Skip to content

Project roles

A shared project is a set of resources which is available to more than one person (as opposed to the personal projects which are allocated to an individual). A brief summary of the current characteristics is as follows. There will be further evolutions of this model in future revisions of the service.

Function Personal Shared
Ownership Owned by the account Owned by the person requesting the project
Creation Automatically created when the person subscribes to the private cloud service Created manually using the process described
Deletion Removed when the person leaves CERN along with all virtual machines in the personal project. Deletion is manual operation on request
Member Role There are no members other than the person. Members can be added to the project. These new members can perform the same operations as the owner. The list of members can be defined as an e-group.
Account type Primary accounts only Secondary and service accounts can be members. Owners must be a primary account.
Flavors Only the standard m2.* flavors are available Additional flavors can be requested
Quota Quota is fixed Additional quota for storage, CPU and images can be requested
Datacentre Meyrin Meyrin and/or Prevessin

The rights of the roles are as follows:

Role Description
Owner Request Quota Access
Modify who has access to the project
Provide access to supporters
Delete the project
Coordinator Acts on behalf of the Owner of the project, used by bigger communities like experiments to manage multiple projects. It can be assigned to a group
Member VM creation within the quota of the project
VM deletion
Connect to console
Shutdown/Start/Reboot
Upload new images
Delete images

Note: these operations can be performed on any instance inside the project regardless of which account created the VM initially

Supporter Connect to console
Shutdown/Start/Reboot
Rescue

These rights are given to Linux/Windows support lines to fix issues with the operating systems of the machines and are optional.

Note

The VM can be configured to allow users other than members and operators to log into it. These controls are done using the standard Linux mechanisms such as through Puppet. Members should be considered as those administering the VMs rather than logging into them.

Changing members

The members of a project can be changed by the owner or coordinator of a project using the Configure Project or the CLI

Adding support access to Linux or Windows teams

If you have a problem with the operating system of your VM and you want to provide access to the Linux or Windows Team, this can be enabled on a per-project basis.

This can be modified by the owner or coordinator of a project using the Openstack Website through the Configure Project