[Users] Fwd: [Engine-devel] Adding users and assigning roles in Ovirt
by Einav Cohen
[moving discussion to the users mailing list]
while it seems that we all agree that adding some sort of a wizard
that will allow easy permission assignment to newly-added users, it
doesn't seem like something that can be accomplished soon (e.g. for
ovirt 3.4).
maybe we can utilize Ramesh's initial suggestion [1] for the short term -
allow assignment of *System* permissions in the context of the 'Add
User(s)' dialog [with an explicit clarification within the dialog that
we are talking about *System* permissions, so that the admin will be
aware that the privileges that he can assign in this context would be
very permissive]
any thoughts?
how extensively are system permissions used in oVirt in general?
[if adding a system permission is not a common/popular action, there
is no reason to expose it in the 'Add User(s)' dialog, since it will
probably be hardly used anyway]
maybe different ideas for short-term solutions?
----
Thanks,
Einav
[1] http://lists.ovirt.org/pipermail/engine-devel/2013-December/006059.html
----- Forwarded Message -----
From: "Yair Zaslavsky" <yzaslavs(a)redhat.com>
To: "Einav Cohen" <ecohen(a)redhat.com>
Cc: "Oved Ourfalli" <ovedo(a)redhat.com>, engine-devel(a)ovirt.org
Sent: Monday, December 2, 2013 4:09:10 PM
Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt
----- Original Message -----
> From: "Einav Cohen" <ecohen(a)redhat.com>
> To: "Malini Rao" <mrao(a)redhat.com>
> Cc: "Oved Ourfalli" <ovedo(a)redhat.com>, engine-devel(a)ovirt.org
> Sent: Monday, December 2, 2013 9:55:45 PM
> Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt
>
> > ----- Original Message -----
> > From: "Malini Rao" <mrao(a)redhat.com>
> > Sent: Monday, December 2, 2013 2:20:06 PM
> >
> > Joining in the thread a bit green but wouldn't it be ok to add the new user
> > with the most basic permissions by default ( may be just read only
> > permissions)until the admin goes and deliberately tweaks permissions or
> > assigns a role?
>
> this is similar to what Oved has suggested, but I think that it won't really
> make any difference, since there is very little chance, in my view, that
> these
> permissions would be sufficient for anything - the admin would need to assign
> additional/different permissions at some point anyway, so not much point in
> allowing that default minimal assignment in the first place - we might as
> well
> keep the 'Add User(s)' dialog as is.
>
> >
> > Also, if we add that roles drop down as Einav mentioned, isn't there a way
> > to
> > only show that drop down if the logged in user is an admin role?
>
> the logged in user must be an admin, as the 'Add User(s)' dialog (which is
> available from the Users main tab) exists only in the web-admin, which is
> accessible only to admins by definition.
>
> >
> > +1 on the user adding wizard. I think in general connecting related task
> > flows together will improve the overall UX too.
+1 here
>
> agreed.
>
> >
> > Thanks
> > Malini
> >
> > ----- Original Message -----
> > From: "Einav Cohen" <ecohen(a)redhat.com>
> > To: "Gilad Chaplik" <gchaplik(a)redhat.com>, "Ramesh" <rnachimu(a)redhat.com>,
> > "Oved Ourfalli" <ovedo(a)redhat.com>
> > Cc: engine-devel(a)ovirt.org
> > Sent: Monday, December 2, 2013 1:37:57 PM
> > Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt
> >
> > we should definitely not completely remove the possibility to add
> > permission-less users to the system,
> > due to possible use-cases as Gilad mentioned and/or simply to allow the
> > flexibility of adding the user
> > first, and only then adding the relevant (business entity and) permissions,
> > should the admin choose to
> > do so.
> >
> > the more correct location to add system permissions to a user would
> > probably
> > be a 'Add System Permission'
> > dialog that will be available from the Permissions sub-tab of the Users
> > main
> > tab, however it won't allow
> > to assign system permissions to several users at once, so I understand the
> > need for this ability within
> > the 'Add User(s)' dialog.
