<div class="" id="magicdomid2"><span class="">Hi Rasika,</span></div><div class="" id="magicdomid3"><br></div><div class="" id="magicdomid4"><span class="">With
OpenNebula 3.0 the scenario you describe can be set up. The creation
and administration of VM images, networking, and templates resources can
be restricted to certain users, or a group of users; leaving the
regular users the only option to instantiate a new VM from one of the
existing templates. OpenNebula of course manages the physical hosts and
schedules the deployment attending to the VM requirements and the
current available resources.</span></div><div class="" id="magicdomid5"><br></div><div class="" id="magicdomid6"><span class="">Documentation
about users, groups and ACL rules can be found here [1]. As a testing
environment, you could use the default groups 'oneadmin' and 'users'.</span></div><div class="" id="magicdomid7"><br></div><div class="ace-line" id="magicdomid451"><span class="">The following ACL </span><span class="author-g-kifij4xc9cm9xjfd">rules </span><span class="">
will allow users in the 'users' group to list Templates in their group.
They won't be able to list existing Images, VNets or Hosts; just the
templates.</span></div><div style="font-family: courier new,monospace;" class="" id="magicdomid9"><br></div><div style="font-family: courier new,monospace;" class="" id="magicdomid10"><span class="">$ oneacl list</span></div>
<div style="font-family: courier new,monospace;" class="" id="magicdomid11"><span class=""> ID USER RES_VHNIUTG RID OPE_CDUMIPpTW</span></div><div style="font-family: courier new,monospace;" class="" id="magicdomid12">
<span class=""> 1 @1 -H----- * --U------</span></div><div style="font-family: courier new,monospace;" class="" id="magicdomid13"><span class=""> 2 @1 -----T- * ------p--</span></div>
<div class="" id="magicdomid14"><br></div><div class="ace-line" id="magicdomid445"><span class="">The
implicit rules allow them also to instantiate public objects in their
group, so anyone in the 'oneadmin' group will have to create the Images,
VNets and VM Templates; and then change the group of those resources to
'users' and publish them. This process is equally easy from Sunstone </span><span class="author-g-kcanrfn6p9kpr74s">(ACL manager for Sunstone will be added soon) </span><span class="">or the CLI [2].</span></div>
<div class="" id="magicdomid16"><br></div><div class="ace-line" id="magicdomid287"><span class="">After the permissions have been restricted, Sunstone can be configured to </span><span class="author-g-kcanrfn6p9kpr74s">hide
undesired tabs (as the Vnets or Images view). Also it is very easy to
hide specific action buttons in each view. Button configuration objects,
along with the</span><span class=""> customiz</span><span class="author-g-kcanrfn6p9kpr74s">ation of</span><span class=""> the view</span><span class="author-g-kcanrfn6p9kpr74s">s, are</span><span class=""> explained in this guide [3]. You should leave the Templates and VMs tabs, hiding the rest.</span></div>
<div class="" id="magicdomid20"><br></div><div class="ace-line" id="magicdomid289"><span class="">The
last requirement, leaving the users the option to customize the Memory
and CPU of the Templates to instantiate, can be addressed in different
ways</span><span class="author-g-kcanrfn6p9kpr74s">:</span></div><div class="" id="magicdomid23"><br></div><div class="" id="magicdomid24"><span class="">If
you just want something that works out of the box, then you could
define different capacity templates for each machine, e.g. redhat-small
redhat-medium & redhat-big, so users could choose one of them.</span></div><div class="" id="magicdomid25"><br></div><div class="ace-line" id="magicdomid357"><span class="">But
if you really need to let users set freely some of the attributes of
the templates before they are initialized, then you can implement a new
Sunstone plug-in [4] to replace the current Templates tab. This new
plug-in could take a list of base templates, ask the user to customize
some of the attributes (like Memory or CPU) and create a new Template,
owned by the user.</span><span class="author-g-kcanrfn6p9kpr74s"> This is only one approach, as you can think of other ways of creating this specific plugin.</span></div><div class="" id="magicdomid27"><br></div><div class="ace-line" id="magicdomid365">
