Re: [one-users] groups and images/templates

2011-09-21 Thread Robert Parrott
This seems a sensible approach to me. It's reminiscent of the unix
permission categories "me", "group" and "everyone".

2011/9/21 Carlos Martín Sánchez :
> Hi all,
>
> We are considering a new simple approach on this use-case, and we'd like to
> hear your thoughts:
>
> Resources could have two flags to let other users list/use them:
> - shared: users in the resource's group.
> - public: all users
>
> This would make it easier to share resources with everybody (there is no
> need to manage ACLs), and users could list "shared" objects.
>
> Regards.
> --
> Carlos Martín, MSc
> Project Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | cmar...@opennebula.org
>
>
> 2011/8/29 Robert Parrott 
>>
>> Hi Carlos,
>>
>> The workaround you describe will get us going, and we can "enumerate"
>> our temapltes and resources as needed for now.
>>
>> The multiple groups idea is most likely the _right_ approach, but for
>> the time being perhaps also could be added a "public" flag to listing,
>> which lists all objects which the user is entitled to see (in fact, at
>> first blush it seems that this is the correct default setting).
>>
>> Rob
>>
>> 2011/8/29 Carlos Martín Sánchez :
>> > Hi Robert,
>> >
>> > You are right about the meaning of "public", its scope is the resource's
>> > group.
>> > Using ACLs, you can create a group (let's say "shared"), and allow
>> > everybody
>> > to use and instantiate IMAGE and TEMPLATES in that group.
>> >
>> > $ onegroup create shared
>> > ID: 100
>> > ACL_ID: 2
>> > ACL_ID: 3
>> >
>> > $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
>> > ID: 4
>> >
>> > $ oneacl list
>> >    ID USER RES_VHNIUTG   RID OPE_CDUMIPpTW
>> >     0   @1 V-NI-T- * C-p--
>> >     1   @1 -H- * --U--
>> >     2 @100 V-NI-T- * C-p--
>> >     3 @100 -H- * --U--
>> >     4    * ---I-T-  @100 --U-I--T-
>> >
>> > That will provide the scenario you described.
>> > However, there's no straight-forward way for regular users to list the
>> > resources in the "shared" group, as they can only list resources with
>> > the
>> > 'all', 'mine' or 'group' flag.
>> >
>> > You can grant users the right to list all resources (INFO_POOL) if
>> > privacy
>> > is not a concern... or you could create some other way to let users know
>> > the
>> > list of resources in the "shared" group, for instance creating a new
>> > Sunstone plug-in [1]
>> >
>> >
>> > Maybe we could use this thread to discuss how to integrate better this
>> > use-case in future versions.
>> > We already have a request for multiple groups [2], that's one of the
>> > ways to
>> > address this issue.
>> >
>> > Regards,
>> > Carlos.
>> >
>> > [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
>> > [2] http://dev.opennebula.org/issues/761
>> >
>> > --
>> > Carlos Martín, MSc
>> > Project Major Contributor
>> > OpenNebula - The Open Source Toolkit for Cloud Computing
>> > www.OpenNebula.org | cmar...@opennebula.org
>> >
>> >
>> >
>> > On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott
>> > 
>> > wrote:
>> >> Hi Folks,
>> >>
>> >> Is there some way to make images or templates completely public?
>> >>
>> >> Currently, it looks like making an image or template "public" means
>> >> that anyone within your group can see and use that image or template.
>> >> It would be nice to also have the functionality where members of any
>> >> group can make use of a set of public images and templates as a
>> >> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
>> >> or Ubuntu 10.04 LTS").
>> >>
>> >> Thanks,
>> >> Rob
>> >>
>> >>
>> >> --
>> >> Robert E. Parrott, Ph.D. (Phys. '06)
>> >> Director, Academic Computing
>> >> Harvard University Sch. of Eng. and App. Sci.
>> >> Maxwell-Dworkin  211,
>> >> 33 Oxford St.
>> >> Cambridge, MA 02138
>> >> (617)-496-1520
>> >> ___
>> >> Users mailing list
>> >> Users@lists.opennebula.org
>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>
>> >
>> >
>>
>>
>>
>> --
>> Robert E. Parrott, Ph.D. (Phys. '06)
>> Director, Academic Computing
>> Harvard University Sch. of Eng. and App. Sci.
>> Maxwell-Dworkin  211,
>> 33 Oxford St.
>> Cambridge, MA 02138
>> (617)-496-1520
>
>



-- 
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin  211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


Re: [one-users] groups and images/templates

2011-09-21 Thread Carlos Martín Sánchez
Hi all,

We are considering a new simple approach on this use-case, and we'd like to
hear your thoughts:

Resources could have two flags to let other users list/use them:
- shared: users in the resource's group.
- public: all users

This would make it easier to share resources with everybody (there is no
need to manage ACLs), and users could list "shared" objects.

