[ovirt-users] oVirt user permissions for fence_rhevm

Rik Theys Rik.Theys at esat.kuleuven.be
Mon May 18 13:56:23 UTC 2015


Hi,

I've created a user in AD that should only be able to power off/on a 
specific VM in oVirt.

I've granted this user UserRole permission on this specific VM.

If I log into the user portal with these credentials I can see the VM 
and power it off/on.

When I use the fence_rhevm agent it fails to find the correct "plug". I 
fixed this by adding the "Filter: true" header to the fence_rhevm 
script. When running manually, fence_rhevm can show me the status of the 
plug and can power it on/off.

When I try to integrate this into a pacemaker cluster (on Debian 7) 
using the fence_rhevm resource agent it reboots the VM on every monitor 
action.

Has anyone succeeded in using fence_rhevm with oVirt on pacemaker 1.1? 
Are there any additional oVirt permissions the user needs to make this 
work? I don't want to make this fence user an admin for my entire ovirt 
datacenter.

The stonith primitive is configured:

primitive p_fence_vm1 stonith:fence_rhevm \
         params port="vm1" login="fence-vm1 at mydomain.ad" 
ipaddr="ovirt-engine.mydomain" ipport="443" ssl="1" passwd="secret" 
verbose="1" pcmk_host_list="vm1" pcmk_host_check="static-list" \
         op monitor interval="15m"


Regards,

Rik

-- 
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>



More information about the Users mailing list