search

kimchi-project / kimchi

An HTML5 management interface for KVM guests
https://github.com/kimchi-project/kimchi/releases/latest
Other
3.11k stars 364 forks source link

users can't create VMs (guests) #976

Open gandalfk7 opened 8 years ago

gandalfk7 commented 8 years ago

Hi, I have a problem when a user tries to create a Guest: When in "Virtualization" --> "Guests" I click "+ Add a Guest" nothing happens. The hover of the button is: "javascript:void(0);", same thing happens with the buttons "Add a Storage" and "Add a Network".

I already tried to add my test user "banana" to the groups

libvirt kvm libvirt-qemu and even root without success (and then I removed banana from the root group).

With the test user "banana" I am able to install a vm via virt-install @without issues, the groups which banana is member are:

groups banana

banana : banana libvirt kvm libvirt-qemu

When the user is assigned a VM, he can do whatever he pleases with it, even delete it, but cannot create a new VM.

With the root user we can do everything without a problem (and it's working wonderfully!).

Our versions:

wok: v2.2.0 gingerbase: v2.2.0 ginger: v2.2.0 kimchi: v2.2.0 debian: 8.5

This issue has been opened following a mail sent to kimchi-users, as suggested by @pvital Thanks! Matteo

pvital commented 8 years ago

Message from @alinefm in ML:

It is working as designed! On Kimchi, only users with root access (sudo ALL) can create virtual machines.

Once the virtual machine is created, you can give an normal user access to it by changing the virtual machine permission configuration. For that, go to Edit virtual machine > Permission tab and add users/groups you want to grant access to manage that specific virtual machine."

pvital commented 8 years ago

Ginger plugin can manager system's users, by creating a new user in one of the following profiles: Regular, Regular (No shell), Virt User and Administrator. The first two profiles, create normal users with no permissions to use/manage virtual machines.

A 'Virt User' user is added to system's kvm group and, in theory, this gives the user the ability to use/manage virtual machines in the system (able to user virsh, virt-install, virt-manager for example). An 'Administrator' user has sudo enabled in the system.

IMO, we can submit an RFC to make 'Virt User's be able to:

  1. create new virtual machines, based in already created templates (templates must be created/edited only by admin users);
  2. use/edit guests which the user was added in permission list.
gandalfk7 commented 8 years ago

the RFC, as proposed, suits perfectly our use case.

I think the best, in term of user permission granularity, would be adding this feature as a choiche for the admin when creating the users. Keep in mind that I am proposing this without knowing the technical efforts needed for this change, and not knowing if it could be implemented as a "checkbox" or if it would need a new user profile.