> >
> > I think that adding an "allow user to login" check-box would not be good
> > enough, since once a user
> > would be able to login, he won't be able to do (or even see) anything
> > (well,
> > other than the 'Blank'
> > Template, maybe), so the admin would need to assign additional permissions
> > to
> > this user anyway.
> > The minimal solution in my view is to add a "assign these users the
> > following
> > system permissions"
> > check-box, with a Roles drop down; as Gilad mentioned - need to be very
> > careful with that, as
> > system-wide permissions are powerful.
> > A more comprehensive solution (more complex for implementation) would
> > probably be, as Oved mentioned,
> > some sort of a user-adding-wizard, that will allow easy
> > permissions-assignment (maybe even not only
> > system-wide permissions) to the newly-added users.
> >
> > ----
> > Thanks,
> > Einav
> >
> > ----- Original Message -----
> > > From: "Gilad Chaplik" <gchaplik(a)redhat.com>
> > > To: "Oved Ourfalli" <ovedo(a)redhat.com>
> > > Cc: engine-devel(a)ovirt.org
> > > Sent: Monday, December 2, 2013 3:47:56 AM
> > > Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt
> > >
> > > Hi Ramesh,
> > >
> > > You're right, I also think that the 'add users' is a bit pointless, but
> > > adding a system permission in that dialog can be dangerous (if admin
> > > doesn't
> > > fully understand what he's doing, and MLA is complicated enough ;-) ).
> > >
> > > Currently when adding a permission we can specify a AD-user (regardless
> > > to
> > > the fact he's added or not), So eventually power users can add users to
> > > the
> > > system.
> > > I can think of a case, that admins will want to manage the users by
> > > themselves, i.e- power users can add permissions for the added users
> > > only.
> > > this way this dialog can be useful.
> > >
> > > Thanks,
> > > Gilad.
> > >
> > > ----- Original Message -----
> > > > From: "Oved Ourfalli" <ovedo(a)redhat.com>
> > > > To: "Ramesh" <rnachimu(a)redhat.com>
> > > > Cc: engine-devel(a)ovirt.org
> > > > Sent: Monday, December 2, 2013 9:01:52 AM
> > > > Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt
> > > >
> > > > Your E-mail made me look a bit and check the different flows.
> > > >
> > > > I think the only use-case for adding users without giving any
> > > > permissions
> > > > is
> > > > when you add a user for notification reasons.
> > > > You can add a user, and then in the Event Notifier sub-tab define what
> > > > events
> > > > he will get via E-mail.
> > > > afaik (and I'm not an event notifier expert), this user doesn't have to
> > > > be
> > > > able to login, or to have permissions of any kind. He just gets events.
+1 - this is due to the fact a user has an email account - no need to login to ovirt-engine
in order to read your emails :)
> > > >
> > > > Other than that you're right. A user which is added to the system can't
> > > > do
> > > > much without assigning him roles.
> > > > I think adding roles assignment to this dialog may be a bit cumbersome.
> > > > Perhaps some wizard is required in that case. Or at least some checkbox
> > > > saying "allow user to login". That way the new user will be able to
> > > > login,
> > > > and he will have some default permissions as well (permissions granted
> > > > to
> > > > Everyone).
> > > >
> > > > Let's see what others think.
> > > >
> > > > Regards,
> > > > Oved
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Ramesh" <rnachimu(a)redhat.com>
> > > > > To: engine-devel(a)ovirt.org
> > > > > Sent: Monday, December 2, 2013 7:22:53 AM
> > > > > Subject: [Engine-devel] Adding users and assigning roles in Ovirt
> > > > >
> > > > > Hi All,
> > > > >
> > > > > We have 'Add' action under 'Users' main tab to add users in Ovirt
> > > > > .
> > > > > It looks slightly different from the "Add user" option of the
> > > > > Configure
> > > > > option. Actually, this one is missing the "Role to Assign" option. I
> > > > > think without assigning any role, adding a user is not meaningful and
> > > > > it
> > > > > didn't complete the flow.
> > > > >
> > > > > Currently to assign any role to the user, either we have to use
> > > > > 'Configure' option ( to add system permission) or we have to go to
> > > > > the
> > > > > specific entity and add permission for that entity. It will be nice
> > > > > if
> > > > > we can assign roles( system level permissions) while adding users in
> > > > > 'Users' tab itself. It will be a clear user flow where one can add
> > > > > user
> > > > > and assign role in the same place.
