Project roles
A shared project is a set of resources which is available to more than one person (as opposed to the personal projects which are allocated to an individual). A brief summary of the current characteristics is as follows. There will be further evolutions of this model in future revisions of the service.
| Function | Personal | Shared |
|---|---|---|
| Ownership | Owned by the account | Owned by the person requesting the project |
| Creation | Automatically created when the person subscribes to the private cloud service | Created manually using the process described |
| Deletion | Removed when the person leaves CERN along with all virtual machines in the personal project. | Deletion is manual operation on request |
| Member Role | There are no members other than the person. | Members can be added to the project. These new members can perform the same operations as the owner. The list of members can be defined as an e-group. |
| Account type | Primary accounts only | Secondary and service accounts can be members. Owners must be a primary account. |
| Flavors | Only the standard m2.* flavors are available | Additional flavors can be requested |
| Quota | Quota is fixed | Additional quota for storage, CPU and images can be requested |
| Datacentre | Meyrin | Meyrin and/or Prevessin |
The rights of the roles are as follows:
| Role | Description |
|---|---|
| Owner | Request Quota Access Modify who has access to the project Provide access to supporters Delete the project |
| Coordinator | Acts on behalf of the Owner of the project, used by bigger communities like experiments to manage multiple projects. It can be assigned to a group |
| Member | VM creation within the quota of the project VM deletion Connect to console Shutdown/Start/Reboot Upload new images Delete images Note: these operations can be performed on any instance inside the project regardless of which account created the VM initially |
| Supporter | Connect to console Shutdown/Start/Reboot Rescue These rights are given to Linux/Windows support lines to fix issues with the operating systems of the machines and are optional. |
Note
The VM can be configured to allow users other than members and operators to log into it. These controls are done using the standard Linux mechanisms such as through Puppet. Members should be considered as those administering the VMs rather than logging into them.
Changing members
The members of a project can be changed by the owner or coordinator of a project using the Configure Project or the CLI
Adding support access to Linux or Windows teams
If you have a problem with the operating system of your VM and you want to provide access to the Linux or Windows Team, this can be enabled on a per-project basis.
This can be modified by the owner or coordinator of a project using the Openstack Website through the Configure Project