[one-users] groups and images/templates

Robert Parrott parrott at seas.harvard.edu
Mon Aug 29 08:09:37 PDT 2011


Hi Carlos,

The workaround you describe will get us going, and we can "enumerate"
our temapltes and resources as needed for now.

The multiple groups idea is most likely the _right_ approach, but for
the time being perhaps also could be added a "public" flag to listing,
which lists all objects which the user is entitled to see (in fact, at
first blush it seems that this is the correct default setting).

Rob

2011/8/29 Carlos Martín Sánchez <cmartin at opennebula.org>:
> Hi Robert,
>
> You are right about the meaning of "public", its scope is the resource's
> group.
> Using ACLs, you can create a group (let's say "shared"), and allow everybody
> to use and instantiate IMAGE and TEMPLATES in that group.
>
> $ onegroup create shared
> ID: 100
> ACL_ID: 2
> ACL_ID: 3
>
> $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
> ID: 4
>
> $ oneacl list
>    ID     USER RES_VHNIUTG   RID OPE_CDUMIPpTW
>     0       @1     V-NI-T-     *     C-----p--
>     1       @1     -H-----     *     --U------
>     2     @100     V-NI-T-     *     C-----p--
>     3     @100     -H-----     *     --U------
>     4        *     ---I-T-  @100     --U-I--T-
>
> That will provide the scenario you described.
> However, there's no straight-forward way for regular users to list the
> resources in the "shared" group, as they can only list resources with the
> 'all', 'mine' or 'group' flag.
>
> You can grant users the right to list all resources (INFO_POOL) if privacy
> is not a concern... or you could create some other way to let users know the
> list of resources in the "shared" group, for instance creating a new
> Sunstone plug-in [1]
>
>
> Maybe we could use this thread to discuss how to integrate better this
> use-case in future versions.
> We already have a request for multiple groups [2], that's one of the ways to
> address this issue.
>
> Regards,
> Carlos.
>
> [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
> [2] http://dev.opennebula.org/issues/761
>
> --
> Carlos Martín, MSc
> Project Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | cmartin at opennebula.org
>
>
>
> On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott <parrott at seas.harvard.edu>
> wrote:
>> Hi Folks,
>>
>> Is there some way to make images or templates completely public?
>>
>> Currently, it looks like making an image or template "public" means
>> that anyone within your group can see and use that image or template.
>> It would be nice to also have the functionality where members of any
>> group can make use of a set of public images and templates as a
>> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
>> or Ubuntu 10.04 LTS").
>>
>> Thanks,
>> Rob
>>
>>
>> --
>> Robert E. Parrott, Ph.D. (Phys. '06)
>> Director, Academic Computing
>> Harvard University Sch. of Eng. and App. Sci.
>> Maxwell-Dworkin  211,
>> 33 Oxford St.
>> Cambridge, MA 02138
>> (617)-496-1520
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>



-- 
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin  211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520



More information about the Users mailing list