The Red Hat Research team supports several cloud environments, such as MOC Alliance and CloudLab. We realized there is a need to increase the productivity of bare metal machines in these environments and to promote leasing unused infrastructure to trusted partners. For this purpose, we started developing a project called Elastic Secure Infrastructure (ESI).
What is ESI?
The goal of ESI is to create a set of services to permit multiple tenants to flexibly allocate bare metal machines from a pool of available hardware, create networks, attach bare metal nodes and networks, and optionally provision an operating system on those systems. While doing this, we also had to consider two important goals:
- Allowing hardware owners to maintain control
- Allowing hardware consumers flexible self-provisioning
What is implemented in ESI?
Most OpenStack services are multi-tenant. The resources are owned by a project and cannot be seen by members of other projects. Ironic is also multi-tenant, in the sense that multiple parties can lease hardware. Crucially, however, it is not multi-admin; it has an “admin or nothing” model. A user with admin privileges can do everything, and a non-admin user can’t do anything. In order to support the true isolation of one cluster from another and allow full ownership of leased hardware, we extended Ironic to create true multi-tenancy at the hardware layer.
We have achieved multi-tenancy in Ironic by implementing the following features:
● Enabled node owners to control nodes
● Introduced the concept of a node lessee to Ironic
● Tweaked node deployment through the Ironic API
● Allowed Ironic to reserve nodes based on owner/lessee
ESI and OpenShift
The ESI Engineering team has tested installing and managing OpenShift on a bare metal infrastructure supported by ESI in various scenarios. Our aim was to enable research institutions to run their workloads in OpenShift, which in turn runs on a leaseable bare metal environment. This system enables research institutions to lease, sub-lease or claim bare metal machines and add or remove them from the OpenShift deployment without any impact on the OpenShift performance. In this way, we enable an elastic infrastructure layer along with OpenShift, which can reduce the operating cost of computation.
How do I get access to the ESI or get in touch with the team for a demo?
If you are interested in getting to know more about the ESI project and the project’s roadmap or want to be part of the development activities, you can contact us by sending an email to email@example.com. Also, please contact us if you are aware of any customers or partners who will be interested in collaborating with us.
ESI Documentation: https://esi.readthedocs.io/en/latest/index.html
ESI GitHub: https://github.com/CCI-MOC/esi