Forums/Cloud Foundry Forums/Archived: CloudFoundry.org (OSS) Q&A
Answered
Architecture description?
Bernd Kolb
asked this on April 13, 2011 07:30
Hi,
Cloud foundry looks really cool.
Do you have any documents which you can share in which you explain the architecture of cloud foundry? What do I need to do to create a service? Is there one instance of a service per tenant? Is this up to the service? How is the data and the tenants isolated? How are you dealing with security?
Thanks,
Bernd
Comments
We will try to get some architecture docs posted shortly, however, in the mean time, I can answer some of your specific questions.
Tenancy and isolation is handled in two different areas, there is isolation in the DEA (dropplet execution agent) which runs your actual code, and in there is isolation in the services. The DEA runs every app as a separate locked down user with reduced privileges and utilizes standard unix/linux security isolation mechanisms. The services each handle multi-tenancy in a way that is appropriate to the service. For example, the mysql service uses a single process per mysql node, but when we provision a database for a user/app, we generate unique credentials for that user/app and only grant access to the newly provisioned database to that newly provisioned user/app. Other services like mongodb create a new mongodb process per provisioning request (with a randomly generated admin user and credentials) in order to perform multi-tenant isolation.
As for how to create a new service, we will be publishing a services api document soon, but in the mean time, you can take a look at https://github.com/cloudfoundry/vcap-services/blob/master/common/as.... The parts you would want to implement are the sinatra handlers, as the reset is specific to the AC implementation of services, i.e.:
post '/gateway/v1/configurations' do
delete '/gateway/v1/configurations/:service_id' do
post '/gateway/v1/configurations/:service_id/handles' do
delete '/gateway/v1/configurations/:service_id/handles/:handle_id' do
Plus the common auth handling and validation done in the sinatra handler:
before do
You can also implement services at a slightly higher level of abstraction, however, this functionality was a bit in flux just prior to launch and will have some changes coming soon. For some examples to follow as a guide, look at the mongodb service implementation. It's service gateway and node implementations each use a standard base class to ease implementation, but again, this is going to go through some changes over the next few weeks.
Anyway, hopefully that is enough to get you started. Look for some real docs and improved guidance in this space in the near future.
Thanks
Great, thanks a lot.
This gives me some basic understanding. I am looking forward to the docs.
Bernd
Hello, Patrick,
Looking forward to the architecture-related docs very much!
Thanks a lot!
In addition,
> Bernd
I also found some material from Internet, and I feel them excellent!
We just posted a presentation given at Silicon Valley Cloud Computing Group:
http://www.slideshare.net/mccrory-me/cloud-foundry-a-developers-per...
Please follow us on Twitter @cloudfoundry and watch our blog at http://blog.cloudfoundry.com/ for additional updates.
Regards,
Killian.
Some in the Eclipse Virgo community are interested in adding a DEA. Any hints on how you intend that to be done would be great.
Actually, perhaps this is slightly off-topic for this thread, so I'll start a fresh thread.
... here: http://support.cloudfoundry.com/entries/20034556-how-to-add-a-new-dea
How cloud foundry is different then tomcat tc server?
http://virtualization-for-layman.blogspot.com/2011/05/vmware-cloudf...