[Users] Quota for VMs created from templates

Itamar Heim iheim at redhat.com
Fri Oct 4 11:00:04 EDT 2013


On 10/04/2013 03:14 PM, Mitja Mihelič wrote:
> In addition to the described setup:
> The user was also given a permission on the data center with the role
> VmCreator.
> The user is not listed as a consumer of TemplateQuota, but they have an
> inherited role VmCreator in the permissions tab.
> Could this permission be the reason the user can create and run VMs that
> are associated with TemplateQuota?
>

there is a difference between permission to run a VM, and permission to 
a quota.

user A has a permission to consume a quota Q. user A assigns that quota 
Q to resource R
user B has permission to run resource R. user B doesn't need a 
permission to any quota.

i.e., permission to run is a relation between user and a resource.
permission to quota, is to associate a resource with a quota.

> Regards,
> Mitja
>
> --
> Mitja Mihelič
> ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
> tel: +386 1 479 8877, fax: +386 1 479 88 78
>
> On 10/03/2013 05:06 PM, Einav Cohen wrote:
>> AFAIK, a user cannot create a VM that is associated with one (or more)
>> quota objects on which he doesn't
>> have consumer permissions.
>> i.e. if the VM was created successfully by the user, and this VM is
>> associated with TemplateQuota, and
>> with the quota that has been created for the user (let's call it
>> UserQuota), it means that the user has
>> consumer permissions on both TemplateQuota and UserQuota.
>> If the user doesn't have permissions on one of these Quota objects -
>> the fact that the VM has been created
>> successfully sounds like a bug to me.
>>
>> ----
>> Thanks,
>> Einav
>>
>> ----- Original Message -----
>>> From: "Mitja Mihelič" <mitja.mihelic at arnes.si>
>>> To: users at ovirt.org
>>> Sent: Thursday, October 3, 2013 9:59:06 AM
>>> Subject: [Users] Quota for VMs created from templates
>>>
>>> Hi!
>>>
>>> We are running engine version 3.3.0 on CentOS6 and we have come across a
>>> problem, possibly a bug.
>>> When a user creates a VM from a template, the template's quota is
>>> assigned to the VM.
>>>
>>> Here is the setup:
>>> - quota is set to Enforced on the data center
>>> - quota is created for template purposes (TemplateQuota)
>>> - a template is created from a sealed VM with TemplateQuota assigned
>>> to it
>>> - quota is created for a user, the user is set as its consumer
>>> - the user creates a VM from the mentioned template and leaves the quota
>>> unchanged
>>> - the created VM consumes the user's storage quota but does not consume
>>> their memory and CPU quota
>>>
>>> This way a user can create and run an arbitrary number of VMs as long
>>> they stay within their storage quota.
>>> No errors are reported in the logs.
>>>
>>> Kind regards,
>>> Mitja Mihelic
>>>
>>> --
>>> --
>>> Mitja Mihelič
>>> ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
>>> tel: +386 1 479 8877, fax: +386 1 479 88 78
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



More information about the Users mailing list