Revision d41f9720 snf-astakos-app/docs/projects_specs.rst
b/snf-astakos-app/docs/projects_specs.rst | ||
---|---|---|
1 |
Synnefo Projects |
|
2 |
================ |
|
1 |
Synnefo Projects: General Design Notes |
|
2 |
====================================== |
|
3 |
|
|
4 |
Projects can be thought of as "contracts" between the infrastructure |
|
5 |
and the members of the Project, so that members can allocate and use |
|
6 |
resources for a specified period in time. |
|
7 |
For every Project there is an *application*, and a *membership set*. |
|
8 |
The application must be approved before the Project "contract" |
|
9 |
comes in effect, and before any members join. |
|
10 |
|
|
11 |
Applications contain a Project *definition* that formally includes |
|
12 |
all the policy of the Project "contract", such as name, ownership, |
|
13 |
dates, and resource limits. |
|
14 |
Applications and the definitions they contain are, like contracts, |
|
15 |
immutable objects that can be tracked and effected in their entirety. |
|
16 |
Every change made to a pending application or an existing Project |
|
17 |
must be applied for through a new application. |
|
18 |
|
|
19 |
Project Synchronization |
|
20 |
----------------------- |
|
21 |
A Project has two kinds of effects, global and per-membership. |
|
22 |
Global effects are encoded within the Project object itself, |
|
23 |
and may include services (e.g. dns name, website, forum/collaboration), |
|
24 |
project-wide resources (e.g. VMs, IPs, diskspace), etc. |
|
25 |
Per-membership effects are encoded within Membership objects, |
|
26 |
and are prescribed by the policy in the project definition. |
|
27 |
|
|
28 |
By design, the effects of the project are expected to extend |
|
29 |
beyond the database system that records the project approval, |
|
30 |
therefore these effects cannot be relied to be implemented |
|
31 |
instantly and atomically upon request. |
|
32 |
For example, project creation or modification may involve |
|
33 |
updating resource management services, notification services, |
|
34 |
project website services, which may all have their own separate |
|
35 |
database systems. |
|
36 |
|
|
37 |
Consequently, once a policy is (atomically) registered as being in effect, |
|
38 |
it must be propagated for implementation with separate (non-atomic) procedures, |
|
39 |
collectively called Project Synchronization. |
|
40 |
|
|
41 |
Currently, the general approach for Synchronization of synnefo Projects, |
|
42 |
is to maintain appropriate states for the objects encoding policy effects |
|
43 |
(i.e. Project and Membership objects), and execute careful transitions |
|
44 |
among those states, respecting semanting dependencies and limitations, |
|
45 |
and remote system accesses. |
|
46 |
For example, a project cannot be considered "synchronized" unless |
|
47 |
all its Memberships are also considered "synchronized", |
|
48 |
or you cannot declare a Membership as synchronized if the newly-set |
|
49 |
quotas have not been acknowledged by the remote quota service. |
|
50 |
|
|
51 |
Creating and Modifying Projects |
|
52 |
------------------------------- |
|
53 |
Projects are created and modified by issuing a corresponding application. |
|
54 |
Applications that refer to the same Project are chained by including |
|
55 |
a reference to the precursor application into the new one. |
|
56 |
Applications that do not specify a precursor always create a new Project |
|
57 |
(that is, a new project object with a new membership set). |
|
58 |
Project applications that have not yet been approved may also be modified. |
|
59 |
When an unapproved application is modified (ie. it is succeeded by another), |
|
60 |
it may or may not be automatically rejected, depending on policy. |
|
61 |
|
|
62 |
Projects once created, are expected to always remain in record, |
|
63 |
even if they have been deactivated (i.e. their policies removed from effect). |
|
64 |
Deactivating a project may be the result of a policy-specific action, |
|
65 |
such as *termination* on a pre-defined date or *suspension* following |
|
66 |
an administrative decision. |
|
67 |
Deactivated projects retain both their Definition and their Membership sets, |
|
68 |
allowing them to be reactivated by another kind of policy-specific action. |
|
69 |
|
|
70 |
Adding and Removing Project Members |
|
71 |
----------------------------------- |
|
72 |
