Ask Your Question
0

how does the membership work in glance?

asked 2011-12-05 18:04:06 -0500

Hi all,

I'm trying to use glance membership with keystone configured. I don't know if I understood correctly how that should work.

Suppose having 2 tenants: tenA and tenB. tenA is owner of a private image and grants the membership to tenB. tenB is listed as member of the image using "glance member-images tenB". In this scenario - should tenB see the private image through glance index/details/show? - should tenB be able to launch a new instance using that image?

I think so but using glance CLI I can't do these operations, because tenB is not able to see tenA's private image. Can anyone help me?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2011-12-06 09:56:04 -0500

Thanks Kevin L. Mitchell, that solved my question.

edit flag offensive delete link more
0

answered 2011-12-06 10:03:21 -0500

By the way I had this issue because I followed the identity service guide on http://docs.openstack.org and there, in the member-add example, the tenant is indicated like a literal string and nowhere is specified that it must be an ID.

edit flag offensive delete link more
0

answered 2011-12-05 18:27:35 -0500

On Mon, 2011-12-05 at 18:05 +0000, Andrea Siringo wrote:

Suppose having 2 tenants: tenA and tenB. tenA is owner of a private image and grants the membership to tenB. tenB is listed as member of the image using "glance member-images tenB". In this scenario - should tenB see the private image through glance index/details/show?

Yes, tenB should be able to see the private image.

  • should tenB be able to launch a new instance using that image?

Yes, tenB should be able to launch a new instance using that image.

I think so but using glance CLI I can't do these operations, because tenB is not able to see tenA's private image. Can anyone help me?

How are you specifying the tenants? Are you using tenant name or tenant ID? (Do a glance show as tenA on the image and see what the "ownership" is shown as.) There are tests that attempt to verify that this functionality doesn't break, but there is the possibility that something

has bitrotted...

Kevin L. Mitchell kevin.mitchell@rackspace.com

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-12-05 18:04:06 -0500

Seen: 38 times

Last updated: Dec 06 '11