[one-users] copying error during "oneimage create"

Fri Jun 8 01:04:35 PDT 2012

Hi,

I'd say that the current supported approach is created a datastore for
each group as:

1.- Create the datastore for each group
2.- Set SAFE_DIRS for the datastore
3.- Set the ACLs so just the desired group can make use of the Datasore

Cheers

Ruben

On Fri, Jun 8, 2012 at 8:35 AM, Jhon Masschelein
<jhon.masschelein at sara.nl> wrote:
> Hi,
>
> I've recently been playing with those settings and we would really like it
> if the directives could contain parameters.
>
> For example, I would like to give access to /Repo/[onegroup]/images or
> /repo/[oneuser]/images to the respective groups and users only.
>
> But as far as I can see, the remote script that does the check (fsrc) does
> not know the ONE user or group that is requesting access.
>
> Wkr,
>
> Jhon
>
> On 06/08/2012 12:17 AM, Ruben S. Montero wrote:
>>
>> Hi
>>
>> In order to prevent the registration of  "unsecure" files (e.g. oneadmin
>> ssh key, the whole OpenNebula db) There are certain directories
>> restricted to copy from (note that cp operations are made with the
>> oneadmin identity).
>>
>> This can be configured per Datastore as explained in [1].
>>
>> So
>>
>> $ onedatastore update 100
>>
>> and then add in the editor session opened by the command:
>>
>> SAFE_DIRS = "/home/oneadmin/images/"
>>
>> Cheers
>>
>> Ruben
>>
>> [1]
>> http://www.opennebula.org/documentation:rel3.4:fs_ds#configuring_the_filesystem_datastores
>>
>>
>> On Thu, Jun 7, 2012 at 4:36 PM, Massimo Canonico <mex at di.unipmn.it> wrote:
>>>
>>> Hi all,
>>> after launching this command:
>>>  oneimage create ubuntu.oneimg --datastore 100
>>>
>>> I got an error:
>>> MESSAGE="Error copying image in the repository: Not allowed to copy image
>>> file /home/oneadmin/images/CentOS-6.2.img"
>>>
>>> I have just two machines and they do not share a filesystem, so I decided
>>> to
>>> create a datastore with "fs" as  TYPE and "ssh" as TM:
>>> [oneadmin at minicloud03 images]$ onedatastore list
>>>  ID NAME            CLUSTER  IMAGES TYPE   TM
>>>   0 system          -        0      -      shared
>>>   1 default         -        0      fs     shared
>>>  100 minicloudDS     -        1      fs     ssh
>>>
>>> Now, I think that the problem is in the host machine. Considering that in
>>> the front-end I have used the self-contained mode, which directory should
>>> be
>>> available in the host?
>>>
>>> In the host I have a user called "oneadmin" which the home directory is
>>> "/var/lib/one". I have created in the host a directory
>>> (/var/lib/one/datastores) with no luck.
>>>
>>>  From the front-end to host (minicloud.di.unipmn.it), this command works
>>> without problem (no passwd is required):
>>> scp <file> minicloud.di.unipmn.it:/var/lib/one/
>>>
>>> May you explain me where the image will be copied?
>>>
>>> Thanks,
>>>  Massimo
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>>
>
> --
> Jhon Masschelein
> Senior Systeemprogrammeur
> SARA - HPCV
>
> Science Park 140
> 1098 XG Amsterdam
> T +31 (0)20 592 8099
> F +31 (0)20 668 3167
> M +31 (0)6 4748 9328
> E jhon.masschelein at sara.nl
> http://www.sara.nl
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula