We're looking at using OpenNebula to support courses in our CS area. This will ultimately require some form of group-based authorization, so that we can restrict control over vm instances to specific groups of students, and so that we can restrict access to disk images to particular classes. There's no support for this out of the box, and more importantly there's no support in the API [that I have been able to find] for associating arbitrary metadata with objects in OpenNebula. Before we start down the road of trying to implement something that meets our needs, I'm curious if anyone else has implemented something that we could either use or at least use as a model.
Ideally, we want to associate objects (networks, disk images, vm instances) with one or more groups, and then use the same backend used for authentication to make authorization decisions. In this case, that means we'd be pulling group information out of LDAP. Cheers, -- Lars Kellogg-Stedman <[email protected]> Senior Technologist Harvard University SEAS Academic and Research Computing (ARC) _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
