[one-users] groups and images/templates
Carlos Martín Sánchez
cmartin at opennebula.org
Wed Sep 21 03:34:53 PDT 2011
We are considering a new simple approach on this use-case, and we'd like to
hear your thoughts:
Resources could have two flags to let other users list/use them:
- shared: users in the resource's group.
- public: all users
This would make it easier to share resources with everybody (there is no
need to manage ACLs), and users could list "shared" objects.
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org
2011/8/29 Robert Parrott <parrott at seas.harvard.edu>
> Hi Carlos,
> The workaround you describe will get us going, and we can "enumerate"
> our temapltes and resources as needed for now.
> The multiple groups idea is most likely the _right_ approach, but for
> the time being perhaps also could be added a "public" flag to listing,
> which lists all objects which the user is entitled to see (in fact, at
> first blush it seems that this is the correct default setting).
> 2011/8/29 Carlos Martín Sánchez <cmartin at opennebula.org>:
> > Hi Robert,
> > You are right about the meaning of "public", its scope is the resource's
> > group.
> > Using ACLs, you can create a group (let's say "shared"), and allow
> > to use and instantiate IMAGE and TEMPLATES in that group.
> > $ onegroup create shared
> > ID: 100
> > ACL_ID: 2
> > ACL_ID: 3
> > $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
> > ID: 4
> > $ oneacl list
> > ID USER RES_VHNIUTG RID OPE_CDUMIPpTW
> > 0 @1 V-NI-T- * C-----p--
> > 1 @1 -H----- * --U------
> > 2 @100 V-NI-T- * C-----p--
> > 3 @100 -H----- * --U------
> > 4 * ---I-T- @100 --U-I--T-
> > That will provide the scenario you described.
> > However, there's no straight-forward way for regular users to list the
> > resources in the "shared" group, as they can only list resources with the
> > 'all', 'mine' or 'group' flag.
> > You can grant users the right to list all resources (INFO_POOL) if
> > is not a concern... or you could create some other way to let users know
> > list of resources in the "shared" group, for instance creating a new
> > Sunstone plug-in 
> > Maybe we could use this thread to discuss how to integrate better this
> > use-case in future versions.
> > We already have a request for multiple groups , that's one of the ways
> > address this issue.
> > Regards,
> > Carlos.
> >  http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
> >  http://dev.opennebula.org/issues/761
> > --
> > Carlos Martín, MSc
> > Project Major Contributor
> > OpenNebula - The Open Source Toolkit for Cloud Computing
> > www.OpenNebula.org | cmartin at opennebula.org
> > On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott <
> parrott at seas.harvard.edu>
> > wrote:
> >> Hi Folks,
> >> Is there some way to make images or templates completely public?
> >> Currently, it looks like making an image or template "public" means
> >> that anyone within your group can see and use that image or template.
> >> It would be nice to also have the functionality where members of any
> >> group can make use of a set of public images and templates as a
> >> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
> >> or Ubuntu 10.04 LTS").
> >> Thanks,
> >> Rob
> >> --
> >> Robert E. Parrott, Ph.D. (Phys. '06)
> >> Director, Academic Computing
> >> Harvard University Sch. of Eng. and App. Sci.
> >> Maxwell-Dworkin 211,
> >> 33 Oxford St.
> >> Cambridge, MA 02138
> >> (617)-496-1520
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin 211,
> 33 Oxford St.
> Cambridge, MA 02138
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users