Memberships once created, are also expected to remain in historical record, |
|
73 |
even if they have been marked as removed by a policy-specific action, |
|
74 |
such as the user leaving the project, |
|
75 |
or the project owner suspending, or terminating them altogether. |
|
76 |
|
|
77 |
|
|
78 |
|
|
79 |
Reference Schema for Projects |
|
80 |
============================= |
|
81 |
|
|
82 |
General Terms |
|
83 |
------------- |
|
84 |
For clarity and precision, we (try to) use different terms for similar meanings. |
|
85 |
We also separate low-level technical primitives from related higher-level |
|
86 |
policy actions that include them. |
|
87 |
|
|
88 |
synchronize, synchronized, synchronization |
|
89 |
A low-level term for Projects and Memberships. |
|
90 |
Refers to the controlled (non-atomic) process that implements |
|
91 |
a newly modified policy (i.e. adds or removes policy effects |
|
92 |
such as quota limits). |
|
93 |
|
|
94 |
activate, deactivate, active, inactive |
|
95 |
A low-level term for Projects and Memberships. |
|
96 |
A Project or Membership is considered active as long as |
|
97 |
its policy is in effect. |
|
98 |
|
|
99 |
suspend, suspended, suspension |
|
100 |
A policy term for Projects and Memberships, |
|
101 |
implying temporary deactivation by an administrative action |
|
102 |
(e.g. abuse report, limits violation). |
|
103 |
|
|
104 |
terminate, terminated, termination |
|
105 |
A policyu term for Projects and Memberships, |
|
106 |
implying permanent deactivation, especially |
|
107 |
according to a pre-defined end-of-life event |
|
108 |
(e.g. project/contract "expiration"). |
|
109 |
|
|
110 |
add or remove membership |
|
111 |
Low-level terms for managing memberships to projects. |
|
112 |
|
|
113 |
join or leave project |
|
114 |
Policy terms for when users request their addition or removal |
|
115 |
from a project membership set. |
|
116 |
|
|
117 |
accept or reject membership request |
|
118 |
Policy terms for a project administrator to decide on |
|
119 |
join or leave requests. |
|
120 |
|
|
121 |
approve or disapprove project |
|
122 |
Policy terms for service administrators to decide whether |
|
123 |
to create/activate a project according or not |
|
124 |
|
|
125 |
alter project |
|
126 |
Low-level term for changes made to the global (i.e. not Membership) |
|
127 |
project status (e.g. new application, suspension). |
|
128 |
|
|
129 |
modify project |
|
130 |
Policy term for submitting a new application as a successor |
|
131 |
to an existing one, to alter the definition of a project. |
|
132 |
|
|
133 |
project leader |
|
134 |
The user who has authority over a project, |
|
135 |
to accept or reject membership requests, |
|
136 |
or to perform other actions according to policy. |
|
137 |
|
|
138 |
project applicant |
|
139 |
The user who submits a project application for creation |
|
140 |
or modification of a project. |
|
141 |
The applicant can be a different user than the leader. |
|
142 |
|
|
143 |
project administrator |
|
144 |
A user who has authority to approve, disapprove, and modify |
|
145 |
projects of a certain class (e.g. according to their domain names). |
|
3 | 146 |
|
4 |
Projects can be thought of as contracts between the infrastructure |
|
5 |
and the members of the project, so that resources can be allocated |
|
6 |
by the members and used for a specified period in time. |
|
7 | 147 |
|
8 | 148 |
Definition |
9 | 149 |
---------- |
... | ... | |
17 | 157 |
*text describing the project for the public* |
18 | 158 |
|
19 | 159 |
``start_date`` |
20 |
*when the project is to be started*
|
|
160 |
*when the project is requested to become active*
|
|
21 | 161 |
|
22 | 162 |
``end_date`` |
23 |
*when the project is to be ended* |
|
163 |
*when the project is to be deactivatedended*
|
|
24 | 164 |
|
25 | 165 |
``member_join_policy`` |
26 | 166 |
*an enumeration of policies on how new join requests are to be accepted. |
... | ... | |
48 | 188 |
``closed`` |
49 | 189 |
*no member can leave the project* |
50 | 190 |
|
51 |
``limit_on_members_number``
|
|
191 |
``limit_on_member_count``
|
|
52 | 192 |
*the maximum number of members that can be admitted to the project* |
53 | 193 |
|
54 | 194 |
``limits_on_resources`` |
... | ... | |
62 | 202 |
Application for a Project |
63 | 203 |
------------------------- |
64 | 204 |
An **application** for a project must be issued by a user and |
65 |
approved by the Service before any resources are granted.
