[SOLVED] Linked clones

aik.fiend

New Member
Jul 28, 2014
12
1
1
Hi.

There's a simple workflow of using PVE:
We have any users.
And we have one storage 'local' created by default.
Also we have created some VM's and converted them to templates. We have assumed that every user can create VM by creating linked clone from existing template. And each user mustn't see VM's created by other users.

According to this logic, we may create directories (e. g. using usernames: /var/lib/vz/user1, /var/lib/vz/user2 and so on), add them to PVE as Storages and set permissions (e. g. path=/storage/user1 user=user1@pve role=PVEDatastoreAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin and so on). But while creating linked clone we can't select target storage, so linked clone will be created in /var/lib/vz/images directory, where user1 and user2 haven't pemissions. So linked clone creation will fail with permission denied error.

As workaround you can do next steps:

1) Don't create derectories, so all VM's will be in /var/lib/vz/images.
2) Set up next permissions: path=/vms user=user1@pve role=PVEVMAdmin, path=/storage/local user=user1@pve role=PVEDatastoreAdmin, path=/vms user=user2@pve role=PVEVMAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin
3) Create any linked clones. And set up next permissions:
a. path=/vms/101 user=user2@pve role=NoAccess
b. path=/vms/102 user=user1@pve role=NoAccess
(101 is user1 VM's ID, 102 is user2 VM's ID)​

As you can see workaround will be very hard if you have many users and many VMs. Is there any solutions of this problem?
 
Last edited:
I guess you should use pools, for example create one pool for each user, adding
storage 'local' as member. Then set PVEDatastoreUser,PVEVMAdmin permissions
on the pool:

Code:
# /etc/pve/user.cfg]
pool:user1:::local:
acl:1:/pool/user1:user1@pve:PVEDatastoreUser,PVEVMAdmin:

The user needs to select the pool when he create a new VM.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!