[one-users] Problem with virtual network ACLs for multiple users

Michael Rebstock rusreb at rus.uni-stuttgart.de
Wed Aug 22 01:15:29 PDT 2012


Hi Carlos Martín,

 

these days I had the time to try out your proposal. Thank you very much – this was the right solution for my problem.

I entered the ID of the network instead of the name and it works fine now! 

Maybe this is a point to clarify in the next documentation.

 

Best regards

Michael

 

 

Von: Carlos Martín Sánchez [mailto:cmartin at opennebula.org] 
Gesendet: Dienstag, 24. Juli 2012 17:55
An: Michael Rebstock
Cc: jan.benadik at atos.net; users at lists.opennebula.org
Betreff: Re: [one-users] Problem with virtual network ACLs for multiple users

 

Hi,

 

The error messages in the screen captures you both sent are not related to permissions or ACL rules.

 

When a NIC (or DISK) uses a Virtual Network (or Image), you can set its ID, or its name and owner [1].

Sunstone sets the following in the VM templates:

 

NIC = [ NETWORK = 319ervlan, NETWORK_UID = 6 ]

 

>From your screen captures, looks like you created the VM Template when the network 319ervlan was owned by the User 6, and then changed its owner to 7.

 

 

Regards

 

[1] http://opennebula.org/documentation:rel3.6:template

 

 

 

--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization

www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula <http://twitter.com/opennebula> 





On Tue, Jul 24, 2012 at 2:04 PM, Michael Rebstock <rusreb at rus.uni-stuttgart.de> wrote:

Hi Jan, hi Carlos Martín,

 

as Carlos Martín mentioned in is first Mail, I executed the chmod-command (“onevnet chmod 0 604”) but this did not solve my problem.

Moreover I created all my images by providing a path, so this seems not to be the adequate solution for my problem, Jan.

 

In the attachment I added some screenshots, including:

- the error-message when trying to instantiate a new VM (“createNewVM_error”), 

- the Image info(“ImageInformation”), 

- the VLAN info (“VLAN319_info”) and 

- the users and groups (“UserAndGroups”).

 

Hope that helps you to help me ;-)

 

Best Regards

Michael

 

Von: Jan Benadik [mailto:jan.benadik at atos.net] 
Gesendet: Dienstag, 24. Juli 2012 08:30
An: Carlos Martín Sánchez
Cc: rusreb at rus.uni-stuttgart.de; users at lists.opennebula.org
Betreff: Re: [one-users] Problem with virtual network ACLs for multiple users

 

Hi,

let see an attached screenshots.

As I wrote already - if the HDD image is created by providing path to file, everything works well (picture image-prop-right.png), if HDD image is created by providing "source" - an error (shot1.png) occurs in time of VM starting. 

Jan

Dňa 23.07.2012 18:45, Carlos Martín Sánchez wrote / napísal(a):

Hi, 

 

Could elaborate a bit more? What error message is returning opennebula?

 

Regards
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization 

www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula <http://twitter.com/opennebula> 

 

On Mon, Jul 23, 2012 at 12:28 PM, Jan Benadik <jan.benadik at atos.net> wrote:

Maybe there is other reason ...
I have this issue if my images are created by setting "source", not "path" (if you understand what I mean). If a new image is created by providing "path", everything works well after that.

Maybe the same issue has Michael.

Michael - can you confirm it?

Jan

Dňa 23.07.2012 11:57, Carlos Martín Sánchez wrote / napísal(a):

Hi Michael and Jan, 

 

I've been trying to reproduce your problem, and everything works fine for me. Maybe this is a documentation problem, and some concepts are not as clear as we thought.

 

Each resource has an owner and group, and permissions for each of them. The permissions are set with the chown command, and are quite similar to the unix file permissions [1]. By default, resources are created with 600, or

 

PERMISSIONS                                                                     

OWNER          : um-                 

GROUP          : ---                 

OTHER          : ---   

 

If you create a vnet as oneadmin, and want all the users to be able to use it in their VMs, simply execute 'onevnet chmod <id> 604', to set USE permissions for OTHER. Similarly, if you want to make a VNet available to its group, then execture chmod <id> 640.

 

 

Regards

 

[1] http://opennebula.org/documentation:rel3.6:chmod

 


--
Carlos Mart�n, MSc 


Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization 

www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula <http://twitter.com/opennebula> 

 

On Mon, Jul 23, 2012 at 10:40 AM, Jan Benadik <jan.benadik at atos.net> wrote:

Hi all,

from the OpenNebula 3.6 version I have the same problem (no problem in previous version).

Jan

D�a 21.07.2012 11 <tel:21.07.2012%2011> :30, Michael Rebstock wrote / nap�sal(a):

Hello Everybody,

 

I have a problem when trying to use Opennebula with more than one user. I have a virtual network with the owner "oneadmin". When I log in with a self-created user "oneuser" and try to deploy a new virtual machine, there pops up an errormessage, that the user has not the permission to use the network I specified in the Template. When I change the owner of this network to "oneuser", he is able to deploy VMs. From this point on oneadmin isn't able to deploy a VM. 

I also tried to create two different users who are in the same group and set the ownership of the network to this group but this also didn't work. 

 

In the ACL-documentation [0] I found the following: "@106 NET/#47 USE" and I already tried it out -without success.

 

What am I doing wrong? Is it possible to let different users use the same network without making them the owner of the same?

Thanks in advance.

 

Best Regards

Michael

 

[0]  <http://opennebula.org/documentation:archives:rel3.4:manage_acl> http://opennebula.org/documentation:archives:rel3.4:manage_acl

 

_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

 

-- 

J�n Be�adik

Managed Services - Solution Design Architect
+421 46 5151 332 <tel:%2B421%2046%205151%20332> 
+421 903 691 634 <tel:%2B421%20903%20691%20634> 
jan.benadik at atos.net

Vinohradn�cka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________




_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

 

 

-- 

Ján Beňadik
Managed Services - Solution Design Architect
+421 46 5151 332 <tel:%2B421%2046%205151%20332> 
+421 903 691 634 <tel:%2B421%20903%20691%20634> 
jan.benadik at atos.net
Vinohradnícka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________



 

 

-- 

Ján Beňadik

Managed Services - Solution Design Architect
+421 46 5151 332 <tel:%2B421%2046%205151%20332> 
+421 903 691 634 <tel:%2B421%20903%20691%20634> 
jan.benadik at atos.net
Vinohradnícka 6, 971 01 Prievidza
www.sk.atos.net
__________________________________



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120822/c9d90b4c/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120822/c9d90b4c/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120822/c9d90b4c/attachment-0005.gif>


More information about the Users mailing list