Hi Steve,<br><br>On Wed, Sep 14, 2011 at 4:39 PM, Steven Timm <span dir="ltr"><<a href="mailto:timm@fnal.gov" target="_blank">timm@fnal.gov</a>></span> wrote:<br><div> </div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
So two questions--why did they change the syntax? It is easier<br>
for users to remember the name of the network than the ID of the<br>
network particularly since users now can't do onevnet list, and<br>
it renders all of our existing templates (dozens of them) broken<br>
and we will have to change them.<br></blockquote><div><br>Some users requested to let new resources use repeated names. This makes sense in deployments with a large number of users, or in a multi-tenant scenario.<br>The drawback is that users are forced to use the ID in VM templates, but it seemed a reasonable requirement.<br>
<br>Users can still use the 'onevnet list' command. By default, they can list their vnets with the 'm' (mine) option, and the vnets in their group with 'g' (group).<br>If you need all users to be able to list any existing vnet with the 'a' (all) option, like users in the oneadmin group can do, then you need to set the following ACL:<br>
<br><pre class="xterm">$ oneacl create "* NET/* INFO_POOL+INFO+USE"
</pre><br></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
And second, why can not the user pick the network they want.. is<br>
there some ACL that has to be set now? If so, where?<br>
<br></blockquote><div><br>Users can list, show and use by default any vnet they own, and any public vnets in their group.<br>You can also set an ACL rule with the INFO+USE permission for any other vnet; more information is available here [1].<br>
<br>You can forget about ACL and permissions if all users are in the default "users" group, and create all resources in that group (not in "oneadmin" group).<br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Steve Timm<br></blockquote><div><br>Best regards.<br><br>[1] <a href="http://opennebula.org/documentation:rel3.0:manage_acl">http://opennebula.org/documentation:rel3.0:manage_acl</a><br clear="all"></div><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial, sans-serif;font-size:13px">--<br>
Carlos Martín, MSc<br>Project Major Contributor<br>
<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span> - The Open Source Toolkit for Cloud Computing<br><a href="http://www.opennebula.org/" style="color:rgb(42, 93, 176)" target="_blank">www.<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span>.org</a> | <a href="mailto:cmartin@opennebula.org" style="color:rgb(42, 93, 176)" target="_blank">cmartin@<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">opennebula</span>.org</a></span><br>
<br><br><div class="gmail_quote">On Wed, Sep 14, 2011 at 4:39 PM, Steven Timm <span dir="ltr"><<a href="mailto:timm@fnal.gov" target="_blank">timm@fnal.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
It appears that there have been several changes in the<br>
syntax of the NETWORK section in OpenNebula 3.0 which<br>
make templates for version 2.0 no longer work.<br>
<br>
Below is my template as modified for OpenNebula 3.<br>
<br>
I was previously using NETWORK = "FermiCloudTest" (the name of the network) and it now appears I have to change the NIC section<br>
to say NETWORK_ID = 1 (the number of this network).<br>
but NOT change the contextualization section, which still<br>
requires the name of the network. Anyway, this template is now<br>
