© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
When Nova creates a snapshot image it passes is_public=False to the nova.image.glance client wrapper, which translates that to visibility=private in glance v2 parlance. This is legacy behavior from when nova only worked with glance v1.
Looking at the image v2 API, it looks like by default the visibility on an image is 'shared':
https:/
Reading up on image sharing:
https:/
That sounds like what we'd want to do here, is if the context.project_id != instance.
What I'm not sure about is if we have to do anything else besides create the image member, because reading further the docs say:
"When an image is shared, the member is given immediate access to the image. In order to prevent spamming other users’ image lists, a shared image does not appear in a member’s image list until the member “accepts” the image."
So does the demo user have to explicitly accept the image membership to be able to GET it?
I think this answers that question though:
http://
"Let the “producer” be the owner of image 71c675ab-
The producer can share the image with the consumer by making the consumer a member of that image.
To prevent spamming, the consumer must accept the image before it will be included in the consumer’s image list.
The consumer can still boot from the image, however, if the consumer knows the image ID."
In this case, the consumer (demo user) knows the image ID, it's in the instance system_metadata via the shelved_image_id key used in conductor when unshelving the instance:
https:/
So I think that's the answer to this bug. When we shelve, if the user doing the shelving and owning the snapshot is not the owner of the instance, then we need to add the owner of the instance to have shared membership with the image so they can unshelve it.