lifecycle management automation, if this resource is set up to have its bare-metal provisioning"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf51134e_d7beddd2","line":102,"updated":"2020-07-21 20:10:25.000000000","message":"here too","commit_id":"6234d3e39c760e2142f0d932c12cc361151eb5c5"}]}