cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sailaja Mada (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-5030) [Doc] Document the Procedure to create custom role in vCenter for CloudPlatform
Date Mon, 04 Nov 2013 06:45:37 GMT
Sailaja Mada created CLOUDSTACK-5030:
----------------------------------------

             Summary: [Doc] Document the Procedure to create custom role in vCenter for CloudPlatform
                 Key: CLOUDSTACK-5030
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5030
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Doc
    Affects Versions: 4.2.1
            Reporter: Sailaja Mada


Steps:

Procedure to create custom role in vCenter for CloudPlatform is described below:

Requirement

Elaborate minimal permissions required for a user account to be used by CloudPlatform.
Back ground

To manage VMware deployments, CloudPlatform need permissions for the role to manage infrastructure
resources as the minimal i.e,

    Manage cluster/host
    Manage datastore/disks/files
    Manage port groups
    Manage dvPort groups
    Manage templates
    Import appliance
    Export a template
    Manage VM
    Manage snapshot of VM
    Manage custom field

Solution

Hence the idea is to create a role with above required minimal permissions and assign this
custom role to the user designated to be used by CloudPlatform.

For more robust implementation of this, the permissions could be divided into 2 roles where
as each role (mapped with a user) is added to relevant object in vCenter infrastructure.

    Global role
        This is for custom attribute management - User with this role would be added to vCenter
object WITHOUT propagation to child objects.
    Datacenter role
        This is for datacenter management - User with this role would be added to each of
Datacenter object, WITH propagation to child objects, to be managed by this user.

 

Detailed list of granualar permissions to be added to the global role to be used for CloudPlatform
is below.

    Global.Manage custom attributes
    Global.set custom attributes 

Detailed list of granualar permissions to be added to the datacentre role to be used for CloudPlatform
is below. 

    Datastore.AllocateSpace
    Datastore.Browse
    Datastore.Configure
    Datastore.Remove file
    Datastore.FileManagement (Low level file operations and Update virtual machine files)

    dvPort group.Create

    dvPort group.Modify

    dvPort group.Policy
    dvPort group.Delete

    Folder.Create folder 
    Folder.Delete folder

    Network.Assign

    Network.Configure
    Network.Remove
    Resource.HotMigrate (Migrate powered on vm)
    Resource.ColdMigrate (Migrate powered off vm)

    Resource.Assign virtualmachine to resource pool

    Resource.Assign vApp to resource pool

    Sessions.Validatesession
    Host.Configuration.Connection
    Host.Configuration.Security profile and firewall
    Host.Configuration.Maintenance
    Host.Configuration.Storage partition configuration
    Host.Configuration.SystemManagement
    Host.LocalOperations.Create Virtual Machine
    Host.LocalOperations.Delete Virtual Machine
    Host.LocalOperations.Reconfigure Virtual Machine
    Host.LocalOperations.Relayout Snapshots

    vApp.Export

    vApp.Import
    VirtualMachine.Config.AddExistingDisk
    VirtualMachine.Config.AddNewDisk
    VirtualMachine.Config.AdvancedConfig

    Virtualmachine.Configuration.Add or remove device

    Virtualmachine.Configuration.Change CPU Count

    Virtualmachine.Configuration.Change Resource

    Virtualmachine.Configuration.Extend Disk

    Virtualmachine.Configuration.Memory
    Virtualmachine.Configuration.Modify Device Setting
    Virtualmachine.Configuration.Reload from path
    Virtualmachine.Configuration.Rename

    Virtualmachine.Configuration.Remove disk

    Virtualmachine.Configuration.Set annotation

    Virtualmachine.Configuration.Settings

    Virtualmachine.Interaction.Answer question

    Virtualmachine.Interaction.Power Off

    Virtualmachine.Interaction.Power On
    VirtualMachine.Interaction.Reset

    Virtualmachine.Interaction.VMware Tools install
    VirtualMachine.Inventory.Create (New and from existing)
    VirtualMachine.Inventory.Register
    VirtualMachine.Inventory.Unregister
    VirtualMachine.Inventory.Remove
    VirtualMachine.Inventory.Move

    Virtualmachine.Provisioning.Allow file access
    Virtualmachine.Provisioning.Allow file upload
    Virtualmachine.Provisioning.Allow file download

    Virtualmachine.Provisioning.Mark as template

    Virtualmachine.Provisioning.Clone template

    Virtualmachine.Provisioning.Clone virtualmachine

    Virtualmachine.Provisioning.Deploy template

    Virtualmachine.Provisioning.Create template from virtual machine

    Virtualmachine.Provisioning.Mark as template

    Virtualmachine.State.Create snapshot

    Virtualmachine.State.Remove Snapshot

    Virtualmachine.State.Revert to snapshot

    vSphereDistributedSwitch.Policy operation

    vSphereDistributedSwitch.Port configuration operation
    vSphereDistributedSwitch.Port setting 






--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message