openvswitch permissions missing?

athompso

Renowned Member
Sep 13, 2013
129
8
83
I'm trying to use pools and roles to allow limited user self-service, but I'm stuck on allowing them to create their own VMs. The sticking point appears, I think(???) to be that I'm using OpenvSwitch. Openvswitch works great for my needs, but I don't see any permissions for it in the PVE model, and when a role-assigned user tries to create a new VM, unless they have Administrator permission on "/", they don't see any bridge devices to attach to the VM.

Am I missing something obvious? I would like to continue using openvswitch, it makes VLAN management so incredibly easy compared to the Linux VLAN-based bridges.

Thoughts? Ideas?

thanks,
-Adam
 
further testing reveals that PVEAuditor permissions at "/" is adequate to let the user see vmbr0, but VM creation fails with:
Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use) (403)

Oh, even though I'm not [knowingly!] using SDN in any way, adding them as "SDNUser" to "/" seems to work.
Ah, even better, adding them as "SDNUser" role to "/sdn/zones/localnetwork" is adequate to allow them to create VMs.

Did I this in the docs somewhere? I admit I didn't pay much attention to the new SDN features b/c I don't need SDN features.
-Adam
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!