[SOLVED] resource pools, create vm, network bridge selection

M

mouk

Renowned Member
May 3, 2016
57
2
73
53
Hi,

Wondering about resource pools, and resource separation. In our PoC, I created some test resource pools, added users, VMs and some storages to them. Now, when creating a new VM (as a resource pool member) I see correctly the available storages, but in the last step, I do not see any of the available network bridges. As the user root, I can see all of them.

The logical step would be to add my network bridges to my resource pools, but that functionality does not seem to exist.

How to arrange for my regular users (not PVEAdmins) to be able to select the proper network bridge in the create new VM wizard?
 
We use templates for VMs per resource pool, templates come with NICs defined including virtual bridges they connect to and allowed VLANs. These NICs can not be edited by users after they "full cloned" their VM out of that template.

Tedious part is that somebody :rolleyes: has to maintain and provide templates.
 
  • Like
Reactions: mouk
As you understand, resource pools cannot be used to manage permissions for network bridges.
At present, pools can only be used to manage VMs, containers, and storage.
If you want to allow bridge selection, the practical approach is to grant SDN.Use (typically via the PVESDNUser role) rather than relying on a pool.
 
We're not using the SDN framework, but the 'old style' the bridges, but thanks for the suggestion, both!
 
I’m not sure what exactly you mean by "old style," but even if you are not explicitly using the SDN feature (for example, even if you have not configured anything under Datacenter > SDN), you still need to grant the PVESDNUser role in order to give permission for localnetwork, which appears under the node where the Linux bridge belongs.
Although the role name includes "SDN", this is not tied to whether you are actively using the SDN framework or not; it is the role used to grant permission to use network resources, including local Linux bridges.

https://pve.proxmox.com/pve-docs/chapter-pveum.html#pveum_roles
 
Ah that works yes! Thanks @d.oishi!

I still feel it would also be logical to simply add a network bridge (a resource, much like a storage) to a resource pool, to make it available inside a pool.

Anyway: this works, thanks again!
 
  • Like
Reactions: d.oishi
You must log in or register to reply here.
Top Bottom
Back