[one-users] grant access to sunstone vnc for user's vm
Gary S. Cuozzo
gary at isgsoftware.net
Tue Apr 2 07:27:05 PDT 2013
Sorry for the delay, I have created new feature request here:
http://dev.opennebula.org/issues/1857
Let me know if it needs any further clarification.
Thanks!
gary
----- Original Message -----
Hi Gary,
thanks for reporting your progress with this issue, I was trying to figure out how to help you but didn't know how, so I'm glad you figured it out :)
By the way, the funcionality you were looking for is an interesting one. Would you be interested in creating a feature request in dev.opennebula.org detailing what you would expect by restricting the config options for regular users, etc?
cheers,
Jaime
On Thu, Mar 28, 2013 at 4:41 PM, Gary S. Cuozzo < gary at isgsoftware.net > wrote:
Ok, I figured it out. I traced through the code on the sunstone server and also did some debugging on the frontend javascript. I found that when I login as the user which doesn't work, the code would blow up when trying to get some configuration settings. I then remembered that I had turned off config tab in sunstone-plugins.yaml because I wanted to strip the interface down for regular users to limit what they can do.
So, I turned that module back on and it's working now. Obviously that is a required module. :)
Thanks,
gary
Did a bit more poking around. Tried all sorts of things with users, groups, acl's, no luck & no errors. Gonna see if I can take a look at the code and gain any knowledge there. I'm assuming it has to be something with my setup as I would expect lots of folks have many users accessing guests via websockets/vnc.
Thanks,
gary
Ok, I looked at this a bit more. I killed the websocket server and started a new one via a shell so I can see the output. When I login as my main admin user, I can click on a vm and view the vnc console. I see this logged by websocket to stdout:
1: 74.94.xxx.xx: SSL/TLS (wss://) WebSocket connection
1: 74.94.xxx.xx: Version hybi-13, base64: 'True'
1: 74.94.xxx.xx: Path: '/?token=nafe4fgtywxlqjnrf68m'
1: connecting to: vmhost:6146
I then use a separate browser session and login as my regular user. When I click the vnc icon, nothing is logged by the websocket server. Sunstone GUI reports a startvnc request is made. I see in the sunstone.log file this entry:
Thu Mar 28 11:08:13 2013 [I]: 127.0.0.1 - - [28/Mar/2013 11:08:13] "POST /vm/245/startvnc HTTP/1.0" 200 48 0.0483
Is there a way I can find out more specifically what happens during the /vm/245/startvnc request?
Thanks,
gary
<blockquote>
I am trying to give another user access to the VNC console to their VM in sunstone. Here is what I tried:
* give the user a login using their email address as username & a password
* create a unique group and add the new user to the group
* set user/group ownership for image/template/vm to the new user & group
* set permissions for user & group to "use" for each image/template/vm
When I try to login as the new user, I can see the resources in sunstone. The "vnc access" icon for the VM is enabled. I can click it, but nothing at all happens. No window pops up, nothing in the log, no error.
Can somebody let me know if I'm doing something wrong and what the proper process to give access to a user?
I'm using ONE 3.8.1.
Thanks in advance,
gary
_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
</blockquote>
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130402/2327eed7/attachment-0001.htm>
More information about the Users
mailing list