OpenStack Compute (nova)

Making an image private to a project with euca-modify-image-attribute

Asked by Everett Toews

Hi All,

I'd like to make an image private to a project with euca-modify-image-attribute. Here's what I've tried so far (project name=toews, project user=toews-admin).

root@i-0000044a:/tmp# euca-describe-image-attribute -l ami-00000038
launchPermission ami-00000038 group all

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a 42:toews ami-00000038
ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a toews ami-00000038
ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a toews-admin ami-00000038
ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -a 42 ami-00000038
ApiError: ApiError: user or group not specified

root@i-0000044a:/tmp# euca-modify-image-attribute -l -r all ami-00000038
IMAGE ami-00000038

root@i-0000044a:/tmp# euca-describe-images
IMAGE aki-00000007 ubuntu-10-10-server/maverick-server-uec-amd64-vmlinuz-virtual.manifest.xml available public i386 kernel
IMAGE ami-00000008 ubuntu-10-10-server/maverick-server-uec-amd64.img.manifest.xml available public i386 machine aki-00000007

root@i-0000044a:/tmp#

As you can see any attempt to modify the launch permissions by adding some combination of project user/project name/userid all result in an ApiError. If I remove the all group then the image disappears completely!

Is it possible to make an image private to a project with euca-modify-image-attribute? Any ideas as to how?

Thanks,
Everett

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Vish Ishaya
Solved:
Last query:
Last reply:
Revision history for this message
Everett Toews (everett-toews) said : 		#1

BTW, we're using Glance as our image registry.

Everett

Revision history for this message
Vish Ishaya (vishvananda) said : 		#2

The last mode you used to revoke the all property is supposed to make it private / public. Perhaps the issue is the filter on describe is not working properly to show private images.

Vish

On Jun 17, 2011, at 2:55 PM, Everett Toews wrote:

> Question #161858 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/161858
>
> Everett Toews gave more information on the question:
> BTW, we're using Glance as our image registry.
>
> Everett
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Best Vish Ishaya (vishvananda) said : 		#3

It appears that image['owner_id'] is being returned from ec2 layer, whereas the filtering code is using properties['project_id']. When we have owner_id (tenant_id?) as a first level citizen in glance now we should probably switch over but for now it appears that the format_image code is wrong and should be referencing properties['project_id'].

On Jun 17, 2011, at 4:11 PM, Vish Ishaya wrote:

> Question #161858 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/161858
>
> Status: Open => Answered
>
> Vish Ishaya proposed the following answer:
> The last mode you used to revoke the all property is supposed to make it
> private / public. Perhaps the issue is the filter on describe is not
> working properly to show private images.
>
> Vish
>
> On Jun 17, 2011, at 2:55 PM, Everett Toews wrote:
>
>> Question #161858 on OpenStack Compute (nova) changed:
>> https://answers.launchpad.net/nova/+question/161858
>>
>> Everett Toews gave more information on the question:
>> BTW, we're using Glance as our image registry.
>>
>> Everett
>>
>> --
>> You received this question notification because you are a member of Nova
>> Core, which is an answer contact for OpenStack Compute (nova).
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Everett Toews (everett-toews) said : 		#4

I tried out the fix in the bug you linked to this Vish and it worked.

Thanks!

https://bugs.launchpad.net/nova/+bug/798998

Revision history for this message
Everett Toews (everett-toews) said : 		#5

Thanks Vish Ishaya, that solved my question.