Regards.
--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org  | cmar...@opennebula.org


2011/8/29 Robert Parrott 

> Hi Carlos,
>
> The workaround you describe will get us going, and we can "enumerate"
> our temapltes and resources as needed for now.
>
> The multiple groups idea is most likely the _right_ approach, but for
> the time being perhaps also could be added a "public" flag to listing,
> which lists all objects which the user is entitled to see (in fact, at
> first blush it seems that this is the correct default setting).
>
> Rob
>
> 2011/8/29 Carlos Martín Sánchez :
> > Hi Robert,
> >
> > You are right about the meaning of "public", its scope is the resource's
> > group.
> > Using ACLs, you can create a group (let's say "shared"), and allow
> everybody
> > to use and instantiate IMAGE and TEMPLATES in that group.
> >
> > $ onegroup create shared
> > ID: 100
> > ACL_ID: 2
> > ACL_ID: 3
> >
> > $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
> > ID: 4
> >
> > $ oneacl list
> >ID USER RES_VHNIUTG   RID OPE_CDUMIPpTW
> > 0   @1 V-NI-T- * C-p--
> > 1   @1 -H- * --U--
> > 2 @100 V-NI-T- * C-p--
> > 3 @100 -H- * --U--
> > 4* ---I-T-  @100 --U-I--T-
> >
> > That will provide the scenario you described.
> > However, there's no straight-forward way for regular users to list the
> > resources in the "shared" group, as they can only list resources with the
> > 'all', 'mine' or 'group' flag.
> >
> > You can grant users the right to list all resources (INFO_POOL) if
> privacy
> > is not a concern... or you could create some other way to let users know
> the
> > list of resources in the "shared" group, for instance creating a new
> > Sunstone plug-in [1]
> >
> >
> > Maybe we could use this thread to discuss how to integrate better this
> > use-case in future versions.
> > We already have a request for multiple groups [2], that's one of the ways
> to
> > address this issue.
> >
> > Regards,
> > Carlos.
> >
> > [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
> > [2] http://dev.opennebula.org/issues/761
> >
> > --
> > Carlos Martín, MSc
> > Project Major Contributor
> > OpenNebula - The Open Source Toolkit for Cloud Computing
> > www.OpenNebula.org | cmar...@opennebula.org
> >
> >
> >
> > On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott <
> parr...@seas.harvard.edu>
> > wrote:
> >> Hi Folks,
> >>
> >> Is there some way to make images or templates completely public?
> >>
> >> Currently, it looks like making an image or template "public" means
> >> that anyone within your group can see and use that image or template.
> >> It would be nice to also have the functionality where members of any
> >> group can make use of a set of public images and templates as a
> >> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
> >> or Ubuntu 10.04 LTS").
> >>
> >> Thanks,
> >> Rob
> >>
> >>
> >> --
> >> Robert E. Parrott, Ph.D. (Phys. '06)
> >> Director, Academic Computing
> >> Harvard University Sch. of Eng. and App. Sci.
> >> Maxwell-Dworkin  211,
> >> 33 Oxford St.
> >> Cambridge, MA 02138
> >> (617)-496-1520
> >> ___
> >> Users mailing list
> >> Users@lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
> >
>
>
>
> --
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin  211,
> 33 Oxford St.
> Cambridge, MA 02138
> (617)-496-1520
>
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


Re: [one-users] groups and images/templates

2011-08-29 Thread Robert Parrott
Hi Carlos,

The workaround you describe will get us going, and we can "enumerate"
our temapltes and resources as needed for now.

The multiple groups idea is most likely the _right_ approach, but for
the time being perhaps also could be added a "public" flag to listing,
which lists all objects which the user is entitled to see (in fact, at
first blush it seems that this is the correct default setting).

