[one-users] Changes in 3.0 template network syntax
Carlos Martín Sánchez
cmartin at opennebula.org
Thu Sep 15 03:54:21 PDT 2011
Hi Steve,
On Wed, Sep 14, 2011 at 4:39 PM, Steven Timm <timm at fnal.gov> wrote:
> So two questions--why did they change the syntax? It is easier
> for users to remember the name of the network than the ID of the
> network particularly since users now can't do onevnet list, and
> it renders all of our existing templates (dozens of them) broken
> and we will have to change them.
>
Some users requested to let new resources use repeated names. This makes
sense in deployments with a large number of users, or in a multi-tenant
scenario.
The drawback is that users are forced to use the ID in VM templates, but it
seemed a reasonable requirement.
Users can still use the 'onevnet list' command. By default, they can list
their vnets with the 'm' (mine) option, and the vnets in their group with
'g' (group).
If you need all users to be able to list any existing vnet with the 'a'
(all) option, like users in the oneadmin group can do, then you need to set
the following ACL:
$ oneacl create "* NET/* INFO_POOL+INFO+USE"
And second, why can not the user pick the network they want.. is
> there some ACL that has to be set now? If so, where?
>
>
Users can list, show and use by default any vnet they own, and any public
vnets in their group.
You can also set an ACL rule with the INFO+USE permission for any other
vnet; more information is available here [1].
You can forget about ACL and permissions if all users are in the default
"users" group, and create all resources in that group (not in "oneadmin"
group).
> Steve Timm
>
Best regards.
[1] http://opennebula.org/documentation:rel3.0:manage_acl
--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org
On Wed, Sep 14, 2011 at 4:39 PM, Steven Timm <timm at fnal.gov> wrote:
>
> It appears that there have been several changes in the
> syntax of the NETWORK section in OpenNebula 3.0 which
> make templates for version 2.0 no longer work.
>
> Below is my template as modified for OpenNebula 3.
>
> I was previously using NETWORK = "FermiCloudTest" (the name of the network)
> and it now appears I have to change the NIC section
> to say NETWORK_ID = 1 (the number of this network).
> but NOT change the contextualization section, which still
> requires the name of the network. Anyway, this template is now
> syntactically correct but when I try to launch it
> I get the error:
>
> bash-3.2$ onevm create test-kvm-3.one
> [VirtualMachineAllocate] User [1] : Not authorized to perform USE NET [1].
> ------------------------------**-----------------------------
>
>
> So two questions--why did they change the syntax? It is easier
> for users to remember the name of the network than the ID of the
> network particularly since users now can't do onevnet list, and
> it renders all of our existing templates (dozens of them) broken
> and we will have to change them.
> And second, why can not the user pick the network they want.. is
> there some ACL that has to be set now? If so, where?
>
> Steve Timm
>
>
> -------------------------
> NAME = test-kvm
> VCPU = 1
> MEMORY = 2048
>
> #OS = [
> # kernel = /vmlinuz,
> # initrd = /initrd.img,
> # root = sda1,
> # kernel_cmd = "ro xencons=tty console=tty1"]
>
> DISK = [
> source = /cloud/images/OpenNebula/**images/current-image.img,
> save = yes,
> target = vda,
> readonly = no ]
>
> DISK = [
> type = swap,
> size = 5120,
> target = vdb ]
>
> DISK = [
> type = fs,
> size = 4096,
> format = ext3,
> save = yes,
> target = vdc,
> bus = virtio ]
>
> NIC = [ NETWORK_ID = 1 , model = virtio ]
>
> FEATURES=[ acpi="yes" ]
>
> GRAPHICS = [
> type = "vnc",
> listen = "127.0.0.1",
> port = "-1",
> autoport = "yes",
> keymap="en-us" ]
>
> CONTEXT = [
> ip_public = "$NIC[IP, NETWORK=\"FermiCloudTest\"]",
> netmask = "255.255.254.0",
> gateway = "131.225.154.1",
> ns = "131.225.8.120",
> files = "/cloud/images/OpenNebula/**templates/init.sh
> /home/timm/OpenNebula/k5login /home/timm/OpenNebula/link_**certs.sh",
> target = "hdc",
> root_pubkey = "id_dsa.pub",
> username = "opennebula",
> user_pubkey = "id_dsa.pub"
> ]
>
> REQUIREMENTS = "HYPERVISOR=\"kvm\""
> RANK = "- RUNNING_VMS"
> ------------------------------**------------------------
>
> [root at fgitb317 var]# onevnet show 1
> VIRTUAL NETWORK 1 INFORMATION
> ID : 1
> USER : oneadmin
> GROUP : oneadmin
> PUBLIC : Yes
> USED LEASES : 0
>
> VIRTUAL NETWORK TEMPLATE
> BRIDGE=br1
> LEASES=[ IP=131.225.154.169, MAC=54:52:00:02:b5:00 ]
> LEASES=[ IP=131.225.154.170, MAC=54:52:00:02:b5:01 ]
> LEASES=[ IP=131.225.154.171, MAC=54:52:00:02:b5:02 ]
> LEASES=[ IP=131.225.154.168, MAC=54:52:00:02:b5:03 ]
> NAME=FermiCloudTest
> TYPE=FIXED
>
> LEASES INFORMATION
> LEASE=[ IP=131.225.154.168, MAC=54:52:00:02:b5:03, USED=0, VID=-1 ]
> LEASE=[ IP=131.225.154.169, MAC=54:52:00:02:b5:00, USED=0, VID=-1 ]
> LEASE=[ IP=131.225.154.170, MAC=54:52:00:02:b5:01, USED=0, VID=-1 ]
> LEASE=[ IP=131.225.154.171, MAC=54:52:00:02:b5:02, USED=0, VID=-1 ]
>
> --
> ------------------------------**------------------------------**------
> Steven C. Timm, Ph.D (630) 840-8525
> timm at fnal.gov http://home.fnal.gov/~timm/
> Fermilab Computing Division, Scientific Computing Facilities,
> Grid Facilities Department, FermiGrid Services Group, Group Leader.
> Lead of FermiCloud project.
> ______________________________**_________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110915/3672b5fe/attachment-0003.htm>
More information about the Users
mailing list