[one-users] groups and images/templates

Carlos Martín Sánchez cmartin at opennebula.org
Wed Sep 21 03:34:53 PDT 2011


Hi all,

We are considering a new simple approach on this use-case, and we'd like to
hear your thoughts:

Resources could have two flags to let other users list/use them:
- shared: users in the resource's group.
- public: all users

This would make it easier to share resources with everybody (there is no
need to manage ACLs), and users could list "shared" objects.

Regards.
--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org


2011/8/29 Robert Parrott <parrott at seas.harvard.edu>

> Hi Carlos,
>
> The workaround you describe will get us going, and we can "enumerate"
> our temapltes and resources as needed for now.
>
> The multiple groups idea is most likely the _right_ approach, but for
> the time being perhaps also could be added a "public" flag to listing,
> which lists all objects which the user is entitled to see (in fact, at
> first blush it seems that this is the correct default setting).
>
> Rob
>
> 2011/8/29 Carlos Martín Sánchez <cmartin at opennebula.org>:
> > Hi Robert,
> >
> > You are right about the meaning of "public", its scope is the resource's
> > group.
> > Using ACLs, you can create a group (let's say "shared"), and allow
> everybody
> > to use and instantiate IMAGE and TEMPLATES in that group.
> >
> > $ onegroup create shared
> > ID: 100
> > ACL_ID: 2
> > ACL_ID: 3
> >
> > $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
> > ID: 4
> >
> > $ oneacl list
> >    ID     USER RES_VHNIUTG   RID OPE_CDUMIPpTW
> >     0       @1     V-NI-T-     *     C-----p--
> >     1       @1     -H-----     *     --U------
> >     2     @100     V-NI-T-     *     C-----p--
> >     3     @100     -H-----     *     --U------
> >     4        *     ---I-T-  @100     --U-I--T-
> >
> > That will provide the scenario you described.
> > However, there's no straight-forward way for regular users to list the
> > resources in the "shared" group, as they can only list resources with the
> > 'all', 'mine' or 'group' flag.
> >
> > You can grant users the right to list all resources (INFO_POOL) if
> privacy
> > is not a concern... or you could create some other way to let users know
> the
> > list of resources in the "shared" group, for instance creating a new
> > Sunstone plug-in [1]
> >
> >
> > Maybe we could use this thread to discuss how to integrate better this
> > use-case in future versions.
> > We already have a request for multiple groups [2], that's one of the ways
> to
> > address this issue.
> >
> > Regards,
> > Carlos.
> >
> > [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
> > [2] http://dev.opennebula.org/issues/761
> >
> > --
> > Carlos Martín, MSc
> > Project Major Contributor
> > OpenNebula - The Open Source Toolkit for Cloud Computing
> > www.OpenNebula.org | cmartin at opennebula.org
> >
> >
> >
> > On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott <
> parrott at seas.harvard.edu>
> > wrote:
> >> Hi Folks,
> >>
> >> Is there some way to make images or templates completely public?
> >>
> >> Currently, it looks like making an image or template "public" means
> >> that anyone within your group can see and use that image or template.
> >> It would be nice to also have the functionality where members of any
> >> group can make use of a set of public images and templates as a
> >> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
> >> or Ubuntu 10.04 LTS").
> >>
> >> Thanks,
> >> Rob
> >>
> >>
> >> --
> >> Robert E. Parrott, Ph.D. (Phys. '06)
> >> Director, Academic Computing
> >> Harvard University Sch. of Eng. and App. Sci.
> >> Maxwell-Dworkin  211,
> >> 33 Oxford St.
> >> Cambridge, MA 02138
> >> (617)-496-1520
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
> >
>
>
>
> --
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin  211,
> 33 Oxford St.
> Cambridge, MA 02138
> (617)-496-1520
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110921/ec278a6f/attachment-0002.htm>


More information about the Users mailing list