Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 928410

Summary: template disk provisioning not working from one storage domain to another
Product: [Retired] oVirt Reporter: DHC <deadhorseconsulting>
Component: ovirt-engine-userportalAssignee: Daniel Erez <derez>
Status: CLOSED UPSTREAM QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: acathrow, amureini, derez, dyasny, ecohen, iheim, ykaul
Target Milestone: ---   
Target Release: 3.3.4   
Hardware: x86_64   
OS: Linux   
Whiteboard: storage
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 953890 (view as bug list) Environment:
Last Closed: 2013-04-19 12:51:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 953890    

Description DHC 2013-03-27 15:16:39 UTC 
Description of problem:
User cannot create a VM from template that is stored in another storage domain other than the one they have Poweruser permissions to. The pulldown for destination storage domain is empty even if they have proper permissions to their own storage domain where the cloned disk should end up.

On the surface this literally seems as simple as a lack of Read-Only access to the template image when requesting to clone it from the template on the storage domain wherein the user cloning from the template has no permissions.

Version-Release number of selected component (if applicable):
Master

How reproducible:
100%

Steps to Reproduce:
A cluster with a user A assigned poweruser role permissions on the cluster.
- User A is assigned poweruser role permissions to storage domain A
- User A is a consumer of quota A which is assigned to specific storage domain A

A cluster with a user B assigned poweruser role permissions on the cluster.
- User B is assigned poweruser role permissions to storage domain B
- User B is a consumer of quota B which is assigned to specific storage domain B

User A creates a VM and makes it a template of it with permissions of everyone as UserTemplateBasedVM.

User B tries to create a VM based on the template that User A created. While the base VM profile can be created the storage provisioning encounters an issue.

Via Template provisioning option with the thin provision option will fail due to the fact that User B does not have proper permissions to User A's storage domain. The symptom of this expected failure is the target storage domain pull-down is empty. (It really should show something or be greyed out rather than just be blank at least some sort of user notification).

The real issue here is with the clone provisioning option. The idea here is to be to clone a copy of the template disks into User B's storage domain as a target where User B has poweruser role permissions. The problem here is that this fails just like the above thin provision which should not be the case. The target pulldown still blank it should by default show the target storage domain to which User B has permissions to that being Storage domain B.

Further debugging yields that by assigning UserTemplateVM permissions to User A's storage domain allows User B to use either of the options above although the only one really desired is the clone option since we don't want User B creating VM's in User A's storage domain. There still however was an issue upon selecting clone and selecting Storage domain B as the target the VM is  created but the disk is created in Storage domain A instead of storage domain B.
  
Actual results:
User cannot see a destination storage domain to provision/clone template disk to even if they permissions to do so.

Expected results:
User can clone VM/Disk from a template stored in another storage domain into their own storage domain where they do have permisions. This should even be the case where they do not have permissions to the storage domain where template is stored but wherein the template has Everyone read permissions (EG: everyone should be able to create VM from it.

Additional info:
Comment 1 DHC 2013-04-18 15:52:22 UTC 
Verfied fixed in latest master
- DHC