[Kimchi-devel] [kimchi-devel RFC] REST API for Permission check and fixes
Aline Manera
alinefm at linux.vnet.ibm.com
Thu Jan 16 02:04:14 UTC 2014
Looks good for me.
And I agree with Sheldon we need to add a change permission confirmation
on UI
Just a comment below.
On 01/13/2014 06:14 AM, Royce Lv wrote:
> User scenarios:
>
> Users may create template from ISOs from shallow/deep scan or from
> a user specified local path. Because kimchid runs as root and have
> access of most ISOs scanned. For qemu, however, the real user to start
> a vm, does not always have access of the ISO to install a vm. Under
> this circumstance, we need to denote that:
>
> 1. On scanning, indicate which ISOs may not be accessible by qemu user.
> 2. When create a template from an ISO which qemu does not have access
> , ask if user want to fix permission, if not, disable the template.
Why should we allow a user create a template that will be disabled
because the ISO isn't accessible?
> 3. If user accept fix permission, change permission of template cdrom.
>
> Rest API will look like:
> 1. scanning and report
> GET /storagepools/pool-1/storagevolumes/iso-volume
> {'type': 'raw', 'path': '/home/i-am-an-iso.iso', 'accessible': False}
>
> 2. Create template
> POST /templates
> {'name': 'template-1'
> 'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by qemu
> ---->
> {'name': 'template-1', 'status': 'disable'}
> NOTE: template in 'disable' status may because of any of its
> facility not active (storagepool, iso, network, etc)
>
> 3. Fix permission(Permission fix just open for template, we don't
> support fix for single volume/path temporarily)
> PUT /templates/t-1/cdrom {'accessible': True}
More information about the Kimchi-devel
mailing list