Hi,<div><br></div><div>The merging of templates sounds interesting.</div><div><br></div><div>I think this could be also done with a custom authorization (authZ) driver [1] [2]. If I understood correctly, the driver would need to check if it is a deploy operation, and deny the operation if the cpu/memory are not one of the allowed fixed amounts.</div>
<div><br></div><div>Regards</div><div><br></div><div>[1] <a href="http://opennebula.org/documentation:rel3.8:oned_conf#auth_manager_configuration">http://opennebula.org/documentation:rel3.8:oned_conf#auth_manager_configuration</a></div>
<div>[2] <a href="http://dev.opennebula.org/projects/opennebula/repository/revisions/one-3.8/entry/src/authm_mad/one_auth_mad.rb">http://dev.opennebula.org/projects/opennebula/repository/revisions/one-3.8/entry/src/authm_mad/one_auth_mad.rb</a></div>
<div><br></div><div><div>--<br>Carlos Martín, MSc<br>Project Engineer<br>OpenNebula - The Open-source Solution for Data Center Virtualization<div><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" style="color:rgb(42,93,176)" target="_blank"></a></span></div>
</div>
<br><br><div class="gmail_quote">On Sun, Dec 16, 2012 at 9:18 PM, Simon Boulet <span dir="ltr"><<a href="mailto:simon@nostalgeek.com" target="_blank">simon@nostalgeek.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>How can a user instantiate a cloned template that contains restricted attributes?</div><div><br></div><div>My experiments shows that restricted attributes prevent templates owned by a group other than the oneadmin group from being instantiated if it contains a restricted attribute. A user could successfully Clone a oneadmin template that as a restricted attributes, but it wont be able to instantiate unless it deletes the restricted attribute from the template before instantiating it.</div>
<div><br></div><div>In my use case, say I want to force my users in using uniform VM types that have a set amount of MEMORY and CPU, while still allowing them to instantiate templates with custom CONTEXT attributes. My first thought was to set the MEMORY and CPU attributes as restricted. But, it wont work, because my users while being allowed to Clone a template and set the CONTEXT attributes they want, won't be able to instantiate their final template, because their template also contains the MEMORY and CPU attributes from the original source template they cloned.</div>
<div><br></div><div>Any clues how I can achieve that?</div><div><br></div><div>I thought one option could be to add a 4th parameter to the one.template.instantiate API call to allow users to pass attributes to be merged with the template. Those attributes could be matched against the list of restricted attribute, and if no restricted attributes are found, the attributes would be merged against the source template before being instantiated.</div>
<div><br></div><div>Thanks</div><span><font color="#888888"><div><br></div><div>Simon</div>
</font></span><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br></div>