[ovirt-users] oVirt user permissions for fence_rhevm

[Eli Mesika]

CC Marek Grac 

----- Original Message -----
> From: "Rik Theys" <Rik.Theys at esat.kuleuven.be>
> To: users at ovirt.org
> Sent: Monday, May 18, 2015 4:56:23 PM
> Subject: [ovirt-users] oVirt user permissions for fence_rhevm
> 
> Hi,
> 
> I've created a user in AD that should only be able to power off/on a
> specific VM in oVirt.
> 
> I've granted this user UserRole permission on this specific VM.
> 
> If I log into the user portal with these credentials I can see the VM
> and power it off/on.
> 
> When I use the fence_rhevm agent it fails to find the correct "plug". I
> fixed this by adding the "Filter: true" header to the fence_rhevm
> script. When running manually, fence_rhevm can show me the status of the
> plug and can power it on/off.
> 
> When I try to integrate this into a pacemaker cluster (on Debian 7)
> using the fence_rhevm resource agent it reboots the VM on every monitor
> action.
> 
> Has anyone succeeded in using fence_rhevm with oVirt on pacemaker 1.1?
> Are there any additional oVirt permissions the user needs to make this
> work? I don't want to make this fence user an admin for my entire ovirt
> datacenter.
> 
> The stonith primitive is configured:
> 
> primitive p_fence_vm1 stonith:fence_rhevm \
>          params port="vm1" login="fence-vm1 at mydomain.ad"
> ipaddr="ovirt-engine.mydomain" ipport="443" ssl="1" passwd="secret"
> verbose="1" pcmk_host_list="vm1" pcmk_host_check="static-list" \
>          op monitor interval="15m"
> 
> 
> Regards,
> 
> Rik
> 
> --
> Rik Theys
> System Engineer
> KU Leuven - Dept. Elektrotechniek (ESAT)
> Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
> +32(0)16/32.11.07
> ----------------------------------------------------------------
> <<Any errors in spelling, tact or fact are transmission errors>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>