Bug #502

Authorization problem with networks owned by oneadmin.

Added by Carlos Martín over 10 years ago. Updated over 10 years ago.

Status:ClosedStart date:02/28/2011
Priority:NormalDue date:
Assignee:Carlos Martín% Done:

0%

Category:-
Target version:-
Resolution:invalid Pull request:
Affected Versions:

Description

Possible bug report from Shi Jin in the users mailing list:

I have created two vNETs, intranet-office and LAN-1, both created by the oneadmin user (uid=0) and as the document says, any other user can use these vnets, at least in my experience, one VNET per VM.

But I found that if another user wants to deploy a VM with two NICs, both owned by uid=0, then we will get a permission error:

Sat Feb 26 16:51:44 2011 [ReM][E]: [VirtualMachineAllocate] User [6] not authorized to perform CREATE on VM Pool

If I publish any one of the VNET, the dual NIC setup would work again.

Associated revisions

Revision b759ecc5
Added by Abel Coronado over 3 years ago

B #5408 (#502)

  • B #5408: VMGroup datatable show configurable (instantiate VM)
  • B #5408: VNet datatable show configurable (instantiate VM)
  • B #5408: Hide VMGroup when its disabled from .yaml
  • B #5408: Updated all .yamls

Revision 51c0a824
Added by Abel Coronado over 3 years ago

B #5408 (#502)

  • B #5408: VMGroup datatable show configurable (instantiate VM)
  • B #5408: VNet datatable show configurable (instantiate VM)
  • B #5408: Hide VMGroup when its disabled from .yaml
  • B #5408: Updated all .yamls

(cherry picked from commit b759ecc5182ad2f8eec6de35596d4839500bbb45)

History

#1 Updated by Carlos Martín over 10 years ago

  • Status changed from New to Closed
  • Resolution set to invalid

Couldn't be reproduced. For the sake of completeness, the templates used are copied below.
If both networks are created as oneadmin, and the vm as a regular user, the creation will be rejected unless both networks are published (not only one of them, as the bug report said).

$ cat a.vnet 
NAME = A
BRIDGE = br0
TYPE = FIXED
LEASES = [ IP = 192.168.0.1 ]

$ cat b.vnet 
NAME = B
BRIDGE = br0
TYPE = FIXED
LEASES = [ IP = 192.168.0.5 ]

$ cat vm.one 
CPU = 1
NIC = [ NETWORK = "A" ]
NIC = [ NETWORK = "B" ]

#2 Updated by Shi Jin over 10 years ago

Actually, my experience is that if any one of the two vnets are public, it would work.
Could you please try to see what happens if both are private and create the VM as a regular user?
Can you show results of "onevnet list/show"?
Thanks.
Shi

#3 Updated by Shi Jin over 10 years ago

Hi there, I did exactly what you said.

[cloudadmin@frontend-dev vnets]$ oneuser list
ID USER PASSWORD
0 cloudadmin 1f58365b36f889c6b570bb715494c67794488047
1 seki f4b5b822681488da1e97ce2a967aa6febc81ecf0
[cloudadmin@frontend-dev vnets]$ onevnet list
ID USER NAME TYPE BRIDGE P #LEASES
0 cloudadm A Fixed br0 N 0
1 cloudadm B Fixed br0 N 0

If I do it as cloudadmin, it it works but it would fail if I am another user:

[cloudadmin@frontend-dev vnets]$ ONE_AUTH=/vrstorm/cloudadmin/.one/one_auth.seki onevm create vm.one
Error: [VirtualMachineAllocate] User [1] not authorized to perform CREATE on VM Pool

Also available in: Atom PDF