Ask Your Question
0

Making an image private to a project with euca-modify-image-attribute

asked 2011-06-17 21:47:05 -0500

everett-toews gravatar image

Hi All,

I'd like to make an image private to a project with euca-modify-image-attribute. Here's what I've tried so far (project name=toews, project user=toews-admin).

root@i-0000044a:/tmp# euca-describe-image-attribute -l ami-00000038 launchPermission ami-00000038 group all

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a 42:toews ami-00000038 ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a toews ami-00000038 ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a toews-admin ami-00000038 ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a 42 ami-00000038 ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -r all ami-00000038 IMAGE ami-00000038

root@i-0000044a:/tmp# euca-describe-images IMAGE aki-00000007 ubuntu-10-10-server/maverick-server-uec-amd64-vmlinuz-virtual.manifest.xml available public i386 kernel
IMAGE ami-00000008 ubuntu-10-10-server/maverick-server-uec-amd64.img.manifest.xml available public i386 machine aki-00000007

root@i-0000044a:/tmp#

As you can see any attempt to modify the launch permissions by adding some combination of project user/project name/userid all result in an ApiError. If I remove the all group then the image disappears completely!

Is it possible to make an image private to a project with euca-modify-image-attribute? Any ideas as to how?

Thanks, Everett

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted
0

answered 2011-06-17 21:54:45 -0500

everett-toews gravatar image

BTW, we're using Glance as our image registry.

Everett

edit flag offensive delete link more
0

answered 2011-06-20 22:11:36 -0500

everett-toews gravatar image

Thanks Vish Ishaya, that solved my question.

edit flag offensive delete link more
0

answered 2011-06-20 22:11:29 -0500

everett-toews gravatar image

I tried out the fix in the bug you linked to this Vish and it worked.

Thanks!

https://bugs.launchpad.net/nova/+bug/798998 (https://bugs.launchpad.net/nova/+bug/...)

edit flag offensive delete link more
0

answered 2011-06-17 23:07:29 -0500

vishvananda gravatar image

The last mode you used to revoke the all property is supposed to make it private / public. Perhaps the issue is the filter on describe is not working properly to show private images.

Vish

On Jun 17, 2011, at 2:55 PM, Everett Toews wrote:

Question #161858 on OpenStack Compute (nova) changed: https://answers.launchpad.net/nova/+q...

Everett Toews gave more information on the question: BTW, we're using Glance as our image registry.

Everett


You received this question notification because you are a member of Nova Core, which is an answer contact for OpenStack Compute (nova).

edit flag offensive delete link more
0

answered 2011-06-17 23:37:00 -0500

vishvananda gravatar image

It appears that image['owner_id'] is being returned from ec2 layer, whereas the filtering code is using properties['project_id']. When we have owner_id (tenant_id?) as a first level citizen in glance now we should probably switch over but for now it appears that the format_image code is wrong and should be referencing properties['project_id'].

On Jun 17, 2011, at 4:11 PM, Vish Ishaya wrote:

Question #161858 on OpenStack Compute (nova) changed: https://answers.launchpad.net/nova/+q...

Status: Open => Answered

Vish Ishaya proposed the following answer: The last mode you used to revoke the all property is supposed to make it private / public. Perhaps the issue is the filter on describe is not working properly to show private images.

Vish

On Jun 17, 2011, at 2:55 PM, Everett Toews wrote:

Question #161858 on OpenStack Compute (nova) changed: https://answers.launchpad.net/nova/+q...

Everett Toews gave more information on the question: BTW, we're using Glance as our image registry.

Everett


You received this question notification because you are a member of Nova Core, which is an answer contact for OpenStack Compute (nova).


You received this question notification because you are a member of Nova Core, which is an answer contact for OpenStack Compute (nova).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-06-17 21:47:05 -0500

Seen: 28 times

Last updated: Jun 20 '11