Hi.
There's a simple workflow of using PVE:
We have any users.
And we have one storage 'local' created by default.
Also we have created some VM's and converted them to templates. We have assumed that every user can create VM by creating linked clone from existing template. And each user mustn't see VM's created by other users.
According to this logic, we may create directories (e. g. using usernames: /var/lib/vz/user1, /var/lib/vz/user2 and so on), add them to PVE as Storages and set permissions (e. g. path=/storage/user1 user=user1@pve role=PVEDatastoreAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin and so on). But while creating linked clone we can't select target storage, so linked clone will be created in /var/lib/vz/images directory, where user1 and user2 haven't pemissions. So linked clone creation will fail with permission denied error.
As workaround you can do next steps:
1) Don't create derectories, so all VM's will be in /var/lib/vz/images.
2) Set up next permissions: path=/vms user=user1@pve role=PVEVMAdmin, path=/storage/local user=user1@pve role=PVEDatastoreAdmin, path=/vms user=user2@pve role=PVEVMAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin
3) Create any linked clones. And set up next permissions:
As you can see workaround will be very hard if you have many users and many VMs. Is there any solutions of this problem?
There's a simple workflow of using PVE:
We have any users.
And we have one storage 'local' created by default.
Also we have created some VM's and converted them to templates. We have assumed that every user can create VM by creating linked clone from existing template. And each user mustn't see VM's created by other users.
According to this logic, we may create directories (e. g. using usernames: /var/lib/vz/user1, /var/lib/vz/user2 and so on), add them to PVE as Storages and set permissions (e. g. path=/storage/user1 user=user1@pve role=PVEDatastoreAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin and so on). But while creating linked clone we can't select target storage, so linked clone will be created in /var/lib/vz/images directory, where user1 and user2 haven't pemissions. So linked clone creation will fail with permission denied error.
As workaround you can do next steps:
1) Don't create derectories, so all VM's will be in /var/lib/vz/images.
2) Set up next permissions: path=/vms user=user1@pve role=PVEVMAdmin, path=/storage/local user=user1@pve role=PVEDatastoreAdmin, path=/vms user=user2@pve role=PVEVMAdmin, path=/storage/user2 user=user2@pve role=PVEDatastoreAdmin
3) Create any linked clones. And set up next permissions:
a. path=/vms/101 user=user2@pve role=NoAccess
b. path=/vms/102 user=user1@pve role=NoAccess
(101 is user1 VM's ID, 102 is user2 VM's ID)
b. path=/vms/102 user=user1@pve role=NoAccess
(101 is user1 VM's ID, 102 is user2 VM's ID)
As you can see workaround will be very hard if you have many users and many VMs. Is there any solutions of this problem?