Authorization problem with networks owned by oneadmin.
|Assignee:||Carlos Martín||% Done:|
Possible bug report from Shi Jin in the users mailing list:
I have created two vNETs, intranet-office and LAN-1, both created by the oneadmin user (uid=0) and as the document says, any other user can use these vnets, at least in my experience, one VNET per VM.
But I found that if another user wants to deploy a VM with two NICs, both owned by uid=0, then we will get a permission error:
Sat Feb 26 16:51:44 2011 [ReM][E]: [VirtualMachineAllocate] User  not authorized to perform CREATE on VM Pool
If I publish any one of the VNET, the dual NIC setup would work again.
#1 Updated by Carlos Martín over 10 years ago
- Status changed from New to Closed
- Resolution set to invalid
Couldn't be reproduced. For the sake of completeness, the templates used are copied below.
If both networks are created as oneadmin, and the vm as a regular user, the creation will be rejected unless both networks are published (not only one of them, as the bug report said).
$ cat a.vnet NAME = A BRIDGE = br0 TYPE = FIXED LEASES = [ IP = 192.168.0.1 ] $ cat b.vnet NAME = B BRIDGE = br0 TYPE = FIXED LEASES = [ IP = 192.168.0.5 ] $ cat vm.one CPU = 1 NIC = [ NETWORK = "A" ] NIC = [ NETWORK = "B" ]
#3 Updated by Shi Jin over 10 years ago
Hi there, I did exactly what you said.
[cloudadmin@frontend-dev vnets]$ oneuser list
ID USER PASSWORD
0 cloudadmin 1f58365b36f889c6b570bb715494c67794488047
1 seki f4b5b822681488da1e97ce2a967aa6febc81ecf0
[cloudadmin@frontend-dev vnets]$ onevnet list
ID USER NAME TYPE BRIDGE P #LEASES
0 cloudadm A Fixed br0 N 0
1 cloudadm B Fixed br0 N 0
If I do it as cloudadmin, it it works but it would fail if I am another user:
[cloudadmin@frontend-dev vnets]$ ONE_AUTH=/vrstorm/cloudadmin/.one/one_auth.seki onevm create vm.one
Error: [VirtualMachineAllocate] User  not authorized to perform CREATE on VM Pool