[one-users] grant access to sunstone vnc for user's vm
Jaime Melis
jmelis at opennebula.org
Thu Mar 28 13:54:18 PDT 2013
Hi Gary,
thanks for reporting your progress with this issue, I was trying to figure
out how to help you but didn't know how, so I'm glad you figured it out :)
By the way, the funcionality you were looking for is an interesting one.
Would you be interested in creating a feature request in
dev.opennebula.orgdetailing what you would expect by restricting the
config options for
regular users, etc?
cheers,
Jaime
On Thu, Mar 28, 2013 at 4:41 PM, Gary S. Cuozzo <gary at isgsoftware.net>wrote:
> Ok, I figured it out. I traced through the code on the sunstone server
> and also did some debugging on the frontend javascript. I found that when
> I login as the user which doesn't work, the code would blow up when trying
> to get some configuration settings. I then remembered that I had turned
> off config tab in sunstone-plugins.yaml because I wanted to strip the
> interface down for regular users to limit what they can do.
>
> So, I turned that module back on and it's working now. Obviously that is
> a required module. :)
>
> Thanks,
> gary
>
>
> ------------------------------
>
> Did a bit more poking around. Tried all sorts of things with users,
> groups, acl's, no luck & no errors. Gonna see if I can take a look at the
> code and gain any knowledge there. I'm assuming it has to be something
> with my setup as I would expect lots of folks have many users accessing
> guests via websockets/vnc.
>
> Thanks,
> gary
>
>
> ------------------------------
>
> Ok, I looked at this a bit more. I killed the websocket server and
> started a new one via a shell so I can see the output. When I login as my
> main admin user, I can click on a vm and view the vnc console. I see this
> logged by websocket to stdout:
>
> 1: 74.94.xxx.xx: SSL/TLS (wss://) WebSocket connection
> 1: 74.94.xxx.xx: Version hybi-13, base64: 'True'
> 1: 74.94.xxx.xx: Path: '/?token=nafe4fgtywxlqjnrf68m'
> 1: connecting to: vmhost:6146
>
> I then use a separate browser session and login as my regular user. When
> I click the vnc icon, nothing is logged by the websocket server. Sunstone
> GUI reports a startvnc request is made. I see in the sunstone.log file
> this entry:
>
> Thu Mar 28 11:08:13 2013 [I]: 127.0.0.1 - - [28/Mar/2013 11:08:13] "POST
> /vm/245/startvnc HTTP/1.0" 200 48 0.0483
>
> Is there a way I can find out more specifically what happens during the
> /vm/245/startvnc request?
>
> Thanks,
> gary
>
>
>
>
> I am trying to give another user access to the VNC console to their VM in
> sunstone. Here is what I tried:
> * give the user a login using their email address as username & a password
> * create a unique group and add the new user to the group
> * set user/group ownership for image/template/vm to the new user & group
> * set permissions for user & group to "use" for each image/template/vm
>
> When I try to login as the new user, I can see the resources in sunstone.
> The "vnc access" icon for the VM is enabled. I can click it, but nothing
> at all happens. No window pops up, nothing in the log, no error.
>
> Can somebody let me know if I'm doing something wrong and what the proper
> process to give access to a user?
>
> I'm using ONE 3.8.1.
>
> Thanks in advance,
> gary
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130328/4dc280d4/attachment-0002.htm>
More information about the Users
mailing list