[one-users] How can I allow members of a group to RUN a persistent vm?

Carlos Martín Sánchez cmartin at opennebula.org
Thu Jan 8 04:06:16 PST 2015


Hi,

On Mon, Dec 22, 2014 at 7:46 PM, Mr Sensible <doilooksensible at gmail.com>
wrote:

> So, the question. How can I allow members of a group to RUN a persistent
> vm?
>
> Current Setup
>
> OpenNebula 4.10.1
>
> SO I have a VM, that :
> - is running in an SSH system datastore.
> - has an image marked as persistent
> - set to group infAdmins
>
> Current permissions
> - image            Use : NO    Manage : YES    Admin : YES
> - network        Use : YES    Manage : YES    Admin : YES
> - template      Use : YES    Manage : YES    Admin : YES
> - vm                 Use : YES    Manage : YES    Admin : YES
>
>
> I find that admins in the group can not run this VM. I checked the vm
> permissions, and yes, group run permission was unchecked. However, I am
> unable to allow Group Run privilege, as "A persistent image cannot be made
> public".
>
> So I am a bit stuck. I need the vm to be persistent (in case of hardware
> failure) but I need the ssh local system datastore  for performance, and I
> really need a small group other than me to be able to run up VMs, either
> pre-created by me, or from scratch. I also create VMs for project teams,
> and need them to be able to run up their own VMs (at the group level).
>
>
> Apologies if I am trying to do something stupid (or missing something
> obvious).
>
> Thanks and seasons greetings
>
> Peter
>

This limitation is there for legacy reasons, and because of your mail we
have decided to remove it in the next maintenance release [1].
Meanwhile, you can give USE permissions to the group through an ACL rule
[2].

In any case, please be aware that a persistent Image can only be used by 1
VM at a time.

Best regards.

[1] http://dev.opennebula.org/issues/3494
[2]
http://docs.opennebula.org/4.10/administration/users_and_groups/manage_acl.html

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org |
@OpenNebula <http://twitter.com/opennebula> <cmartin at opennebula.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20150108/561bc1f9/attachment-0001.htm>


More information about the Users mailing list