Hi, Sorry I missed the email…
Default template with ACL mechanism will definitely covers my use case. Admin-only writable template is exactly what I am looking for. However, I saw the blueprint and it is “Not started”. There is there anything I can help implementing the ACL? Right now I am using a short-term solution similar to the one Trevor suggested, creating template for each tenant when they logging into Horizon, but its hard to maintain and update templates. I would love to have the ACL asap. Please let me know if anything I can help. Thanks, Yanchao From: Sergey Lukjanov <slukja...@mirantis.com<mailto:slukja...@mirantis.com>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Date: Thursday, April 16, 2015 at 3:22 AM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] Global Cluster Template in Sahara Hi, first of all - yes, we've implemented mechanism for default templates addition in Kilo, please, take a look on this spec and related changes: http://specs.openstack.org/openstack/sahara-specs/specs/kilo/default-templates.html Regarding to your case, it's in fact about the admin-only writable templates shared between all tenants. We have a blueprint for implementing ACL for all Sahara resources - https://blueprints.launchpad.net/sahara/+spec/resources-acl . It's about implementing extended and flexible way to configure ACLs for resources and to provide end-users an ability to have the following types of resources: * default - tenant specific, anyone in tenant could edit or delete * public - shared between tenants in read-only mode, writable for users in tenant where it was created * protected - if True than could not be removed before updated to False using the resource update operation * admin or protected=Admin - to make only admin users able to write/delete resource during the Kilo cycle we've been discussing this idea and initially agreed on it, because it sounds like the most OpenStackish way to provide such functionality. I have a draft spec for it (not yet published), I will publish it today/tomorrow and send a link to it to this thread. Yanchao, does this ACL mechanism covers your use case? Any feedback appreciated. Thanks. On Thu, Apr 16, 2015 at 3:19 AM, lu jander <juvenboy1...@gmail.com<mailto:juvenboy1...@gmail.com>> wrote: We have already implement the default template for sahara https://blueprints.launchpad.net/sahara/+spec/default-templates 2015-04-16 5:22 GMT+08:00 Liang, Yanchao <yanli...@ebay.com<mailto:yanli...@ebay.com>>: Dear Openstack Developers, My name is Yanchao Liang. I am a software engineer in eBay, working on Hadoop as a Service on top of Openstack cloud. Right now we are using Sahara, Juno version. We want to stay current and introduce global template into sahara. In order to simplify the cluster creation process for user, we would like to create some cluster templates available for all users. User can just go to the horizon webUI, select one of the pre-popluated templates and create a hadoop cluster, in just a few clicks. Here is how I would implement this feature: * In the database, Create a new column in “cluster_templates" table called “is_global”, which is a boolean value indicating whether the template is available for all users or not. * When user getting the cluster template from database, add another function similar to “cluster_template_get”, which query the database for global templates. * When creating cluster, put the user’s tenant id in the “merged_values” config variable, instead of the tenant id from cluster template. * Use an admin account create and manage global cluster templates Since I don’t know the code base as well as you do, what do you think about the global template idea? How would you implement this new feature? We would like to contribute this feature back to the Openstack community. Any feedback would be greatly appreciated. Thank you. Best, Yanchao __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Sincerely yours, Sergey Lukjanov Sahara Technical Lead (OpenStack Data Processing) Principal Software Engineer Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
