User self-service creation automation

Kptainflintt

Hi, I'm working with xcp and XOA in order to build a private cloud for several schools.

I saw that I can work with a LDAP, OK.
I saw that when user log in for the first time, is account is automatically created on XOA. OK
BUT, with around 500 users, I cannot manually build their self-service accounts on by one after creation.

So, what can I use to achieve this? API, CLI scripts, new plugin ?

Any advice is welcome.

Have a nice day !

olivierlambert

Hi,

Question for @julien-f
I think you can also sync groups so a user will automatically be added in the right group and enjoy the right self service Is it what you want to achieve?

Kptainflintt

@olivierlambert Hi,

Yes, but a group-wide self-service made all resources shared by group members right ?

If no, OK, that's what I want to do. If yes.... NOK because I need an isolated space per student.

In fact, I need both, but group wide is more simple for me because they wil be created on demand. User's space needs to be created on first login.

I see that I've forgotten to mention that LemonLDAP will be implemented to use SSO.

olivierlambert

Okay the initial use case is not very clear. So you need only 1x self service per person, right? Please take time to explain the functional need before trying to find solution, because for us in here, it's easier to help you find the right solution when we understand what you want to achieve in the first place

Kptainflintt

@olivierlambert

OK, I will try to make it as clear as possible :

Context : Group of schools or training center which want to have a private cloud infrastructure for eduational purpose
Number of user : around 500, not at the same time
Essentials need : each user can use a sandboxed space to run their own virtuals machines, with internal networks inside. They cannot acces to hypervisor stack, and they cannot access to other's spaces
Optional need : if teachers wants, two or more student can work on a shared space. They cannot acces to hypervisor stack, and they cannot access to other's spaces
Workflow : users will be created in an OpenLDAP server, upon it a LemonLDAP will bring user portal and SSO. XOA will use this SSO to allow access.

So, satrting at this point, SSO connexion is not a problem, it's well handled by XOA.
But as I said, when a new user comes, admin must create manually is self-service "pod"

I'm starting to create a plugin who handles first user login and create a related self-service with quotas and internals network.

EDIT : just found this : https://github.com/vatesfr/xen-orchestra/issues/768 exactly what I mean.

julien-f created this issue in vatesfr/xen-orchestra

closed Self service: resource-set templates #768

olivierlambert

But how we could know how to assign which self service to which account in advance? Are they all having the same resources? I don't think it's possible to treat that "automatically" as it's a very specific use case. However, it should be possible to script that using our API.

Do you know if there's webhooks or something in LemonLDAP that could be called at user creation to automatically create a specific self service and assign the user into it?

Kptainflintt

Yes, all students will have a self-service with same quotas, templates, etc.
And all teacher will have also their own "template" for self-service.

And yes, there is some webhook in LemonLDAP, I don't know if it's the best solution for me now. I started to build a user dashboard with homer (because computing will not be the only service), with a button used by the user to create their self-service space in order to track it and send ticket if it fails.

I will try to script it with a flask API triggered by clicking the button, I don't know something like :

class Config:
    XO_API_URL = os.getenv('XO_API_URL', 'https://xo.domain.com/api/')
    XO_ADMIN_USER = os.getenv('XO_ADMIN_USER')
    XO_ADMIN_PASSWORD = os.getenv('XO_ADMIN_PASSWORD')
    JWT_SECRET = os.getenv('JWT_SECRET')
    POOL_NAME = "AMI"
    NETWORK_COUNT = 5
    RESOURCES = {
        'cpus': 6,
        'memory': 16 * 1024 * 1024 * 1024,  
        'disk': 150 * 1024 * 1024 * 1024     
    }

And then pass it to XOA API...

I will try it and see if it work, in that case, I will post code here.

olivierlambert

Let me ask @julien-f opinion about this

Kptainflintt

Thanx !

I will check out with your team at the start of the new year for subscription, maybe we will discuss about it.

@olivierlambert said in User self-service creation automation:

I don't think it's possible to treat that "automatically" as it's a very specific use case. However, it should be possible to script that using our API.

I don't think so. It's definetivly not an hypervisor must-have feature, but cloud yes. If you are a cloud provider and providing compute to customers, you will want to build "plans" for subscritpion and assign it automatically when user create is account and choose is plan.

It is the same thing here, instead of not having bilings and several plans.

Have a nice Christmas !