[Esi] OpenShift on Elastic Secure Bare-metal Infrastructure

Gagan Kumar gakumar at redhat.com
Tue Nov 15 15:00:20 EST 2022 

TL;DR: The Red Hat Research team is working on a Bare-metal leasing project
called Elastic Secure Infrastructure <https://github.com/CCI-MOC/esi> with
the goal of enabling different Research Computing environments to share
their bare-metal infrastructure based on computing demands. In recent days,
the team tested managing OpenShift on the underlying leased bare-metal
infrastructure. Now, after significant tests and experiments, Red Hat’s
OpenShift can be supported on a leased bare-metal infrastructure where
servers can be leased and released.  ESI and infrastructure for evaluating
it are currently available in the MOC Alliance <https://massopen.cloud/>.
If you are interested in this project, get in touch with the Red Hat
Research team.

Hi All,

The Red Hat Research team supports several Cloud environments such as MOC
Alliance and CloudLab. We realized there is a need to increase the
productivity of bare-metal machines in these environments and also promote
leasing unused infrastructure to trusted partners. For this purpose, we
started developing a project called Elastic Secure Infrastructure (ESI).

What is ESI?

The goal of ESI is to create a set of services to permit multiple tenants
to flexibly allocate bare-metal machines from a pool of available hardware,
create networks, attach bare-metal nodes and networks, and optionally
provision an operating system on those systems. While doing this, we also
had to consider two important goals:

   -

   Allow hardware owners to maintain control.
   -

   Allow hardware consumers flexible self-provisioning.


What is implemented in ESI?

Most OpenStack services are “multi-tenant”. The resources are owned by a
project and cannot be seen by members of other projects. Ironic is also
multi-tenant, in the sense that multiple parties can lease hardware.
Crucially, however, it is not “multi-admin;” it has an “admin or nothing”
model. A user with admin privileges can do everything, and a non-admin user
can’t do anything. In order to support the true isolation of one cluster
from another and allow full ownership of leased hardware, we extended
Ironic to create true multi-tenancy at the hardware layer.

We have achieved multi-tenancy in Ironic by implementing the following
features:

● Enabled node owners to control nodes

● Introduced the concept of a node lessee to Ironic

● Tweaked node deployment through the Ironic API

● Allowed Ironic to reserve nodes based on owner/lessee

ESI and OpenShift

The ESI Engineering team has tested installing and managing OpenShift on a
bare-metal infrastructure supported by ESI in various scenarios. Our aim
was to enable research institutions to run their workloads in OpenShift,
which in turn runs on a leaseable bare-metal environment. This system
enables research institutions to lease, sub-lease or claim bare-metal
machines and add or remove them from the OpenShift deployment without any
impact on the OpenShift performance. In this way, we enable an elastic
infrastructure layer along with OpenShift, which can reduce the operating
cost of computation.

How do I get access to the ESI or get in touch with the team for a demo?

If you are interested in getting to know more about the ESI project, and
the project’s roadmap or want to be part of the development activities, you
can contact us by sending an email to esi at lists.massopen.cloud. Also, if
you are aware of any customers/partners who will be interested in
collaborating with us, you can contact us as well.

To learn more about this and other interesting projects, visit the Red Hat
Research Blog <https://research.redhat.com/blog/> and also sign up for a
free Red Hat Research Quarterly <https://research.redhat.com/quarterly/>
magazine subscription.

Resource:

ESI in News:
https://research.redhat.com/blog/2022/11/15/openshift-on-elastic-secure-bare-metal-infrastructure/

ESI Documentation: https://esi.readthedocs.io/en/latest/index.html

ESI GitHub: https://github.com/CCI-MOC/esi

Regards,

ESI Team
<https://www.redhat.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.massopen.cloud/pipermail/esi/attachments/20221115/e65d9a74/attachment.html>

More information about the esi mailing list