On Sat, May 20, 2017 at 12:15 AM, Peter Wood <peterwood.sd(a)gmail.com> wrote:
I did create a bug report and it was closed with the explanation
that
UserVmManager role is not assigned because I'm using the Administration
portal... (???). What other portal do I use? Import/Export is Admin type
operation.
See here:
https://bugzilla.redhat.com/show_bug.cgi?id=1451501
Very simple steps to test it:
- Create a local user called LocalUserA
- Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:
LocalUserA -> [PowerUserRole] -> DEV1 (Cluster)
LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster)
LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)
- Login to the Administration Portal as LocalUserA@internal
- Create a VM, Export the VM, Import the VM
Role UserVmManager is not set for the imported VM.
User LocalUserA can not even boot up the VM due to insufficient
permissions.
How do I setup LocalUserA so it can import VMs and work with them?
Thanks for this information Peter.
I proposed a patch. Let's discuss it in bugzilla.
Thank you,
-- Peter
On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas(a)redhat.com> wrote:
>
>
> On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd(a)gmail.com>
> wrote:
>
>> Hi,
>>
>> I have a group of local users with permissions to create VMs, templates,
>> and VMs from templates. They are allowed to work only in one of the
>> clusters in the datacenter.
>>
>> Now I want one of the local users to be able to import VMs and convert
>> them into templates and I just can't find the recipe for that.
>>
>> The group has these permissions:
>>
>> LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster)
>> LocalUsersGroup -> [PowerUserRole] -> SAN (Storage)
>> LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
>>
>> LocalUserA is part of LocalUsersGroup and should be able to:
>> - Import a VM
>> - Convert the VM to a template for everyone to use
>> - Delete the VM
>>
>> I tried this: LocalUserA -> [VmImporterExporter] -> System
>>
>> LocalUserA can now import VMs and convert them to templates but it can't
>> delete the imported VMs. For some reason [UserVmManager] role is not
>> assigned to LocalUserA on the VMs that were imported.
>>
>
> Right, that seems to be a bug. The import operation should set the user
> that executes it with UserVmManager role on the imported VM, just like add
> VM does for regular VM creation.
> Could you please file a bug?
>
>
>>
>> Before I start messing around I'd appreciate somebody's else opinion on
>> how this should be done.
>>
>>
> Thank you for your time,
>>
>> -- Peter
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>>
http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>