|
|
205 |
*approved* by the service before any resources are granted.
|
|
66 | 206 |
Its attributes are: |
67 | 207 |
|
68 | 208 |
``serial`` |
... | ... | |
96 | 236 |
:(2b): rejected |
97 | 237 |
:(3): replaced |
98 | 238 |
|
99 |
When an application becomes *approved* and set to the project, |
|
100 |
its precursor must automatically be set to *replaced*. |
|
239 |
When an application becomes *approved* and therefore defines |
|
240 |
a the project, its precursor (if any) must atomically be set to *replaced*. |
|
241 |
|
|
101 | 242 |
|
102 | 243 |
|
103 | 244 |
Project Membership |
104 | 245 |
------------------------- |
105 |
A *project membership* object maps a user to a project and holds |
|
106 |
state for this mapping. |
|
246 |
A *project membership* maps a user to a project and holds state for this mapping. |
|
107 | 247 |
There are no inherent constraints to this mapping, |
108 | 248 |
any user might be a member to any project. |
109 | 249 |
|
... | ... | |
117 | 257 |
:(5): *removed, pending synchronization* |
118 | 258 |
:(6): *removed* |
119 | 259 |
|
120 |
The transitions from 2b to 3, and 5 to 6, must first |
|
121 |
commit their starting state and then only update to the next state
|
|
260 |
The transitions from 2b to 3, and 5 to 6, must first commit
|
|
261 |
their starting state and then only update to the next state |
|
122 | 262 |
after the *Synchronize Membership* procedure has been |
123 | 263 |
acknowledged as successful. |
124 | 264 |
|
125 |
Except states 2b and 5 which explicitly state that they are *pending*, |
|
126 |
all other states are considered *synchronized* |
|
265 |
Except states 2b and 5, which explicitly state that they are |
|
266 |
*pending synchronization*, all other states are considered *synchronized* |
|
267 |
**Synchronization** refers to all external communication |
|
268 |
(i.e. not within the limits to) required |
|
127 | 269 |
|
128 | 270 |
|
129 | 271 |
|
... | ... | |
142 | 284 |
``application`` |
143 | 285 |
*the last application that was successfully synchronized with Quotaholder.* |
144 | 286 |
|
145 |
``last_application_approved`` |
|
146 |
*the application which has created or modified the project. |
|
147 |
An application is approved by setting it to this attribute. |
|
148 |
|
|
149 |
Normally, this is the same as the ``application`` above. |
|
150 |
However, on approval, only ``last_application_approved`` is set |
|
151 |
so the two attributes differ, marking the project as pending definition |
|
152 |
synchronization. Upon successful synchronization with Quotaholder, |
|
153 |
``application`` is also set, marking the project definition synchronized. |
|
154 |
Note that if during the synchronization another approval |
|
155 |
updates ``last_application_approved``, then after synchronization |
|
156 |
the project is still out of sync, and needs another loop.* |
|
157 |
|
|
158 | 287 |
``creation_date`` |
159 | 288 |
*when the project was created (i.e. was first approved)* |
160 | 289 |
|
... | ... | |
162 | 291 |
*when was the last approval (i.e. creation or modification). |
163 | 292 |
Null if the project has not been approved or has been suspended.* |
164 | 293 |
|
165 |
``termination_start_date``
|
|
166 |
*when the project was ordered to terminate,
|
|
294 |
``deactivation_start_date``
|
|
295 |
*when the project was ordered to deactivate,
|
|
167 | 296 |
and declared out of sync for its resource grants to be removed. |
168 |
(is null if the project has not been ordered to terminate)*
|
|
297 |
(is null if the project has not been ordered to deactivate)*
|
|
169 | 298 |
|
170 |
``termination_date``
|
|
171 |
*when the project termination was actually completed by the service
|
|
172 |
following the successful revocation of resource grants. |
|
173 |
(is null if the project has not been terminated)*
|
|
299 |
``deactivation_date``
|
|
300 |
*when the project deactivation was actually registered as completed
|
|
301 |
by the service following the successful revocation of resource grants.
