[one-users] grant access to sunstone vnc for user's vm

Thu Mar 28 13:54:18 PDT 2013

Hi Gary,

thanks for reporting your progress with this issue, I was trying to figure
out how to help you but didn't know how, so I'm glad you figured it out :)

By the way, the funcionality you were looking for is an interesting one.
Would you be interested in creating a feature request in
dev.opennebula.orgdetailing what you would expect by restricting the
config options for
regular users, etc?

cheers,
Jaime

On Thu, Mar 28, 2013 at 4:41 PM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:

> Ok, I figured it out.  I traced through the code on the sunstone server
> and also did some debugging on the frontend javascript.  I found that when
> I login as the user which doesn't work, the code would blow up when trying
> to get some configuration settings.  I then remembered that I had turned
> off config tab in sunstone-plugins.yaml because I wanted to strip the
> interface down for regular users to limit what they can do.
>
> So, I turned that module back on and it's working now.  Obviously that is
> a required module.  :)
>
> Thanks,
> gary
>
>
> ------------------------------
>
> Did a bit more poking around.  Tried all sorts of things with users,
> groups, acl's, no luck & no errors.  Gonna see if I can take a look at the
> code and gain any knowledge there.  I'm assuming it has to be something
> with my setup as I would expect lots of folks have many users accessing
> guests via websockets/vnc.
>
> Thanks,
> gary
>
>
> ------------------------------
>
> Ok, I looked at this a bit more.  I killed the websocket server and
> started a new one via a shell so I can see the output.  When I login as my
> main admin user, I can click on a vm and view the vnc console.  I see this
> logged by websocket to stdout:
>
>   1: 74.94.xxx.xx: SSL/TLS (wss://) WebSocket connection
>   1: 74.94.xxx.xx: Version hybi-13, base64: 'True'
>   1: 74.94.xxx.xx: Path: '/?token=nafe4fgtywxlqjnrf68m'
>   1: connecting to: vmhost:6146
>
> I then use a separate browser session and login as my regular user.  When
> I click the vnc icon, nothing is logged by the websocket server.  Sunstone
> GUI reports a startvnc request is made.  I see in the sunstone.log file
> this entry:
>
>   Thu Mar 28 11:08:13 2013 [I]: 127.0.0.1 - - [28/Mar/2013 11:08:13] "POST
> /vm/245/startvnc HTTP/1.0" 200 48 0.0483
>
> Is there a way I can find out more specifically what happens during the
> /vm/245/startvnc request?
>
> Thanks,
> gary
>
>
>
>
> I am trying to give another user access to the VNC console to their VM in
> sunstone.  Here is what I tried:
> * give the user a login using their email address as username & a password
> * create a unique group and add the new user to the group
> * set user/group ownership for image/template/vm to the new user & group
> * set permissions for user & group to "use" for each image/template/vm
>
> When I try to login as the new user, I can see the resources in sunstone.
> The "vnc access" icon for the VM is enabled.  I can click it, but nothing
> at all happens.  No window pops up, nothing in the log, no error.
>
> Can somebody let me know if I'm doing something wrong and what the proper
> process to give access to a user?
>
> I'm using ONE 3.8.1.
>
> Thanks in advance,
> gary
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>

-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130328/4dc280d4/attachment-0002.htm>