syntactically correct but when I try to launch it<br>
I get the error:<br>
<br>
bash-3.2$ onevm create test-kvm-3.one<br>
[VirtualMachineAllocate] User [1] : Not authorized to perform USE NET [1].<br>
------------------------------<u></u>-----------------------------<br>
<br>
<br>
So two questions--why did they change the syntax? It is easier<br>
for users to remember the name of the network than the ID of the<br>
network particularly since users now can't do onevnet list, and<br>
it renders all of our existing templates (dozens of them) broken<br>
and we will have to change them.<br>
And second, why can not the user pick the network they want.. is<br>
there some ACL that has to be set now? If so, where?<br>
<br>
Steve Timm<br>
<br>
<br>
-------------------------<br>
NAME = test-kvm<br>
VCPU = 1<br>
MEMORY = 2048<br>
<br>
#OS = [<br>
# kernel = /vmlinuz,<br>
# initrd = /initrd.img,<br>
# root = sda1,<br>
# kernel_cmd = "ro xencons=tty console=tty1"]<br>
<br>
DISK = [<br>
source = /cloud/images/OpenNebula/<u></u>images/current-image.img,<br>
save = yes,<br>
target = vda,<br>
readonly = no ]<br>
<br>
DISK = [<br>
type = swap,<br>
size = 5120,<br>
target = vdb ]<br>
<br>
DISK = [<br>
type = fs,<br>
size = 4096,<br>
format = ext3,<br>
save = yes,<br>
target = vdc,<br>
bus = virtio ]<br>
<br>
NIC = [ NETWORK_ID = 1 , model = virtio ]<br>
<br>
FEATURES=[ acpi="yes" ]<br>
<br>
GRAPHICS = [<br>
type = "vnc",<br>
listen = "127.0.0.1",<br>
port = "-1",<br>
autoport = "yes",<br>
keymap="en-us" ]<br>
<br>
CONTEXT = [<br>
ip_public = "$NIC[IP, NETWORK=\"FermiCloudTest\"]",<br>
netmask = "255.255.254.0",<br>
gateway = "131.225.154.1",<br>
ns = "131.225.8.120",<br>
files = "/cloud/images/OpenNebula/<u></u>templates/init.sh /home/timm/OpenNebula/k5login /home/timm/OpenNebula/link_<u></u>certs.sh",<br>
target = "hdc",<br>
root_pubkey = "id_dsa.pub",<br>
username = "opennebula",<br>
user_pubkey = "id_dsa.pub"<br>
]<br>
<br>
REQUIREMENTS = "HYPERVISOR=\"kvm\""<br>
RANK = "- RUNNING_VMS"<br>
------------------------------<u></u>------------------------<br>
<br>
[root@fgitb317 var]# onevnet show 1<br>
VIRTUAL NETWORK 1 INFORMATION<br>
ID : 1<br>
USER : oneadmin<br>
GROUP : oneadmin<br>
PUBLIC : Yes<br>
USED LEASES : 0<br>
<br>
VIRTUAL NETWORK TEMPLATE<br>
BRIDGE=br1<br>
LEASES=[ IP=131.225.154.169, MAC=54:52:00:02:b5:00 ]<br>
LEASES=[ IP=131.225.154.170, MAC=54:52:00:02:b5:01 ]<br>
LEASES=[ IP=131.225.154.171, MAC=54:52:00:02:b5:02 ]<br>
LEASES=[ IP=131.225.154.168, MAC=54:52:00:02:b5:03 ]<br>
NAME=FermiCloudTest<br>
TYPE=FIXED<br>
<br>
LEASES INFORMATION<br>
LEASE=[ IP=131.225.154.168, MAC=54:52:00:02:b5:03, USED=0, VID=-1 ]<br>
LEASE=[ IP=131.225.154.169, MAC=54:52:00:02:b5:00, USED=0, VID=-1 ]<br>
LEASE=[ IP=131.225.154.170, MAC=54:52:00:02:b5:01, USED=0, VID=-1 ]<br>
LEASE=[ IP=131.225.154.171, MAC=54:52:00:02:b5:02, USED=0, VID=-1 ]<br>
<br>
-- <br>
------------------------------<u></u>------------------------------<u></u>------<br>
Steven C. Timm, Ph.D <a href="tel:%28630%29%20840-8525" value="+16308408525" target="_blank">(630) 840-8525</a><br>
<a href="mailto:timm@fnal.gov" target="_blank">timm@fnal.gov</a> <a href="http://home.fnal.gov/%7Etimm/" target="_blank">http://home.fnal.gov/~timm/</a><br>
Fermilab Computing Division, Scientific Computing Facilities,<br>
Grid Facilities Department, FermiGrid Services Group, Group Leader.<br>
Lead of FermiCloud project.<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
</blockquote></div><br>