|
|
302 |
(is null if the project has not been deactivated)*
|
|
174 | 303 |
|
175 |
``members`` |
|
176 |
*the set of members for this project* |
|
177 |
|
|
178 |
``membership_dirty`` |
|
179 |
*boolean attribute declaring that the project |
|
180 |
needs membership synchronization. |
|
181 |
It must be atomically set and committed before |
|
182 |
any synchronization begins. |
|
183 |
It must be unset only after synchronization |
|
184 |
has been confirmed as successful.* |
|
304 |
``deactivation_reason`` |
|
305 |
*Text indicating indicating the reason for deactivation.* |
|
185 | 306 |
|
307 |
``members`` |
|
308 |
*the set of memberships for this project* |
|
186 | 309 |
|
187 | 310 |
|
188 | 311 |
Rules |
... | ... | |
194 | 317 |
|
195 | 318 |
2. **Active projects** |
196 | 319 |
|
197 |
A project is declared **active** when its resource grants are in effect. |
|
198 |
A valid project can be active if and only if |
|
199 |
- its ``last_approval_date`` is not null |
|
200 |
- its ``termination_date`` is null |
|
201 |
- its ``limit_on_members_number`` and ``limits_on_resources`` are not violated |
|
320 |
A project is declared **active** when its resource grants and |
|
321 |
general policy is in effect (even if partially), |
|
322 |
and no order of deactivation has been given. |
|
202 | 323 |
|
203 |
2. **Terminated projects** |
|
204 |
|
|
205 |
A valid project is declared **terminated**, if and only if |
|
206 |
its ``termination_date`` is not null |
|
207 |
|
|
208 |
4. **Suspended projects** |
|
209 |
|
|
210 |
A valid project is declared **suspended** if and only if |
|
211 |
|
|
212 |
- its ``termination_date`` is null |
|
213 |
- its ``last_approval_date`` is null, |
|
214 |
or its ``limit_on_members_number`` and ``limits_on_resources`` are violated |
|
215 |
|
|
216 |
5. **Alive projects** |
|
324 |
A valid project can be active if and only if |
|
325 |
- its ``deactivation_start_date`` is null |
|
217 | 326 |
|
218 |
Projects are declared **alive** if they are either *active*, or *suspended*. |
|
219 |
Users and owners are always able to interact with alive projects. |
|
327 |
2. **Inactive projects** |
|
220 | 328 |
|
221 |
6. **Life status** |
|
329 |
A valid project is declared **inactive** when its resource grants |
|
330 |
and general policy is not in effect, or is in effect and |
|
222 | 331 |
|
223 |
The status of being alive, active, suspended, terminated. |
|
332 |
A valid project is inactive if and only if, |
|
333 |
its ``deactivation_start_date`` is not null |
|
224 | 334 |
|
225 |
7. **Project states**
|
|
335 |
3. **Project states**
|
|
226 | 336 |
|
227 | 337 |
The states of a project that are significant from a control flow aspect, |
228 | 338 |
are the following: |
229 | 339 |
|
230 | 340 |
:(0): pending approval |
231 |
:(1a): alive, pending definition sync
|
|
232 |
:(1b): alive, pending membership sync
|
|
233 |
:(1c): alive, pending total sync
|
|
234 |
:(2): alive
|
|
235 |
:(3a): terminated, pending definition sync
|
|
236 |
:(3b): terminated, pending membership sync
|
|
237 |
:(3c): terminated, pending total sync
|
|
238 |
:(4): terminated
|
|
341 |
:(1a): active, pending definition sync
|
|
342 |
:(1b): active, pending membership sync
|
|
343 |
:(1c): active, pending total sync
|
|
344 |
:(2): active
|
|
345 |
:(3a): inactive, pending definition sync
|
|
346 |
:(3b): inactive, pending membership sync
|
|
347 |
:(3c): inactive, pending total sync
|
|
348 |
:(4): inactive
|
|
239 | 349 |
|
240 | 350 |
|
241 |
7. **Synchronization status**
|
|
351 |
4. **Synchronization status**
|
|
242 | 352 |
|
243 | 353 |
The status of the project's synchronization with Quotaholder |
354 |
and other remote services, |
|
244 | 355 |
can be either **synchronized** or **unsyncrhonized**. |
245 | 356 |
|
246 |
An alive project is declared synchronized by setting |
|
247 |
``application`` to be equal to ``last_application_approved``, |
|
248 |
and setting ``membership_dirty`` to false, |
|
249 |
|
|
250 | 357 |
Semantically, the project becomes synchronized when its application |
251 | 358 |
definition has been fully implemented and committed to quotaholder, |
252 | 359 |
and all its memberships are also synchronized. |
253 | 360 |
|
254 |
The alive project loses its synchronization on two occasions.
|
|
361 |
The active project loses its synchronization on two occasions.
