Hi all,<br>
<br>
We are considering a new simple approach on this use-case, and we'd like to hear your thoughts:<br><br>Resources could have two flags to let other users list/use them:<br>- shared: users in the resource's group.<br>
- public: all users<br><br>This would make it easier to share resources with everybody (there is no need to manage ACLs), and users could list "shared" objects.<br><br>Regards.<br clear="all"><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial, sans-serif;font-size:13px">--<br>
Carlos Martín, MSc<br>Project Major Contributor<br><span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span> - The Open Source Toolkit for Cloud Computing<br>
<a href="http://www.opennebula.org/" style="color:rgb(42, 93, 176)" target="_blank">www.<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span>.org</a> | <a href="mailto:cmartin@opennebula.org" style="color:rgb(42, 93, 176)" target="_blank">cmartin@<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">opennebula</span>.org</a></span><br>
<br><br><div class="gmail_quote">2011/8/29 Robert Parrott <span dir="ltr"><<a href="mailto:parrott@seas.harvard.edu">parrott@seas.harvard.edu</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Carlos,<br>
<br>
The workaround you describe will get us going, and we can "enumerate"<br>
our temapltes and resources as needed for now.<br>
<br>
The multiple groups idea is most likely the _right_ approach, but for<br>
the time being perhaps also could be added a "public" flag to listing,<br>
which lists all objects which the user is entitled to see (in fact, at<br>
first blush it seems that this is the correct default setting).<br>
<br>
Rob<br>
<br>
2011/8/29 Carlos Martín Sánchez <<a href="mailto:cmartin@opennebula.org">cmartin@opennebula.org</a>>:<br>
<div><div></div><div class="h5">> Hi Robert,<br>
><br>
> You are right about the meaning of "public", its scope is the resource's<br>
> group.<br>
> Using ACLs, you can create a group (let's say "shared"), and allow everybody<br>
> to use and instantiate IMAGE and TEMPLATES in that group.<br>
><br>
> $ onegroup create shared<br>
> ID: 100<br>
> ACL_ID: 2<br>
> ACL_ID: 3<br>
><br>
> $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"<br>
> ID: 4<br>
><br>
> $ oneacl list<br>
> ID USER RES_VHNIUTG RID OPE_CDUMIPpTW<br>
> 0 @1 V-NI-T- * C-----p--<br>
> 1 @1 -H----- * --U------<br>
> 2 @100 V-NI-T- * C-----p--<br>
> 3 @100 -H----- * --U------<br>
> 4 * ---I-T- @100 --U-I--T-<br>
><br>
> That will provide the scenario you described.<br>
> However, there's no straight-forward way for regular users to list the<br>
> resources in the "shared" group, as they can only list resources with the<br>
> 'all', 'mine' or 'group' flag.<br>
><br>
> You can grant users the right to list all resources (INFO_POOL) if privacy<br>
> is not a concern... or you could create some other way to let users know the<br>
> list of resources in the "shared" group, for instance creating a new<br>
> Sunstone plug-in [1]<br>
><br>
><br>
> Maybe we could use this thread to discuss how to integrate better this<br>
> use-case in future versions.<br>
> We already have a request for multiple groups [2], that's one of the ways to<br>
> address this issue.<br>
><br>
> Regards,<br>
> Carlos.<br>
><br>
> [1] <a href="http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference" target="_blank">http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference</a><br>
> [2] <a href="http://dev.opennebula.org/issues/761" target="_blank">http://dev.opennebula.org/issues/761</a><br>
><br>
> --<br>
> Carlos Martín, MSc<br>
> Project Major Contributor<br>
> OpenNebula - The Open Source Toolkit for Cloud Computing<br>
> <a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org">cmartin@opennebula.org</a><br>
><br>
><br>
><br>
> On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott <<a href="mailto:parrott@seas.harvard.edu">parrott@seas.harvard.edu</a>><br>
> wrote:<br>
>> Hi Folks,<br>
>><br>
>> Is there some way to make images or templates completely public?<br>
>><br>
>> Currently, it looks like making an image or template "public" means<br>
>> that anyone within your group can see and use that image or template.<br>
>> It would be nice to also have the functionality where members of any<br>
>> group can make use of a set of public images and templates as a<br>
>> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"<br>
>> or Ubuntu 10.04 LTS").<br>
>><br>
>> Thanks,<br>
>> Rob<br>
>><br>
>><br>
>> --<br>
>> Robert E. Parrott, Ph.D. (Phys. '06)<br>
>> Director, Academic Computing<br>
>> Harvard University Sch. of Eng. and App. Sci.<br>
>> Maxwell-Dworkin 211,<br>
>> 33 Oxford St.<br>
>> Cambridge, MA 02138<br>
>> <a href="tel:%28617%29-496-1520" value="+16174961520">(617)-496-1520</a><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
>> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
>><br>
><br>
><br>
<br>
<br>
<br>
</div></div>--<br>
<div><div></div><div class="h5">Robert E. Parrott, Ph.D. (Phys. '06)<br>
Director, Academic Computing<br>
Harvard University Sch. of Eng. and App. Sci.<br>
Maxwell-Dworkin 211,<br>
33 Oxford St.<br>
Cambridge, MA 02138<br>
<a href="tel:%28617%29-496-1520" value="+16174961520">(617)-496-1520</a><br>
</div></div></blockquote></div><br>