Client-authenticated task scheduling

[BoySanic]

I've thought of a few scenarios where I'd like to use Clusterizer, and in one scenario, I would target particular machines (or a set of machines) to schedule tasks specifically for those machines.

In this particular use-case, the clusterizer server/db contains tasks that clients will run, but the server schedules tasks to clients only if they've been given permission to run those tasks.

Maybe I want a set of machines that only runs a particular task at certain times of the day. Or I want to particularly target one connected machine with a particular task.

I think this could work like so:

We add groups for users to belong to in clusterizer.

A user_id is specific to a machine in this use case, but you tie multiple user_ids to a single group_id provided during the register api call. (Or done at a later time, this would be optional).

Tasks in this scenario should run on every machine in a particular group, or it should run for particular user_ids.

A task is submitted that targets a group. quorum is set to N where N is the number of user_ids in the group. Thus assignments_needed is N to start.

When a machine polls for new tasks, the server factors in the user's group membership to determine which tasks they can be assigned, on top of the tasks that aren't locked to a particular group.

The machine runs the task, its user_id is added the assignment_user_ids and thus can't get it again until it's scheduled to again.

When all machines have returned, we have all results particular to those computers.

Maybe they're system info gathering scripts. Or they're executables that ping a particular IP address and return the average, minimum, maximum RTT. Stuff like that.

The use-case I'm thinking of here is basically deploying clusterizer as a piece of RMM software for managing computers for organizations that shouldn't all run the same tasks, but it would be inconvenient to have multiple clusterizer instances nor would it be advisable to do this without authentication.

---

In short, I think this requires adding groups, and adding a column to a task to restrict assignment to that group. A group id of None would mean assign to everyone.

Perhaps there could also be groups of groups. Like, column for user_id, column for group_id, column for id. So you can nest groups into other groups for more granular permissions.

I can elaborate on this more.

[DutChen18]

Instead of having a separate group system, I think it's better to integrate this into the (currently non-existent) permissions system.

I imagine that tasks for different groups are different kinds of tasks anyways, so really the tasks should be for different projects instead of for different groups within the same project.

With a permissions system, some projects may require the user to have a permission to be able to run tasks for that project.

Is there any reason why you'd want to split a project's tasks into groups instead of just making multiple projects?