1. Proposed title of this feature request New role for users who can export/import vms 3. What is the nature and description of the request? We need users to be able to export VM using the User Portal without the permission "DataCenterAdmin" 4. Why does the customer need this? (List the business requirements here) We have final users and operators that need export/import vms from distinct datacenters. 5. How would the customer like to achieve this? (List the functional requirements here) We need a new role that permits this option 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Yes 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? No 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? No 10. List any affected packages or components. 11. Would the customer be able to assist in testing this functionality if implemented? Yes
Ala, what was the reason for abandoning your patches?
(In reply to Michal Skrivanek from comment #12) > Ala, what was the reason for abandoning your patches? I started working on this RFE as part of the hackathon but then realized that it's not a one week RFE so, at least for now, I am not going to work on it. The patches may still be relevant for those who will work on this one.
why make it complicated? comment #11 as well as previous comments suggest that simply adding permissions is enough. That's what you did, IIUC, so why not merge it?
(In reply to Michal Skrivanek from comment #14) > why make it complicated? comment #11 as well as previous comments suggest > that simply adding permissions is enough. > That's what you did, IIUC, so why not merge it? In this case, merging the changes is the easy part.
Michal - patch https://gerrit.ovirt.org/#/c/41055/ (referenced in the external bugs, merged earlier today) adds a new ADMIN role, VmImproterExporter that allows an admin user to export/import a VM its granted on. If this covers the functional requirement, please move the BZ to MODIFIED. If not, up to you on how to continue with it.
ovirt-3.6.0-3 release
Role 'VmImproterExporter' is missing 'login' permission.
Created attachment 1057737 [details] error import vm User has VmImporterExport on system. Export worked fine. Import don't: 2015-07-30 18:20:16,199 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.GetVmsInfoVDSCommand] (default task-3) [] START, GetVmsInfoVDSCommand( GetVmsInfoVDSCommandParameters:{runAsync='true', storagePoolId='41816623-ced4-4661-84c4-d1a2fca396a8', ignoreFailoverLimit='false', storageDomainId='becdc5d5-b622-4fed-9eb2-d04da484cfeb', vmIdList='null'}), log id: 6a9ce136 2015-07-30 18:20:16,246 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.GetVmsInfoVDSCommand] (default task-3) [] FINISH, GetVmsInfoVDSCommand, log id: 6a9ce136 2015-07-30 18:20:22,064 INFO [org.ovirt.engine.core.bll.ImportVmCommand] (default task-17) [7297c3e6] Lock Acquired to object 'EngineLock:{exclusiveLocks='[vm=<VM_NAME, ACTION_TYPE_FAILED_NAME_ALREADY_USED>, 9c89b6b9-3760-47a9-96a4-5262366de2ed=<VM, ACTION_TYPE_FAILED_VM_IS_BEING_IMPORTED$VmName vm>]', sharedLocks='[de18affc-cbff-42bd-9ced-b7e53f8be288=<REMOTE_VM, ACTION_TYPE_FAILED_VM_IS_BEING_IMPORTED$VmName vm>]'}' 2015-07-30 18:20:22,078 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.GetVmsInfoVDSCommand] (default task-17) [7297c3e6] START, GetVmsInfoVDSCommand( GetVmsInfoVDSCommandParameters:{runAsync='true', storagePoolId='41816623-ced4-4661-84c4-d1a2fca396a8', ignoreFailoverLimit='false', storageDomainId='becdc5d5-b622-4fed-9eb2-d04da484cfeb', vmIdList='null'}), log id: 68245fba 2015-07-30 18:20:22,115 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.GetVmsInfoVDSCommand] (default task-17) [7297c3e6] FINISH, GetVmsInfoVDSCommand, log id: 68245fba 2015-07-30 18:20:22,396 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.DoesImageExistVDSCommand] (default task-17) [7297c3e6] START, DoesImageExistVDSCommand( GetImageInfoVDSCommandParameters:{runAsync='true', storagePoolId='41816623-ced4-4661-84c4-d1a2fca396a8', ignoreFailoverLimit='false', storageDomainId='becdc5d5-b622-4fed-9eb2-d04da484cfeb', imageGroupId='2af451eb-6a65-4902-9016-eea91753db08', imageId='e47c2c29-3b30-436e-85f0-e9c3ed1857a4'}), log id: 66056f1 2015-07-30 18:20:22,441 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.DoesImageExistVDSCommand] (default task-17) [7297c3e6] FINISH, DoesImageExistVDSCommand, return: true, log id: 66056f1 2015-07-30 18:20:22,485 WARN [org.ovirt.engine.core.bll.ImportVmCommand] (default task-17) [] CanDoAction of action 'ImportVm' failed for user user1@PROFILE. Reasons: VAR__ACTION__IMPORT,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_ATTACH_DISK_PROFILE 2015-07-30 18:20:22,486 INFO [org.ovirt.engine.core.bll.ImportVmCommand] (default task-17) [] Lock freed to object 'EngineLock:{exclusiveLocks='[vm=<VM_NAME, ACTION_TYPE_FAILED_NAME_ALREADY_USED>, 9c89b6b9-3760-47a9-96a4-5262366de2ed=<VM, ACTION_TYPE_FAILED_VM_IS_BEING_IMPORTED$VmName vm>]', sharedLocks='[de18affc-cbff-42bd-9ced-b7e53f8be288=<REMOTE_VM, ACTION_TYPE_FAILED_VM_IS_BEING_IMPORTED$VmName vm>]'}'
It seems to be failing on a permission to attach a disk profile. I have to admit I'm unclear on what disk profiles have to do with importing. Roy - can someone from your team take a look please?
(In reply to Ondra Machacek from comment #25) One must have permissions to use a disk profile. There should be always one profile which is allowed to everyone thought (also called 'default profile') The import is no different from Add/Update VM in that sense - A cando action will prevent you from using a profile you don't have permission to. The business case behind this is to prevent users from opt-in to QoS which will take resources you don't want to give them. I'd except the UI filter out profiles which you don't have permissions to. Can you confirm that?
Sorry for late reply. I didn't created any new DiskProfiles, nor delete any, just using default setup. I can see the default profile, which is named same as the storage domain is. In the import domain dialog there is no option to choose the disk_profile.
Please open a bug on this feature and block the feature, but don't fail it.
It needs to be tracked separately.
Ala, please add doc text
Doc Text: A new user role 'VmImporterExporter' is now available. The role allows users to export and import virtual machines using the User Portal. The 'DataCenterAdmin' permission is no longer required for performing such actions. Julie it is not possible in UserPortal only webadmin.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0376.html