|
|
255 | 362 |
On the approval of a new application modifying the project, |
256 | 363 |
and on the addition or removal of any of its memberships. |
257 | 364 |
|
258 |
In general, also considering projects under termination,
|
|
365 |
In general, also considering projects being deactivated,
|
|
259 | 366 |
a project is declared synchronized if and only if: |
260 | 367 |
|
261 |
- ``last_application_approved`` equals ``application`` |
|
262 |
- ``membership_dirty`` is false |
|
263 |
- ``termination_start_date`` is null or ``termination_date`` is set |
|
368 |
- None of its Memberships is unsynchronized |
|
369 |
- ``deactivation_start_date`` is null or ``deactivation_date`` is set |
|
264 | 370 |
|
265 |
Depending on which of the previous three clauses fail, |
|
266 |
a synchronizing process knows what to do: |
|
267 |
definition, membership, or termination and combinations. |
|
268 |
|
|
269 |
8. **Unique project names** |
|
371 |
5. **Unique project names** |
|
270 | 372 |
|
271 | 373 |
The project name (as specified in its application's definition) |
272 | 374 |
must be unique among all *alive* projects. |
273 | 375 |
|
274 |
9. **Inconsistent dates**
|
|
376 |
6. **Inconsistent dates**
|
|
275 | 377 |
|
276 | 378 |
If either ``creation_date`` or ``last_approval_date`` |
277 | 379 |
is in the future, the project state is declared **inconsistent** |
278 | 380 |
but the project is still considered created or approved, respectively. |
279 | 381 |
|
280 |
If ``termination_date`` is in the future, the project state is declared
|
|
281 |
**inconsistent** but the project is still considered terminated.
|
|
382 |
If ``deactivation_date`` is in the future, the project is declared
|
|
383 |
**inconsistent** but the project is still considered inactive.
|
|
282 | 384 |
|
283 |
10. **No project without application**
|
|
385 |
7. **No project without application**
|
|
284 | 386 |
|
285 | 387 |
A project can only exist in reference of the application that has defined it. |
286 | 388 |
The attributes in the definition such as its name, resource grants |
287 | 389 |
cannot be modified without a new application that must be approved. |
288 | 390 |
|
289 |
11. **Creating and modifying projects with follow-up applications**
|
|
391 |
8. **Creating and modifying projects with follow-up applications**
|
|
290 | 392 |
|
291 | 393 |
Every application for a project can be followed up with another one. |
292 | 394 |
The new application points back to it with its ``precursor`` attribute. |
... | ... | |
308 | 410 |
If the precursor of an application *is* associated with a valid project, |
309 | 411 |
then the same project entry is used and is re-initialized according |
310 | 412 |
to the new application's definition. |
311 |
The project is made alive (if terminated) and its previous state |
|
312 |
is maintained (mainly, the member set). |
|
313 |
If the new definition causes the project to exceed its limits, |
