Permissions to Import VMs
Hi, I have a group of local users with permissions to create VMs, templates, and VMs from templates. They are allowed to work only in one of the clusters in the datacenter. Now I want one of the local users to be able to import VMs and convert them into templates and I just can't find the recipe for that. The group has these permissions: LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster) LocalUsersGroup -> [PowerUserRole] -> SAN (Storage) LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter) LocalUserA is part of LocalUsersGroup and should be able to: - Import a VM - Convert the VM to a template for everyone to use - Delete the VM I tried this: LocalUserA -> [VmImporterExporter] -> System LocalUserA can now import VMs and convert them to templates but it can't delete the imported VMs. For some reason [UserVmManager] role is not assigned to LocalUserA on the VMs that were imported. Before I start messing around I'd appreciate somebody's else opinion on how this should be done. Thank you for your time, -- Peter
On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd@gmail.com> wrote:
Hi,
I have a group of local users with permissions to create VMs, templates, and VMs from templates. They are allowed to work only in one of the clusters in the datacenter.
Now I want one of the local users to be able to import VMs and convert them into templates and I just can't find the recipe for that.
The group has these permissions:
LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster) LocalUsersGroup -> [PowerUserRole] -> SAN (Storage) LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
LocalUserA is part of LocalUsersGroup and should be able to: - Import a VM - Convert the VM to a template for everyone to use - Delete the VM
I tried this: LocalUserA -> [VmImporterExporter] -> System
LocalUserA can now import VMs and convert them to templates but it can't delete the imported VMs. For some reason [UserVmManager] role is not assigned to LocalUserA on the VMs that were imported.
Right, that seems to be a bug. The import operation should set the user that executes it with UserVmManager role on the imported VM, just like add VM does for regular VM creation. Could you please file a bug?
Before I start messing around I'd appreciate somebody's else opinion on how this should be done.
Thank you for your time,
-- Peter
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I did create a bug report and it was closed with the explanation that UserVmManager role is not assigned because I'm using the Administration portal... (???). What other portal do I use? Import/Export is Admin type operation. See here: https://bugzilla.redhat.com/show_bug.cgi?id=1451501 Very simple steps to test it: - Create a local user called LocalUserA - Grant permissions to create VMs in DEV1 cluster and Import/Export VMs: LocalUserA -> [PowerUserRole] -> DEV1 (Cluster) LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master) LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster) LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master) LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type) - Login to the Administration Portal as LocalUserA@internal - Create a VM, Export the VM, Import the VM Role UserVmManager is not set for the imported VM. User LocalUserA can not even boot up the VM due to insufficient permissions. How do I setup LocalUserA so it can import VMs and work with them? Thank you, -- Peter On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas@redhat.com> wrote:
On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd@gmail.com> wrote:
Hi,
I have a group of local users with permissions to create VMs, templates, and VMs from templates. They are allowed to work only in one of the clusters in the datacenter.
Now I want one of the local users to be able to import VMs and convert them into templates and I just can't find the recipe for that.
The group has these permissions:
LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster) LocalUsersGroup -> [PowerUserRole] -> SAN (Storage) LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
LocalUserA is part of LocalUsersGroup and should be able to: - Import a VM - Convert the VM to a template for everyone to use - Delete the VM
I tried this: LocalUserA -> [VmImporterExporter] -> System
LocalUserA can now import VMs and convert them to templates but it can't delete the imported VMs. For some reason [UserVmManager] role is not assigned to LocalUserA on the VMs that were imported.
Right, that seems to be a bug. The import operation should set the user that executes it with UserVmManager role on the imported VM, just like add VM does for regular VM creation. Could you please file a bug?
Before I start messing around I'd appreciate somebody's else opinion on how this should be done.
Thank you for your time,
-- Peter
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Sat, May 20, 2017 at 12:15 AM, Peter Wood <peterwood.sd@gmail.com> wrote:
I did create a bug report and it was closed with the explanation that UserVmManager role is not assigned because I'm using the Administration portal... (???). What other portal do I use? Import/Export is Admin type operation.
See here: https://bugzilla.redhat.com/show_bug.cgi?id=1451501
Very simple steps to test it:
- Create a local user called LocalUserA
- Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:
LocalUserA -> [PowerUserRole] -> DEV1 (Cluster) LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master) LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster) LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master) LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)
- Login to the Administration Portal as LocalUserA@internal
- Create a VM, Export the VM, Import the VM
Role UserVmManager is not set for the imported VM. User LocalUserA can not even boot up the VM due to insufficient permissions.
How do I setup LocalUserA so it can import VMs and work with them?
Thanks for this information Peter. I proposed a patch. Let's discuss it in bugzilla.
Thank you,
-- Peter
On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas@redhat.com> wrote:
On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd@gmail.com> wrote:
Hi,
I have a group of local users with permissions to create VMs, templates, and VMs from templates. They are allowed to work only in one of the clusters in the datacenter.
Now I want one of the local users to be able to import VMs and convert them into templates and I just can't find the recipe for that.
The group has these permissions:
LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster) LocalUsersGroup -> [PowerUserRole] -> SAN (Storage) LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
LocalUserA is part of LocalUsersGroup and should be able to: - Import a VM - Convert the VM to a template for everyone to use - Delete the VM
I tried this: LocalUserA -> [VmImporterExporter] -> System
LocalUserA can now import VMs and convert them to templates but it can't delete the imported VMs. For some reason [UserVmManager] role is not assigned to LocalUserA on the VMs that were imported.
Right, that seems to be a bug. The import operation should set the user that executes it with UserVmManager role on the imported VM, just like add VM does for regular VM creation. Could you please file a bug?
Before I start messing around I'd appreciate somebody's else opinion on how this should be done.
Thank you for your time,
-- Peter
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Arik Hadas -
Peter Wood