Understanding restricted attrs

feldsam · August 17, 2018, 7:45pm

Hello, I try to understand restricted attrs but I have problem with instantiating VMs from predefined templates.

For ex following template owned by user oneadmin and group oneadmin with use permissions set to owner, group and other.

CONTEXT = [
  NETWORK = "YES",
  SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" ]
CPU = "0.5"
DESCRIPTION = "CentOS 7.5 64bit Minimal"
DISK = [
  IMAGE = "CentOS-7-x86_64-1804",
  IMAGE_UNAME = "feldsam",
  TOTAL_BYTES_SEC = "104857600",
  TOTAL_IOPS_SEC = "2000" ]
GRAPHICS = [
  LISTEN = "0.0.0.0",
  TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUTS_ORDER = ""
LABELS = "Cloud,2000iops"
LOGO = "images/logos/centos.png"
MEMORY = "1024"
MEMORY_UNIT_COST = "MB"
OS = [
  ARCH = "x86_64",
  BOOT = "disk0" ]
SCHED_DS_REQUIREMENTS = "ID=\"0\" | ID=\"110\""
USER_INPUTS = [
  CPU = "M|range-float||0.5..6|0.5",
  MEMORY = "M|range||1024..16384|1024",
  VCPU = "O|range||1..24|1" ]
VCPU = "1"

When I try instantiate VM from this template as normal user I get error User Template includes a restricted attribute USER_INPUTS.. If there are not USER_INPUTS, them I get error about restricted attribute DISK.

What I am doing wrong? Thanks for inputs.

luke.camilleri · August 24, 2018, 8:25am

Hi Kristian, issue seems to be similar to this one:

basically users which are not part of the oneadmin group are restricted from using those attributes (hence the name).

I believe that most probably in your case you have to (comment, ommit) add a # at the beginning of the line in oned.conf (like below so that users which are not in the oneadmin group can use these attributes). If I am not mistaken you also need to restart opennebula service on the front-end:

#VM_RESTRICTED_ATTR = “USER_INPUTS/CPU”
#VM_RESTRICTED_ATTR = “USER_INPUTS/MEMORY”
#VM_RESTRICTED_ATTR = “USER_INPUTS/VCPU”
#VM_RESTRICTED_ATTR = “DISK/SIZE”

Hope this helps

feldsam · August 24, 2018, 8:28am

Hi @luke.camilleri, thank you for reply, I already comment it out, but it is not a solution. I like to have restricted attributes, but in nature, that can be in VM template, but user can not modify them.

I like to understand how opennebula engineers means use of this feature.

Rahul_Sharma · August 12, 2021, 7:33pm

Hi @feldsam ,I am facing the same issue. I am new to the platform.
Could you please help with the solution in case resolved for you.
Thanks in advance.

feldsam · August 12, 2021, 9:37pm

Hi, template should be created by user which is in oneadmin group. Check docs

Rahul_Sharma · August 18, 2021, 11:00am

Thanks @feldsam,
I like to have restricted attributes, that can be in VM template created by user in oneadmin group, but the field should be disabled for user out of that group to modify them.
The field is editable and I am unable to create VM
[one.template.instantiate] User [2] : User Template includes a restricted attribute
too basic, but somehow blocked.

feldsam · August 18, 2021, 1:01pm

Did you check vm template user and group?

Topic		Replies	Views
[one.template.instantiate] User [5] : User Template includes a restricted attribute DISK Community Support	2	1969	October 20, 2017
[SOLVED] Template with fixed CPU/RAM error Community Support	3	657	August 21, 2018
Error about create a template General	1	444	November 18, 2022
4.12 beta and cost_cpu function Community Support	5	314	March 9, 2015
Cannot instantiate VM from template in groupadmin view VM Configuration / Contextualization	0	255	December 17, 2020

Understanding restricted attrs

Related Topics