[Kimchi-devel] [kimchi-devel RFC] REST API for Permission check and fixes

Sheldon shaohef at linux.vnet.ibm.com
Mon Jan 13 09:11:27 UTC 2014


looks good.

Just a minor comment below

On 01/13/2014 04:14 PM, Royce Lv wrote:
> User scenarios:
>
> Users may create template from ISOs from shallow/deep scan or from a 
> user specified local path. Because kimchid runs as root and have 
> access of most ISOs scanned. For qemu, however, the real user to start 
> a vm, does not always have access of the ISO to install a vm. Under 
> this circumstance, we need to denote that:
>
> 1. On scanning, indicate which ISOs may not be accessible by qemu user.
> 2. When create a template from an ISO which qemu does not have access 
> , ask if user want to fix permission, if not, disable the template.
> 3. If user accept fix permission, change permission of template cdrom.
>
> Rest API will look like:
> 1. scanning and report
> GET /storagepools/pool-1/storagevolumes/iso-volume
> {'type': 'raw', 'path': '/home/i-am-an-iso.iso', 'accessible': False}
>
> 2. Create template
> POST /templates
> {'name': 'template-1'
> 'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by qemu
> ---->
> {'name': 'template-1', 'status': 'disable'}
> NOTE: template in 'disable' status may because of any of its facility 
> not active (storagepool, iso, network, etc)
>
> 3. Fix permission(Permission fix just open for template, we don't 
> support fix for single volume/path temporarily)
> PUT /templates/t-1/cdrom {'accessible': True}
>

UI should prompt some message to let user confirm to fix the permission.

-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center




More information about the Kimchi-devel mailing list