> > > > >
> > > > > I have attached both the screen shots.
> > > > >
> > > > > please share your thoughts.
> > > > >
> > > > > Regards,
> > > > > Ramesh
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Engine-devel mailing list
> > > > > Engine-devel(a)ovirt.org
> > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > > > >
> > > > _______________________________________________
> > > > Engine-devel mailing list
> > > > Engine-devel(a)ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > > >
> > > _______________________________________________
> > > Engine-devel mailing list
> > > Engine-devel(a)ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > >
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> >
> >
> >
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
_______________________________________________
Engine-devel mailing list
Engine-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel
10 years, 11 months
[Users] How to backup thin provisioned qcow2 disks?
by Ernest Beinrohr
This is a multi-part message in MIME format.
--------------010101040609000103060503
Content-Type: text/plain; charset=windows-1250; format=flowed
Content-Transfer-Encoding: 8bit
Hi, I'm currently looking for ways to backup my disks.
Live storage migration converted my disks from
preallocated to thin provisioning. Preallocated disk
backups are working from a simple dd from a snapshot,
but the thin qcow2 disks are a problem. I seems it uses
multiple logical volumes (3 in my case). Also they
are combined MUCH bigger than the preallocated:
8GB raw vs thin: 31 GB - 1 snapshot.
So I have two questions:
- how would you backup these thin disks?
- is it possible to convert thin to preallocated and
discard the snapshots
thanks
--
Ernest Beinrohr, AXON PRO
DevOps, Ing <http://www.beinrohr.sk/ing.php>, RHCE
<http://www.beinrohr.sk/rhce.php>, RHCVA
<http://www.beinrohr.sk/rhce.php>, LPIC
<http://www.beinrohr.sk/lpic.php>, VCA <http://www.beinrohr.sk/vca.php>,
+421-2--6241-0360 <callto://+421-2--6241-0360>, +421-903--482-603
<callto://+421-903--482-603>
icq:28153343, skype:oernii-work <callto://oernii-work>,
jabber:oernii@jabber.org
------------------------------------------------------------------------
For a successful technology, reality must take precedence over public
relations, for Nature cannot be fooled. Richard Feynman
--------------010101040609000103060503
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1250">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi, I'm currently looking for ways to backup my disks. <br>
Live storage migration converted my disks from <br>
preallocated to thin provisioning. Preallocated disk <br>
backups are working from a simple dd from a snapshot, <br>
but the thin qcow2 disks are a problem. I seems it uses <br>
multiple logical volumes (3 in my case). Also they <br>
are combined MUCH bigger than the preallocated:<br>
8GB raw vs thin: 31 GB - 1 snapshot.<br>
<br>
So I have two questions:<br>
- how would you backup these thin disks?<br>
- is it possible to convert thin to preallocated and <br>
discard the snapshots<br>
<br>
<br>
thanks<br>
<br>
<div class="moz-signature">-- <br>
<div id="oernii_footer" style="color: gray;">
<span style="font-family: Lucida Console, Luxi Mono, Courier,
monospace; font-size: 90%;">
Ernest Beinrohr, AXON PRO<br>
DevOps,
<a style="text-decoration: none; color: gray;"
href="http://www.beinrohr.sk/ing.php">Ing</a>, <a
style="text-decoration: none; color: gray;"
href="http://www.beinrohr.sk/rhce.php">RHCE</a>, <a
style="text-decoration: none; color: gray;"
href="http://www.beinrohr.sk/rhce.php">RHCVA</a>, <a
style="text-decoration: none; color: gray;"
href="http://www.beinrohr.sk/lpic.php">LPIC</a>, <a
style="text-decoration: none; color: gray;"
href="http://www.beinrohr.sk/vca.php">VCA</a>, <a
style="text-decoration: none; color: gray;"
href="callto://+421-2--6241-0360">+421-2--6241-0360</a>, <a
style="text-decoration: none; color: gray;"
href="callto://+421-903--482-603">+421-903--482-603</a><br>
icq:28153343, <a style="text-decoration: none; color: gray;"
href="callto://oernii-work">skype:oernii-work</a>,
<a class="moz-txt-link-abbreviated" href="mailto:jabber:oernii@jabber.org">jabber:oernii@jabber.org</a>
<br>
</span>
<hr style="height: 1px; width: 95%"> <span style="font-size:
70%;">
For a successful technology, reality must take precedence
over public relations, for Nature cannot be fooled. Richard
Feynman </span> </div>
</div>
<img
src="http://nojsstats.appspot.com/UA-44497096-1/email.beinrohr.sk"
moz-do-not-send="true" border="0" width="1" height="1">
</body>
</html>
--------------010101040609000103060503--
10 years, 11 months
[Users] intallation problems
by Dimitriy Groisman
------=_Part_94_734274768.1386140870667
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
During the All-In-One plugin i get an error :
http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-6...: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
Error: failure: repodata/f23900ffcdcd2712670207635f1fbb0b27407f78591ccbaa313501d53b2c4cb2-filelists.sqlite.bz2 from glusterfs-epel: [Errno 256] No more mirrors to try.
