add node to the PDM (token permission ??)

T

ThierryIT69

New Member
Mar 28, 2024
20
3
3
Hello and happy new year :)

So I have two nodes, working ... accessible.
Both in version 9.1.4 and updated.

I have installed this morning the PDM 1.0.1 all updated (as VM in one of the two nodes I have).

I was able to add in the "remote" my two nodes using tokens ...
There are now visibles from the PDM execept I do not have any data:
- No virtual machines, no linux containers, no highest CPU usage etc.

I have used tokens to auth when adding my node .... As you can see in the attrached file, I do have a problem "status 403" ...
To correct this, I have done a second token with as permission: PVEAudit (Sys.Audit is in it) .... Saame pb ....

Ideas ?
 

Attachments

  • {9A4FF6CB-4250-412C-876F-2128343F8DB4}.png
    {9A4FF6CB-4250-412C-876F-2128343F8DB4}.png
    33.4 KB · Views: 4
Still working on it.
Still not working.

From the PDM Administration/Sytem Report
Code: 
STDERR:
```
skipping host 192.168.XXX.XX:8006 - marked unreachable    (node2)
skipping host 192.168.XXX.XX:8006 - marked unreachable        (node3)

From the PDM Administration / Syslog

Code: 
proxmox-datacenter-api[673]: failed to query info for remote 'pve-node2' node '192.168.XXX.XX:8006' - api error (status = 403: Permission check failed (/, Sys.Audit)
)
proxmox-datacenter-api[673]: failed to query info for remote 'pve-node3' node '192.168.XXX.XX:8006' - api error (status = 403: Permission check failed (/, Sys.Audit)

I do not understand why I do have this error message. I have done another Token with the right permission .... (/, PVEAudit)
Is there any work aroung when using FW on both Node2 and 3 ?
 
Last edited:
I have change the token again to "/, PVEAUDIT" ...

Code: 
api error (status = 400: api error (status = 403: Permission check failed (/nodes/pve-node2, Sys.Audit) ))

I am now almost sure that's a Token problem .... What permission should I give ??

To do my Token:

API token permission
Path: /nodes/pve-node2
Role: PVEAuditor
Propagate: Yes

Is it wrong ??

I have create a new ROLE:

  • Sys.Modify
  • Sys.Audit
  • Datastore.AllocateSpace
  • VM.Allocate
  • VM.Audit
Still doersn't work.
 
Last edited:
So I have found where the problem was .... It was a token permission problem.
So the question is what permissions do the token needs ?? For my test I am using "administrator / " ....
Thx
 
You must log in or register to reply here.
Top Bottom
Back