[one-users] default ownership for VM instances

Gary S. Cuozzo gary at isgsoftware.net
Tue Apr 2 09:35:36 PDT 2013

Hi Carlos, 
Thank you for the quick reply. Yes, a hook should work great for this. I'm not sure why I didn't think of that before! 
Thanks again, 

----- Original Message -----


I think this can be easily done with a hook [1]. You will need to trigger it each time a new VM is created: 

VM_HOOK = [ 
name = "default_chmod", 
on = "CREATE", 
command = "default_chmod.rb", 
arguments = "$ID $TEMPLATE" ] 

And then create a small script (default_chmod.rb) that looks for the default uid and gid inside the vm template (second argument, it will be the xml base64 enconded); and executes 'onevm chmod'. 

Let me know if this works for you. 


[1] http://opennebula.org/documentation:rel3.8:hooks 

Carlos Martín, MSc 
Project Engineer 
OpenNebula - The Open-source Solution for Data Center Virtualization 
www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula 

On Tue, Apr 2, 2013 at 4:40 PM, Gary S. Cuozzo < gary at isgsoftware.net > wrote: 

Hello all, 
Is there a way to have a VM user/group ownership (and potentially ACL's) be set based on values in the template? 

Here is my use case: 
Currently, all of our VM's are one of a kind. Each VM is based on a unique template and uses persistent images. It is the virtual equivalent of colocated servers where each customer has their own dedicated and customized servers. We basically manage the images & templates, but want to give users access to their vm for start/stop/vnc. 

What I have right now is I create a user/group for each customer. The I set the ownership of the resources to be their user & group. When we instantiate the VM, we have to remember to set the ownership accordingly or it will not show up as a resource when they login to sunstone. 

It would be ideal if there was a way to specify, in the template, the default user and group which should own the VM and the ACL's. It would also be nice if the default name of the VM could be set (Though I think there may already be a feature being added for this). This way, if we had to stop & recreate the VM instance (such as for adding more resources), we could do it without having to remember to set permissions manually. 

Let me know what you think. 


Users mailing list 
Users at lists.opennebula.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130402/89a0a469/attachment-0001.htm>

More information about the Users mailing list