[Kimchi-devel] [kimchi-devel RFC] REST API for Permission check and fixes
Royce Lv
lvroyce at linux.vnet.ibm.com
Mon Jan 13 08:14:48 UTC 2014
User scenarios:
Users may create template from ISOs from shallow/deep scan or from
a user specified local path. Because kimchid runs as root and have
access of most ISOs scanned. For qemu, however, the real user to start a
vm, does not always have access of the ISO to install a vm. Under this
circumstance, we need to denote that:
1. On scanning, indicate which ISOs may not be accessible by qemu user.
2. When create a template from an ISO which qemu does not have access ,
ask if user want to fix permission, if not, disable the template.
3. If user accept fix permission, change permission of template cdrom.
Rest API will look like:
1. scanning and report
GET /storagepools/pool-1/storagevolumes/iso-volume
{'type': 'raw', 'path': '/home/i-am-an-iso.iso', 'accessible': False}
2. Create template
POST /templates
{'name': 'template-1'
'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by qemu
---->
{'name': 'template-1', 'status': 'disable'}
NOTE: template in 'disable' status may because of any of its
facility not active (storagepool, iso, network, etc)
3. Fix permission(Permission fix just open for template, we don't
support fix for single volume/path temporarily)
PUT /templates/t-1/cdrom {'accessible': True}
More information about the Kimchi-devel
mailing list