[one-users] groups and images/templates

Robert Parrott parrott at seas.harvard.edu
Wed Sep 21 07:43:32 PDT 2011


This seems a sensible approach to me. It's reminiscent of the unix
permission categories "me", "group" and "everyone".

2011/9/21 Carlos Martín Sánchez <cmartin at opennebula.org>:
> Hi all,
>
> We are considering a new simple approach on this use-case, and we'd like to
> hear your thoughts:
>
> Resources could have two flags to let other users list/use them:
> - shared: users in the resource's group.
> - public: all users
>
> This would make it easier to share resources with everybody (there is no
> need to manage ACLs), and users could list "shared" objects.
>
> Regards.
> --
> Carlos Martín, MSc
> Project Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | cmartin at opennebula.org
>
>
> 2011/8/29 Robert Parrott <parrott at seas.harvard.edu>
>>
>> Hi Carlos,
>>
>> The workaround you describe will get us going, and we can "enumerate"
>> our temapltes and resources as needed for now.
>>
>> The multiple groups idea is most likely the _right_ approach, but for
>> the time being perhaps also could be added a "public" flag to listing,
>> which lists all objects which the user is entitled to see (in fact, at
>> first blush it seems that this is the correct default setting).
>>
>> Rob
>>
>> 2011/8/29 Carlos Martín Sánchez <cmartin at opennebula.org>:
>> > Hi Robert,
>> >
>> > You are right about the meaning of "public", its scope is the resource's
>> > group.
>> > Using ACLs, you can create a group (let's say "shared"), and allow
>> > everybody
>> > to use and instantiate IMAGE and TEMPLATES in that group.
>> >
>> > $ onegroup create shared
>> > ID: 100
>> > ACL_ID: 2
>> > ACL_ID: 3
>> >
>> > $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
>> > ID: 4
>> >
>> > $ oneacl list
>> >    ID     USER RES_VHNIUTG   RID OPE_CDUMIPpTW
>> >     0       @1     V-NI-T-     *     C-----p--
>> >     1       @1     -H-----     *     --U------
>> >     2     @100     V-NI-T-     *     C-----p--
>> >     3     @100     -H-----     *     --U------
>> >     4        *     ---I-T-  @100     --U-I--T-
>> >
>> > That will provide the scenario you described.
>> > However, there's no straight-forward way for regular users to list the
>> > resources in the "shared" group, as they can only list resources with
>> > the
>> > 'all', 'mine' or 'group' flag.
>> >
>> > You can grant users the right to list all resources (INFO_POOL) if
>> > privacy
>> > is not a concern... or you could create some other way to let users know
>> > the
>> > list of resources in the "shared" group, for instance creating a new
>> > Sunstone plug-in [1]
>> >
>> >
>> > Maybe we could use this thread to discuss how to integrate better this
>> > use-case in future versions.
>> > We already have a request for multiple groups [2], that's one of the
>> > ways to
>> > address this issue.
>> >
>> > Regards,
>> > Carlos.
>> >
>> > [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
>> > [2] http://dev.opennebula.org/issues/761
>> >
>> > --
>> > Carlos Martín, MSc
>> > Project Major Contributor
>> > OpenNebula - The Open Source Toolkit for Cloud Computing
>> > www.OpenNebula.org | cmartin at opennebula.org
>> >
>> >
>> >
>> > On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott
>> > <parrott at seas.harvard.edu>
>> > wrote:
>> >> Hi Folks,
>> >>
>> >> Is there some way to make images or templates completely public?
>> >>
>> >> Currently, it looks like making an image or template "public" means
>> >> that anyone within your group can see and use that image or template.
>> >> It would be nice to also have the functionality where members of any
>> >> group can make use of a set of public images and templates as a
>> >> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
>> >> or Ubuntu 10.04 LTS").
>> >>
>> >> Thanks,
>> >> Rob
>> >>
>> >>
>> >> --
>> >> Robert E. Parrott, Ph.D. (Phys. '06)
>> >> Director, Academic Computing
>> >> Harvard University Sch. of Eng. and App. Sci.
>> >> Maxwell-Dworkin  211,
>> >> 33 Oxford St.
>> >> Cambridge, MA 02138
>> >> (617)-496-1520
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opennebula.org
>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>
>> >
>> >
>>
>>
>>
>> --
>> Robert E. Parrott, Ph.D. (Phys. '06)
>> Director, Academic Computing
>> Harvard University Sch. of Eng. and App. Sci.
>> Maxwell-Dworkin  211,
>> 33 Oxford St.
>> Cambridge, MA 02138
>> (617)-496-1520
>
>



-- 
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin  211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520



More information about the Users mailing list