is there a workaround this problem?
Thank you.
------=_Part_94_734274768.1386140870667
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: times new roman, new york, times, se=
rif; font-size: 12pt; color: #000000"><div>During the <span style=3D"color:=
#2e3436; font-family: 'Source Sans Pro', sans-serif; font-size: 14px; line=
-height: 20px; background-color: #ffffff;" data-mce-style=3D"color: #2e3436=
; font-family: 'Source Sans Pro', sans-serif; font-size: 14px; line-height:=
20px; background-color: #ffffff;">All-In-One plugin </span> i get an =
error :</div><div><br></div><div><p style=3D"margin: 0px;" data-mce-style=
=3D"margin: 0px;">http://download.gluster.org/pub/gluster/glusterfs/LATEST/=
EPEL.repo/epel-6/x86_64/repodata/f23900ffcdcd2712670207635f1fbb0b27407f7859=
1ccbaa313501d53b2c4cb2-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "=
The requested URL returned error: 404 Not Found"<br>Trying other mirror.<br=
>Error: failure: repodata/f23900ffcdcd2712670207635f1fbb0b27407f78591ccbaa3=
13501d53b2c4cb2-filelists.sqlite.bz2 from glusterfs-epel: [Errno 256] No mo=
re mirrors to try.</p><p style=3D"margin: 0px;" data-mce-style=3D"margin: 0=
px;"><br></p><p style=3D"margin: 0px;" data-mce-style=3D"margin: 0px;">is t=
here a workaround this problem?</p><p style=3D"margin: 0px;" data-mce-style=
=3D"margin: 0px;"><br></p><p style=3D"margin: 0px;" data-mce-style=3D"margi=
n: 0px;">Thank you.</p><p style=3D"margin: 0px;" data-mce-style=3D"margin: =
0px;"><br></p><p style=3D"margin: 0px;" data-mce-style=3D"margin: 0px;"><br=
></p></div></div></body></html>
------=_Part_94_734274768.1386140870667--
10 years, 11 months
Re: [Users] crafting a POST request to the oVirt API manually
by Michael Pasternak
Hi,
On 12/04/2013 10:16 AM, Itamar Heim wrote:
>
> [Users] crafting a POST request to the oVirt API manually.eml
>
> Subject:
> [Users] crafting a POST request to the oVirt API manually
> From:
> i iordanov <iiordanov(a)gmail.com>
> Date:
> 12/03/2013 11:50 PM
>
> To:
> "users(a)ovirt.org" <users(a)ovirt.org>
>
>
> Hello,
>
> Can somebody give me some pointers on how to craft POST requests to the API "by hand" with (for example) a Firefox plugin like Poster:
>
> https://addons.mozilla.org/en-US/firefox/addon/poster/
>
> It would be very helpful for libgovirt development.
this [1] should give you a clue on how to use http methods, and this [2]
what content to be send and what is available in general at api.
