On 2014年01月16日 10:04, Aline Manera wrote:
Looks good for me.
And I agree with Sheldon we need to add a change permission confirmation on UI
Discussed with Sheldon and Mark, got suggestion to only use setfacl to fix without change mode. If guys agree, we will adopt this mean.
Just a comment below.
On 01/13/2014 06:14 AM, Royce Lv wrote:
User scenarios:
Users may create template from ISOs from shallow/deep scan or from a user specified local path. Because kimchid runs as root and have access of most ISOs scanned. For qemu, however, the real user to start a vm, does not always have access of the ISO to install a vm. Under this circumstance, we need to denote that:
1. On scanning, indicate which ISOs may not be accessible by qemu user. 2. When create a template from an ISO which qemu does not have access , ask if user want to fix permission, if not, disable the template.
Why should we allow a user create a template that will be disabled because the ISO isn't accessible?
If we don't allow it, we don't have chance to fix ISO when it is given by a full path('/home/royce/i-am-iso'), not a storagepool volume, we can only fix it until template is constructed.
3. If user accept fix permission, change permission of template cdrom.
Rest API will look like: 1. scanning and report GET /storagepools/pool-1/storagevolumes/iso-volume {'type': 'raw', 'path': '/home/i-am-an-iso.iso', 'accessible': False}
2. Create template POST /templates {'name': 'template-1' 'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by qemu ----> {'name': 'template-1', 'status': 'disable'} NOTE: template in 'disable' status may because of any of its facility not active (storagepool, iso, network, etc)
3. Fix permission(Permission fix just open for template, we don't support fix for single volume/path temporarily) PUT /templates/t-1/cdrom {'accessible': True}