[ovirt-users] oVirt user permissions for fence_rhevm
Rik Theys
Rik.Theys at esat.kuleuven.be
Mon May 18 13:56:23 UTC 2015
Hi,
I've created a user in AD that should only be able to power off/on a
specific VM in oVirt.
I've granted this user UserRole permission on this specific VM.
If I log into the user portal with these credentials I can see the VM
and power it off/on.
When I use the fence_rhevm agent it fails to find the correct "plug". I
fixed this by adding the "Filter: true" header to the fence_rhevm
script. When running manually, fence_rhevm can show me the status of the
plug and can power it on/off.
When I try to integrate this into a pacemaker cluster (on Debian 7)
using the fence_rhevm resource agent it reboots the VM on every monitor
action.
Has anyone succeeded in using fence_rhevm with oVirt on pacemaker 1.1?
Are there any additional oVirt permissions the user needs to make this
work? I don't want to make this fence user an admin for my entire ovirt
datacenter.
The stonith primitive is configured:
primitive p_fence_vm1 stonith:fence_rhevm \
params port="vm1" login="fence-vm1 at mydomain.ad"
ipaddr="ovirt-engine.mydomain" ipport="443" ssl="1" passwd="secret"
verbose="1" pcmk_host_list="vm1" pcmk_host_check="static-list" \
op monitor interval="15m"
Regards,
Rik
--
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>
More information about the Users
mailing list