Rob

2011/8/29 Carlos Martín Sánchez :
> Hi Robert,
>
> You are right about the meaning of "public", its scope is the resource's
> group.
> Using ACLs, you can create a group (let's say "shared"), and allow everybody
> to use and instantiate IMAGE and TEMPLATES in that group.
>
> $ onegroup create shared
> ID: 100
> ACL_ID: 2
> ACL_ID: 3
>
> $ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
> ID: 4
>
> $ oneacl list
>    ID USER RES_VHNIUTG   RID OPE_CDUMIPpTW
>     0   @1 V-NI-T- * C-p--
>     1   @1 -H- * --U--
>     2 @100 V-NI-T- * C-p--
>     3 @100 -H- * --U--
>     4    * ---I-T-  @100 --U-I--T-
>
> That will provide the scenario you described.
> However, there's no straight-forward way for regular users to list the
> resources in the "shared" group, as they can only list resources with the
> 'all', 'mine' or 'group' flag.
>
> You can grant users the right to list all resources (INFO_POOL) if privacy
> is not a concern... or you could create some other way to let users know the
> list of resources in the "shared" group, for instance creating a new
> Sunstone plug-in [1]
>
>
> Maybe we could use this thread to discuss how to integrate better this
> use-case in future versions.
> We already have a request for multiple groups [2], that's one of the ways to
> address this issue.
>
> Regards,
> Carlos.
>
> [1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
> [2] http://dev.opennebula.org/issues/761
>
> --
> Carlos Martín, MSc
> Project Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | cmar...@opennebula.org
>
>
>
> On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott 
> wrote:
>> Hi Folks,
>>
>> Is there some way to make images or templates completely public?
>>
>> Currently, it looks like making an image or template "public" means
>> that anyone within your group can see and use that image or template.
>> It would be nice to also have the functionality where members of any
>> group can make use of a set of public images and templates as a
>> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
>> or Ubuntu 10.04 LTS").
>>
>> Thanks,
>> Rob
>>
>>
>> --
>> Robert E. Parrott, Ph.D. (Phys. '06)
>> Director, Academic Computing
>> Harvard University Sch. of Eng. and App. Sci.
>> Maxwell-Dworkin  211,
>> 33 Oxford St.
>> Cambridge, MA 02138
>> (617)-496-1520
>> ___
>> Users mailing list
>> Users@lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>



-- 
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin  211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


Re: [one-users] groups and images/templates

2011-08-29 Thread Carlos Martín Sánchez
Hi Robert,

You are right about the meaning of "public", its scope is the resource's
group.
Using ACLs, you can create a group (let's say "shared"), and allow everybody
to use and instantiate IMAGE and TEMPLATES in that group.

$ onegroup create shared
ID: 100
ACL_ID: 2
ACL_ID: 3

$ oneacl create "* IMAGE+TEMPLATE/@100 INFO+USE+INSTANTIATE"
ID: 4

$ oneacl list
   ID USER RES_VHNIUTG   RID OPE_CDUMIPpTW
0   @1 V-NI-T- * C-p--
1   @1 -H- * --U--
2 @100 V-NI-T- * C-p--
3 @100 -H- * --U--
4* ---I-T-  @100 --U-I--T-

That will provide the scenario you described.
However, there's no straight-forward way for regular users to list the
resources in the "shared" group, as they can only list resources with the
'all', 'mine' or 'group' flag.

You can grant users the right to list all resources (INFO_POOL) if privacy
is not a concern... or you could create some other way to let users know the
list of resources in the "shared" group, for instance creating a new
Sunstone plug-in [1]


Maybe we could use this thread to discuss how to integrate better this
use-case in future versions.
We already have a request for multiple groups [2], that's one of the ways to
address this issue.

Regards,
Carlos.

[1] http://opennebula.org/documentation:rel3.0:sunstone_plugin_reference
[2] http://dev.opennebula.org/issues/761

--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | cmar...@opennebula.org



On Wed, Aug 24, 2011 at 10:40 PM, Robert Parrott 
wrote:
> Hi Folks,
>
> Is there some way to make images or templates completely public?
>
> Currently, it looks like making an image or template "public" means
> that anyone within your group can see and use that image or template.
> It would be nice to also have the functionality where members of any
> group can make use of a set of public images and templates as a
> starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
> or Ubuntu 10.04 LTS").
>
> Thanks,
> Rob
>
>
> --
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin  211,
> 33 Oxford St.
> Cambridge, MA 02138
> (617)-496-1520
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


[one-users] groups and images/templates

2011-08-24 Thread Robert Parrott
Hi Folks,

Is there some way to make images or templates completely public?

Currently, it looks like making an image or template "public" means
that anyone within your group can see and use that image or template.
It would be nice to also have the functionality where members of any
group can make use of a set of public images and templates as a
starting point for customizing their own VMs (i.e. "vanilla CentOS 6"
or Ubuntu 10.04 LTS").

Thanks,
Rob


-- 
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin  211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org