|
314 |
it will be suspended as required. |
|
413 |
The project is made active (if inactive) and its previous state |
|
414 |
is preserved (mainly, the member set). |
|
415 |
|
|
416 |
|
|
417 |
Scenarios |
|
418 |
--------- |
|
419 |
|
|
420 |
Project applicant not confident for his numbers |
|
421 |
''''''''''''''''''''''''''''''''''''''''''''''' |
|
422 |
Researcher requests resources to create a cluster for a protein-folding |
|
423 |
computation experiment. He knows how exactly how many machines, |
|
424 |
memory, and disk he needs but is not certain how many CPU cores |
|
425 |
he should request. |
|
426 |
|
|
427 |
He leaves the corresponding resource unspecified, |
|
428 |
and leaves a comment noting the issue. |
|
429 |
|
|
430 |
The project administrator responsible for the application |
|
431 |
uses his expertise, and/or consults others to formulate an appropriate |
|
432 |
limit for the resource. |
|
433 |
Then he modifies the (not-yet-approved) project, fills in the resource limit, |
|
434 |
then submits and approves the new application. |
|
435 |
|
|
436 |
|
|
437 |
Using participation to support an project application |
|
438 |
''''''''''''''''''''''''''''''''''''''''''''''''''''' |
|
439 |
An applicant knows that his application will be rejected unless |
|
440 |
a lot of people support it. |
|
441 |
|
|
442 |
Therefore, he applies for a project with no resource grants, |
|
443 |
and notes his rationale in the comments. |
|
444 |
|
|
445 |
The project administrator accepts his application in good faith, |
|
446 |
and then the project begins to accept members. |
|
447 |
|
|
448 |
Once many and important enough members have joined, |
|
449 |
the project leader modifies the project with a new application |
|
450 |
that now includes significant resource grants. |
|
451 |
|
|
452 |
The project administrator reviews the application and membership list, |
|
453 |
and is convinced that the project deserves the grants. |
|
454 |
However, he wants to make sure that this remains so, |
|
455 |
by ensuring that the membership of the project cannot |
|
456 |
include other users without further review. |
|
457 |
|
|
458 |
Therefore, he further modifies the (not-yet-approved) application, |
|
459 |
and sets the member accept policy to be 'closed', that is, |
|
460 |
that no new members may join the project. |
|
461 |
Then he sumbits and approves the application. |
|
462 |
|
|
315 | 463 |
|
316 | 464 |
|
465 |
-------- gtsouk REVIEW STOPS HERE --------- |
|
317 | 466 |
|
318 | 467 |
Procedures |
319 | 468 |
---------- |
... | ... | |
366 | 515 |
|
367 | 516 |
#. Suspend a project |
368 | 517 |
|
369 |
A project is suspended by setting ``last_approval_date`` to None |
|
518 |
A project is suspended by setting ``last_approval_date`` to None.
|
|
370 | 519 |
|
371 | 520 |
#. Terminate a project |
372 | 521 |
|
Also available in: Unified diff