[1] http://www.ovirt.org/REST-Api#oVirt-API_How-to_.28the_methods.29
[2] on your environment run:
2.1 GET http[2]://myserver[:port]/api?rsdl (RESTful service description language)
2.2 GET http[2]://myserver[:port]/api?schema (xsd schema we used to model our api)
hope it helps.
>
> Thanks!
> iordan
>
> --
> The conscious mind has only one thread of execution.
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Michael Pasternak
RedHat, ENG-Virtualization R&D
10 years, 11 months
[Users] CentOS upgrade from 3.2 to 3.3
by Karli Sjöberg
Hi all!
Just wanted to express my deepest admiration for the progress of this
project. You may or may not remember my quest for upgrading from 3.1 to
3.2 and just how difficult a seemingly trivial thing can turn out to be
quite the ordeal...
This time around, we followed this post by dreyou on how to go from his
3.2-repo to the ovirt.org stable repo 3.3:
http://wiki.dreyou.org/dokuwiki/doku.php?id=ovirt_rpm_start33
And the whole process _just worked_! Something that actually made me
even more nervous, left me feeling like "OK, so this is going just too
well, I´ve got a bad feeling about this...":) But no, nothing ever blew
us out the sky and the entire process of upgrading the engine and six
hosts went through in just under the hour from start to finish! Best
part is of course that our customers VM´s never even noticed; a
completely live upgrade. Awesome!
I mean, I worked my ass off trying to go from 3.1 to 3.2, I´ve actually
put a mental block on the actual time it took, but probably six months
of planning and trial and error, to have this done in under an hour...
All I can say is THANK YOU! Both to you developers of oVirt and a
special thank you to dreyou for posting such a well-written manual.
Thank you. Thank you. Thank you:)
--
Med Vänliga Hälsningar
-------------------------------------------------------------------------------
Karli Sjöberg
Swedish University of Agricultural Sciences
Box 7079 (Visiting Address Kronåsvägen 8)
S-750 07 Uppsala, Sweden
Phone: +46-(0)18-67 15 66
karli.sjoberg(a)slu.se
10 years, 11 months
[Users] qemu: too many ide bus during v2v migration
by Stefan Wendler
Hi,
we're currently migrating over from esxi to ovirt. V2v is pretty smooth, up
until I try to migrate a vm with more than 3 SCSI disks.
The disks are exported from esxi as IDE and after the disks have been copied
over, the process fails with "qemu: Too many IDE bus"
Is there a practical way to fix this?
Thanks for your help,
Stefan
10 years, 11 months
[Users] Fwd: oVirt 3.3.1 REST-API: UML for all Objects?
by Sven Kieske
Hi,
as I didn't get any reply until today from the REST-API
Maintainer, maybe someone on the users list knows where
such a list of all objects can be obtained?
See below for detailed information.
Thank you!
-------- Original-Nachricht --------
Betreff: oVirt 3.3.1 REST-API: UML for all Objects?
Datum: Fri, 29 Nov 2013 11:07:22 +0100
Von: Sven Kieske <s.kieske(a)mittwald.de>
An: mpastern(a)redhat.com
Hi,
you are listed as the REST-API Maintainer, so I write to you and hope
you can help me.
We need a description (preferred as UML, but we take anything we can get
) about all Objects which are provided through the Rest-API.
We know we can call via REST-API, but it seems not all objects are
reported back, e.g. if the object is not set.
Example: Via GUI, you can set a description for each VM-Disk, but this
does not get reported if I call this disk via REST-API.
In the RHEV-API-Guide (Developers Guide) 3.2 there is no such list
and browsing via gitweb was also not successful(maybe we looked in the
wrong place?).
Is there such a list or UML for all accessible REST-API-Objects for
oVirt 3.3.1?
Or are the objects which can't be seen via REST-API not implemented
in the REST-API and are therefore just accessible over GUI?
Thanks for your help!
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
10 years, 11 months
[Users] ovirtmgmt not installed
by Pascal Jakobi
*Hi there *
*I installed a console on F19, then a F19 host (time 11:09 today).*
*Everything works fine, apart from the installation of the mgmt network at
the end.*
*Can someone tell me what's going wrong ?*
*Thxs in advance*
*Pascal*
10 years, 11 months
