Users management

R

RRJ

Member
Apr 14, 2010
245
0
16
Estonia, Tallinn
Hello,
looked for an answer on google and wiki, couldn't find one.
How do I allow user to create VMs and CTs?
At this moment I created a storage, user, group and pool.
In the pool menu I've added the storage to the members and two permissions for group where the user is:
PVEVMAdmin and PVEDatastoreUser.

User can see the storage, but can't create any virtual machine nor container.
 
User can manage existing VMs and CTs, but can't create new even, if I give him the Administrator role. Those buttons in upper right corner are gray.
 
works here. post:

Code: 
cat /etc/pve/user.cfg
 
Code: 
sisemon:~# cat /etc/pve/user.cfg
user:urmo@pve:1:0:Urmo:*:urmo@*.ee:Test:
user:root@pam:1:0:::messages@*.ee::


group:Users:urmo@pve::


pool:users:::User-Storage:




acl:1:/pool/users:@Users:PVEDatastoreUser,PVEVMAdmin:
 
Last edited:
you should test it (just enable pvetest repository in your /etc/apt/sources.list)

Code: 
...
deb [URL]http://download.proxmox.com/debian[/URL] squeeze pvetest
...
 
yes. but you can also install just the needed package manually (download with wget and install with dpkg -i ...)
 
Could you, please, tell me the way I can do this? Its semi-production server, don't want to mess things up :)
 
change sources.list to pvetest, run aptitude update && aptitude full-upgrade.

after that, change sources.list back to pve.
 
thanks.
So here is the feedback:
1. yes, user can now see those buttons to create vms and cts.
2. no, user still can't create vms and cts. after user selects "finish", it gets an error depending on selected pool:
a) no pool selected: "Permisssion check failed (403)"
b) pre-created pool selected: "Permisssion check failed (/pool/users, Permissions.Modify|Pool.Allocate) (403)"

If I add the PVEPoolAdmin permission, user can create virtual machines and cts, but he can also modify the pool. that is not what he should be able to do.

How deep do you guys interested in user management and billing for proxmox? We are testing some platforms for "cloud" services and have some experience with Joyent and proxmox. If it is possible, i could take some part of this user oriented and billing project, make some tests and give some ideas/advises from my point of view, as I can easily watch on such things from user's and administrator's point of view. If you are interested - let me know, i will install proxmox on other server and I've got some ideas, as I'm really interested in proxmox, more than in joyent.

For now I see a problem, that if user has permission to create virtual hosts, there is no limitation on how much memory and cpus he can use. It would be great to have a possibility for an administrator to limit the total amount of resources one user may have and then user decides how much cpus, mem and storage he will allocate for his virtual hosts.
for an example a total pool of 6 cpus, 2 gig of ram, 40 gb storage so he could create one machine with total allowed resources or to divide these resources between few machines. - one way of billing
another way could be have some strict sources template for virtual machines that user will ever create and bill him by the amount of machines he has.
 
Last edited:
RRJ said:
2. no, user still can't create vms and cts. after user selects "finish", it gets an error depending on selected pool:
a) no pool selected: "Permisssion check failed (403)"
b) pre-created pool selected: "Permisssion check failed (/pool/users, Permissions.Modify|Pool.Allocate) (403)"
Click to expand...


What is the output of

# pveversion -v
RRJ said:
If I add the PVEPoolAdmin permission, user can create virtual machines and cts, but he can also modify the pool. that is not what he should be able to do.
Click to expand...


No, don't do that.
RRJ said:
How deep do you guys interested in user management and billing for proxmox? We are testing some platforms for "cloud" services and have some experience with Joyent and proxmox. If it is possible, i could take some part of this user oriented and billing project, make some tests and give some ideas/advises from my point of view, as I can easily watch on such things from user's and administrator's point of view. If you are interested - let me know, i will install proxmox on other server and I've got some ideas, as I'm really interested in proxmox, more than in joyent.
Click to expand...


And feedback is welcome.
RRJ said:

For now I see a problem, that if user has permission to create virtual hosts, there is no limitation on how much memory and cpus he can use. It would be great to have a possibility for an administrator to limit the total amount of resources one user may have and then user decides how much cpus, mem and storage he will allocate for his virtual hosts.
for an example a total pool of 6 cpus, 2 gig of ram, 40 gb storage so he could create one machine with total allowed resources or to divide these resources between few machines. - one way of billing
another way could be have some strict sources template for virtual machines that user will ever create and bill him by the amount of machines he has.
Click to expand...

The plan is to add some resource limits to pools (not per users).
 
its from pvetest repository :). didn't work at all with software from pve repo.
Code: 
sisemon:~# pveversion -v
pve-manager: 2.1-8 (pve-manager/2.1/712588a4)
running kernel: 2.6.32-12-pve
proxmox-ve-2.6.32: 2.1-68
pve-kernel-2.6.32-10-pve: 2.6.32-64
pve-kernel-2.6.32-11-pve: 2.6.32-66
pve-kernel-2.6.32-12-pve: 2.6.32-68
lvm2: 2.02.95-1pve2
clvm: 2.02.95-1pve2
corosync-pve: 1.4.3-1
openais-pve: 1.1.4-2
libqb: 0.10.1-2
redhat-cluster-pve: 3.1.8-3
resource-agents-pve: 3.9.2-3
fence-agents-pve: 3.1.7-2
pve-cluster: 1.0-27
qemu-server: 2.0-42
pve-firmware: 1.0-16
libpve-common-perl: 1.0-28
libpve-access-control: 1.0-23
libpve-storage-perl: 2.0-20
vncterm: 1.0-2
vzctl: 3.0.30-2pve5
vzprocps: 2.0.11-2
vzquota: 3.0.12-3
pve-qemu-kvm: 1.1-2
ksm-control-daemon: 1.1-1
resources limit by pools seems quite interesting too.
 
Last edited:
interesting, but as soon as i reached my home place, tried to create the container again, it was success.

i think, there should be some way for users to obtain IP's automatically from some kind of pool, that was arranged by admin.
 
actually not working. it worked twice, than didn't work anymore. some kind of a bug.

update

Is this normal, that two users in same pool can see and manage each others containers?
Where can I find the full tree and path names for permissions?

update

And is there any way to use wildcard-style paths?
for an example, i'd like to create a permission for group "users" to have righs to create VM? in my vision the path should like this:
/vms/$username/

update
Is there any way to add a permission to a single user to create a VM? if i create permission for path: /vms/"username", than user can't create VMs, but if I add at least one existing machine to this user, than he is able to create VMs himself too.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back