This repository has been archived by the owner on Nov 9, 2020. It is now read-only.
Multitenancy - Unable to create a volume on a datastore which is not default #703
Labels
Milestone
Comments
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Guys,
I have tried the following steps:
Create a tenant with VM's.
vmdkops_admin.py tenant create —name T4 —vm-list photon-new-1
Provide access rights for the tenant on a specific datastore. Here the datastore is "nfs-datastore" with all root privileges.
vmdkops_admin.py tenant access add —name T4 —datastore nfs-datastore —rights create,delete,mount
Tried to create a volume on the datastore.
docker volume create -d=vmdk —name=Vol4@nfsstore-datastore
Step 3, fails with "Error response from daemon: create Vol4@nfsstore-datastore: VolumeDriver.Create: No create privilege"
But I did give full privileges to the datastore. I can see this on admin CLI.
.vmdkops_admin.py tenant access ls --name T4
Datastore Create_volume Delete_volume Mount_volume Max_volume_size Total_size
nfsstore-Pop 1 1 1 0B 0B
When i check the vmdk_ops.log, i can see that its trying to create the VMDK volume on datastore1 which is the default.
Logs can be seen below.
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] get_datastore_name: path=4df30dac-644c9042-b81a-80c16e6cf13a name=['datastore1']
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] Authorize: vm_uuid=420b3e7e-0ca1-b647-a78d-92d372e09a7d
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] Authorize: datastore=datastore1
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] Authorize: cmd=create
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] Authorize: opt={u'fstype': u'ext4'}
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] get tenant vm_uuid=420b3e7e-0ca1-b647-a78d-92d372e09a7d tenant_id=fb612bbb-7c0c-439e-8a2c-299fdd0e4d2f
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [DEBUG ] get_privileges tenant_uuid=fb612bbb-7c0c-439e-8a2c-299fdd0e4d2f datastore=datastore1
11/04/16 19:10:35 447443 [photon-new-1-Tenant100@nfsstore-Pop] [INFO ] executeRequest 'create' completed with ret={u'Error': 'No create privilege'}
So for whatever datastore except the default datastore I want to create the volume on, it fails with "No create privilege". So, the basic reason is that it always checks for the access rights on default datastore which I don't have in this case.
The text was updated successfully, but these errors were encountered: