Hi Chris,<br><br>I think adding the owner is a good idea. However, the examples you provide rely on the '/' separator, and currently that's a valid character for both user and resource names.<br><br>This is our suggested syntax to implement this:<br>
<br><span style="font-family: courier new,monospace;">DISK = [ IMAGE = "Ubuntu",</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> IMAGE_UNAME = "oneadmin" ]</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">DISK = [ IMAGE = "Ubuntu",</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> IMAGE_UID = 7 ]</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">DISK = [ IMAGE = "Ubuntu" ]</span><br><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">DISK = [ IMAGE_ID = 23 ]</span><br style="font-family: courier new,monospace;">
<br>1: use the Image named ubuntu, owned by the user named oneadmin.<br>2: use the ubuntu Image owned by user with ID 7.<br>3: use the ubuntu Image owned by the user instantiating the VM.<br>4: use image with ID 23<br><br>
<br>Thomas, what do you mean by the following? Could you elaborate a bit more?<br>If you are referreing to VMs, you can feed template files to the "onevm create filename" command.<br><br>2011/11/3 Thomas Higdon <span dir="ltr"><<a href="mailto:thigdon@akamai.com">thigdon@akamai.com</a>></span><br>
<blockquote style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote">Another more radical suggestion is to do away with the template<br>
management system entirely, and switch to a system where the templates<br>
are derived directly from files that exist on the filesystem. This has a<br>
number of advantages I can see (if you're interested I'll explain<br>
further), but it might be more change than you're willing to go through<br>
at this point.<br></blockquote><br>Regards.<br clear="all"><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial,sans-serif;font-size:13px">--<br>Carlos Martín, MSc<br>Project Engineer<br>OpenNebula - The Open Source Toolkit for Data Center Virtualization<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial, sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" style="color:rgb(42, 93, 176)" target="_blank"></a></span><br>
<br><br><div class="gmail_quote">2011/11/3 Chris Johnston <span dir="ltr"><<a href="mailto:chjohnston@rim.com">chjohnston@rim.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
This issue has caused myself much frustration as well. Personally I prefer the suggestion of using both the owner and the resource name for specifying a resource. That should work for just about any use case and allows names to be used at any level with no confusion as to what resource is really being referenced. For example...<br>
<br>
IMAGE = "oneadmin/generic"<br>
IMAGE = "dev01/virtapp"<br>
IMAGE = "user01/virtapp"<br>
IMAGE = "user01/custom"<br>
<br>
...and the same for NETWORK. It does add some overhead but it's a lot simpler than maintaining lists of IDs and constantly updating scripts.<br>
<div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:users-bounces@lists.opennebula.org">users-bounces@lists.opennebula.org</a> [mailto:<a href="mailto:users-bounces@lists.opennebula.org">users-bounces@lists.opennebula.org</a>] On Behalf Of Thomas Higdon<br>
Sent: Thursday, November 03, 2011 12:36 PM<br>
To: Carlos Martín Sánchez<br>
Cc: <a href="mailto:users@lists.opennebula.org">users@lists.opennebula.org</a><br>
Subject: Re: [one-users] use of IMAGE_ID and its ilk in 3.0<br>
<br>
Hi, it's good to know the ONE developers are so open to feedback about<br>
the way the system works. ONE seems great from what I've used so far.<br>
<br>
The solution that you would propose would work fine for me, mostly<br>
because it looks like that for a single user, the templating system<br>
would work the same as it did for 2.2, which was ok with me.<br>
<br>
I'm a little leery of the idea of ever forcing users to use IMAGE_ID or<br>
NETWORK_ID parameters. In my mind, forcing users to specify these in<br>
static template strings/files is equivalent to some Unix command-line<br>
tool asking a user to specify the inode number of a file rather than its<br>
name.<br>
<br>
Here's a suggestion. Your database is basically a key-value store. In<br>
2.2, the only key you allowed is the name (in 3.0 it's only ID). I'd<br>
suggest that you allow more freedom in the specification of keys. You<br>
might ask users to specify a name for resources that they own. If they<br>
are asking for resources that they don't own, then they must also<br>
specify which user owns that resource, or perhaps which group. If<br>
there's ambiguity, then error on that.<br>
<br>
Another suggestion I would make is to remove the NAME attribute from all<br>
templates (or make it optional) and allow users to specify a name on the<br>
command-line, defaulting to something reasonable, as is done now for<br>
template instantiation. That way, users who don't care what the name is<br>
don't need to specify it, and users who do care don't need to edit a<br>
text file to instantiate multiple instances of the same resource. I see<br>
this as being useful in a scenario where I want to create <x> read/write<br>
250GB disks for <x> VMs, but not necessarily create <x> template files,<br>
or edit one file <x> times.<br>
<br>
At the end of the day, desirable behavior for me is to be able to create<br>
a set of static template files for networks, images and VMs, and be able<br>
to instantiate all of them in the proper order and have it just work.<br>
ONE 3.0 does not allow me to do that.<br>
<br>
Another more radical suggestion is to do away with the template<br>
management system entirely, and switch to a system where the templates<br>
are derived directly from files that exist on the filesystem. This has a<br>
number of advantages I can see (if you're interested I'll explain<br>
further), but it might be more change than you're willing to go through<br>
at this point.<br>
<br>
On Thu, Nov 03, 2011 at 08:55:30AM -0500, Carlos Martín Sánchez wrote:<br>
> Hi Thomas,<br>
><br>
> Some users requested to let new resources use repeated names, see for instance<br>
> this thread [1]. This makes sense in deployments with a large number of users,<br>
> or in a multi-tenant scenario, where you don't want users having to try a<br>
> resource creation several times until they find a free name.<br>
><br>
> We implemented this allowing repeated names, but only if they are not owned by<br>
> the same user. It was done this way so users can reference resources by name in<br>
> CLI commands, e.g. 'oneimage show my_img'.<br>
><br>
> Since we released OpenNebula 3.0, some of you have complained about this<br>
> change, so let me try to explain why we decided to drop the NAME reference from<br>
> VM templates:<br>
><br>
><br>
> Lets say you want to use the VNet named "blue". In the worst case scenario, you<br>
> will have one "blue" network owned by you, several "blue" networks owned by<br>
> other people in your group, and several other "blue" networks owned by people<br>
> from other groups. You may, or may not, have rights to use the latter "blue"<br>
> networks outside your group.<br>
><br>
> How does OpenNebula decide which "blue" network do you want to use? At first<br>
> sight, you could try to arrange them by priority: your VNet has comes first,<br>
> then VNets from your group, and then VNets from other groups. This presents a<br>
> lot of problems:<br>
><br>
> You can have at most one "blue" network, but what happens if you are<br>
> instantiating a public template created by other user in your group?<br>
> Maybe the template was prepared by "boss_user", who owns a "blue" VNet with<br>
> addresses in the 192.169.10.0 network. But you own another "blue" VNet with<br>
> base address 192.168.30.0. The user will expect his VNets to have greater<br>
> priority, but then the VM will be created in a different VNet than the one<br>
> intended by "boss_user".<br>
><br>
> If you don't own any "blue" network, you may create a template that uses a<br>
> public one owned by other user in your group. If it is the only "blue" network<br>
> in the group, then you template will work fine, until somebody else decides to<br>
> publish another "blue" network in the same group. From that moment, OpenNebula<br>
> would have to guess, or just refuse to instantiate that template that was<br>
> working fine before.<br>
><br>
><br>
> In the end, we could implement a priority and do our best to document it, but<br>
> we though that would cause a lot of confusion. The easiest solution was to<br>
> force the usage of IDs, what didn't look to us like a really limiting<br>
> requirement.<br>
><br>
><br>
><br>
> After reading your feedback, we are considering to bring back the NAME<br>
> reference in VM templates for version 3.2.<br>
> We think the most robust and easier to understand behaviour is the following<br>
> one:<br>
><br>
> * Allow to use NAME to reference only resources owned by the user instantiating<br>
> the VM.<br>
> * If the template is intended to be shared with other users, then it must use<br>
> the IMAGE_ID and NETWORK_ID attributes.<br>
><br>
><br>
> To all community members intersested in this issue, please share your thoughts.<br>
> What do you think about this? Would it be enough for your use-cases? Would you<br>
> address this issue differently?<br>
><br>
><br>
> Regards.<br>
><br>
> [1] <a href="http://lists.opennebula.org/pipermail/users-opennebula.org/2010-October/" target="_blank">http://lists.opennebula.org/pipermail/users-opennebula.org/2010-October/</a><br>
> 002924.html<br>
><br>
> --<br>
> Carlos Martín, MSc<br>
> Project Engineer<br>
> OpenNebula - The Open Source Toolkit for Data Center Virtualization<br>
> <a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org">cmartin@opennebula.org</a> | @OpenNebula<br>
><br>
><br>
> On Tue, Nov 1, 2011 at 6:12 PM, Thomas Higdon <<a href="mailto:thigdon@akamai.com">thigdon@akamai.com</a>> wrote:<br>
><br>
> In 2.2, in a VM template, I could specify an image for a disk that was<br>
> in the image repository by using IMAGE = <name>. This behavior appears<br>
> to have been removed in 3.0, in favor of using IMAGE_ID = <id>, where<br>
> <id> is an arbitrary number assigned by the opennebula system.<br>
><br>
> This change in behavior seems kind of limiting. Before, I could create<br>
> an image with a certain name, and then instantiate a VM template that<br>
> had a disk that used that name. Now, in order to get that same behavior,<br>
> I must instantiate the image, note the ID returned, and then rewrite my<br>
> VM template to use that ID in its DISK attribute, then instantiate it.<br>
> This is also true of virtual networks.<br>
><br>
> Is there something I'm missing with respect to how VM templates are<br>
> instantiated with respect to images? Is there any workaround that will<br>
> allow the old behavior? Why was this change made?<br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
><br>
><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br>
</div></div>---------------------------------------------------------------------<br>
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.<br>
</blockquote></div><br>