Bug #502
Authorization problem with networks owned by oneadmin.
Status: | Closed | Start date: | 02/28/2011 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Carlos Martín | % Done: | 0% | |
Category: | - | |||
Target version: | - | |||
Resolution: | invalid | Pull request: | ||
Affected Versions: |
Description
Possible bug report from Shi Jin in the users mailing list:
I have created two vNETs, intranet-office and LAN-1, both created by the oneadmin user (uid=0) and as the document says, any other user can use these vnets, at least in my experience, one VNET per VM.
But I found that if another user wants to deploy a VM with two NICs, both owned by uid=0, then we will get a permission error:
Sat Feb 26 16:51:44 2011 [ReM][E]: [VirtualMachineAllocate] User [6] not authorized to perform CREATE on VM Pool
If I publish any one of the VNET, the dual NIC setup would work again.
Associated revisions
History
#1 Updated by Carlos Martín over 10 years ago
- Status changed from New to Closed
- Resolution set to invalid
Couldn't be reproduced. For the sake of completeness, the templates used are copied below.
If both networks are created as oneadmin, and the vm as a regular user, the creation will be rejected unless both networks are published (not only one of them, as the bug report said).
$ cat a.vnet NAME = A BRIDGE = br0 TYPE = FIXED LEASES = [ IP = 192.168.0.1 ] $ cat b.vnet NAME = B BRIDGE = br0 TYPE = FIXED LEASES = [ IP = 192.168.0.5 ] $ cat vm.one CPU = 1 NIC = [ NETWORK = "A" ] NIC = [ NETWORK = "B" ]
#2 Updated by Shi Jin over 10 years ago
Actually, my experience is that if any one of the two vnets are public, it would work.
Could you please try to see what happens if both are private and create the VM as a regular user?
Can you show results of "onevnet list/show"?
Thanks.
Shi
#3 Updated by Shi Jin over 10 years ago
Hi there, I did exactly what you said.
[cloudadmin@frontend-dev vnets]$ oneuser list
ID USER PASSWORD
0 cloudadmin 1f58365b36f889c6b570bb715494c67794488047
1 seki f4b5b822681488da1e97ce2a967aa6febc81ecf0
[cloudadmin@frontend-dev vnets]$ onevnet list
ID USER NAME TYPE BRIDGE P #LEASES
0 cloudadm A Fixed br0 N 0
1 cloudadm B Fixed br0 N 0
If I do it as cloudadmin, it it works but it would fail if I am another user:
[cloudadmin@frontend-dev vnets]$ ONE_AUTH=/vrstorm/cloudadmin/.one/one_auth.seki onevm create vm.one
Error: [VirtualMachineAllocate] User [1] not authorized to perform CREATE on VM Pool