[Kimchi-devel] [kimchi-devel RFC] REST API for Permission check and fixes
Shu Ming
shuming at linux.vnet.ibm.com
Tue Jan 14 06:13:35 UTC 2014
于 2014/1/13 16:14, Royce Lv 写道:
> User scenarios:
>
> Users may create template from ISOs from shallow/deep scan or from a
> user specified local path. Because kimchid runs as root and have
> access of most ISOs scanned. For qemu, however, the real user to start
> a vm, does not always have access of the ISO to install a vm. Under
> this circumstance, we need to denote that:
>
> 1. On scanning, indicate which ISOs may not be accessible by qemu user.
> 2. When create a template from an ISO which qemu does not have access
> , ask if user want to fix permission, if not, disable the template.
> 3. If user accept fix permission, change permission of template cdrom.
>
> Rest API will look like:
> 1. scanning and report
> GET /storagepools/pool-1/storagevolumes/iso-volume
> {'type': 'raw', 'path': '/home/i-am-an-iso.iso', 'accessible': False}
>
> 2. Create template
> POST /templates
> {'name': 'template-1'
> 'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by qemu
> ---->
> {'name': 'template-1', 'status': 'disable'}
> NOTE: template in 'disable' status may because of any of its facility
> not active (storagepool, iso, network, etc)
>
> 3. Fix permission(Permission fix just open for template, we don't
> support fix for single volume/path temporarily)
> PUT /templates/t-1/cdrom {'accessible': True}
First of all, I don't like to fix the permission of an existing ISO to
make it accessable by qemu process. I think it is the system
administrator's responsibility to fix the permission instead of
Kimchi's. However, we can give a hint in the UI for all the ISOs found
which can not be accessed by qemu process and hint the system
administrator to do the manual fix.
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
More information about the Kimchi-devel
mailing list