<span class="">This is a basic example, </span><span class="author-g-kcanrfn6p9kpr74s">which</span><span class="">
can be extended to a multi-tenant architecture using more groups, or
VDCs [5], adding the possibility of isolated work groups with their
group admin.</span></div><div class="ace-line" id="magicdomid612"><br></div><div class="ace-line" id="magicdomid613"><span class="author-g-kcanrfn6p9kpr74s">Finally,
as this is a very interesting issue, we are preparing a blog post in
which we will detail a bit better every step of the process.</span></div><div class="" id="magicdomid30"><br></div><div class="ace-line" id="magicdomid429"><span class="author-g-kcanrfn6p9kpr74s">Thank you for your interest,</span></div>
<div class="" id="magicdomid33"><span class="">Carlos.</span></div><div class="" id="magicdomid34"><br></div><div class="" id="magicdomid35"><span class="">[1] </span><span class=" url"><a href="http://opennebula.org/documentation:rel3.0:auth_overview">http://opennebula.org/documentation:rel3.0:auth_overview</a></span></div>
<div class="" id="magicdomid36"><span class="">[2] </span><span class=" url"><a href="http://opennebula.org/documentation:rel3.0:cli">http://opennebula.org/documentation:rel3.0:cli</a></span></div><div class="" id="magicdomid37">
<span class="">[3] </span><span class=" url"><a href="http://opennebula.org/documentation:rel3.0:sunstone_plugin_guide">http://opennebula.org/documentation:rel3.0:sunstone_plugin_guide</a></span></div><div class="" id="magicdomid38">
<span class="">[4] </span><span class=" url"><a href="http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference">http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference</a></span></div><div class="" id="magicdomid39">
<span class="">[5] </span><span class=" url"><a href="http://opennebula.org/documentation:rel3.0:vdcmngt">http://opennebula.org/documentation:rel3.0:vdcmngt</a></span></div><div class="" id="magicdomid40"><span class="">--</span></div>
<div class="" id="magicdomid41"><span class="">Carlos Martín, MSc</span></div><div class="" id="magicdomid42"><span class="">Project Major Contributor</span></div><div class="" id="magicdomid43"><span class="">OpenNebula - The Open Source Toolkit for Cloud Computing</span></div>
<div class="" id="magicdomid44"><span class=""><a href="http://www.OpenNebula.org">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org">cmartin@opennebula.org</a></span></div><br><br><div class="gmail_quote">
On Wed, Aug 3, 2011 at 7:23 AM, Rasika Karunathilaka <span dir="ltr"><<a href="mailto:rasika.karunathilaka@yahoo.com">rasika.karunathilaka@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="color:#000;background-color:#fff;font-family:arial, helvetica, sans-serif;font-size:10pt"><div>Hi Team,</div>
<div><br></div><div> Does open nebula has a user interface apart from Sunstone, which provide self managed features as in EC2. I need following to be done by the private cloud users, that is</div><div><span> whenever they need a new machine,</span></div>
<div><span> </span><span> * They login to OpenNebula interface and select the operating system (It can be Window, RedHat or CentOS) which they need and select the Memory and CPU Power, then just by clicking single link or button machine get created to them and they could access it.</span></div>
<div><span> </span><span> My users won't know on which machine that he is going to deploy or to select whatever
machine which has less load. Further, he might not be a technical person to understand and create current template, he might just know OS name and following quick easy step he should be able to deploy and get what he needs. Does open nebula has the capability to look at the current setup (Network , hosts, disk space) and figure out on which machine to deploy. (Self Manageability) <br>
</span></div><div><span><br></span></div><div><span> OpenNebula is giving fantastic features and I really enjoyed it. if there is self managed user interface that will be great to have! Please let me know where to look for...<br>
</span></div><div><span> </span> </div><div><br></div><div>Best regards,</div><div>Rasika K</div></div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br>