You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Daan Hoogland <da...@gmail.com> on 2021/12/13 09:16:50 UTC
Re: How to control resource limits when account is linked to LDAP?
Jorge,
It seems like a bug as you describe it, but maybe you are looking at the
wrong figures. When you try to create more resources than the total account
limit, do they still get created? If so, please log a bug at
https://github.com/apache/cloudstack/issues/new/choose
On Mon, Nov 22, 2021 at 8:22 PM Jorge Luiz Correa
<jo...@embrapa.br.invalid> wrote:
> When we have an account UserA with a user UserA inside it, we can see and
> control usage limits configuring the UserA "account".
>
> I'm testing the link accounttoldap feature.
>
> cmk -p admin@www.hpc link accounttoldap account='DomainAdmins'
> accounttype=2 ldapdomain='cn=cs_hpc_domain_admins,ou=grupos,...' type=GROUP
> domainid=$DOMAINUD
> cmk -p admin@www.hpc link accounttoldap account='Users' accounttype=0
> ldapdomain='cn=cs_hpc_users,ou=grupos,...' type=GROUP domainid=$DOMAINUD
>
> So, I got two accounts: DomainAdmins and Users. Each user in
> cs_hpc_domain_admins LDAP group is created as a user inside DomainAdmins
> account and each user in cs_hpc_users is created as a user inside Users
> account.
>
> Both DomainAdmins and Users accounts have resource limits configured (like
> UserA). But, when users create virtual machines these limits don't change!
> I can't define limits to users inside accounts, only to accounts. So, I
> couldn't find a way to limit usage when accounts are linked to LDAP groups.
>
> I was hoping that all the resources created by all the users inside the
> account would be discounted from the limits of the account. But the account
> total usage never changes.
>
> Am I doing something wrong or this is a bug?
>
> CloudStack 4.15.2.0
>
> Tks!
>
> --
> Jorge Luiz Corrêa
> Embrapa Agricultura Digital
>
> echo "CkpvcmdlIEx1aXogQ29ycmVhCkFu
> YWxpc3RhIGRlIFJlZGVzIGUgU2VndXJhbm
> NhCkVtYnJhcGEgQWdyaWN1bHR1cmEgRGln
> aXRhbCAtIE5USQpBdi4gQW5kcmUgVG9zZW
> xsbywgMjA5IChCYXJhbyBHZXJhbGRvKQpD
> RVAgMTMwODMtODg2IC0gQ2FtcGluYXMsIF
> NQClRlbGVmb25lOiAoMTkpIDMyMTEtNTg4
> Mgpqb3JnZS5sLmNvcnJlYUBlbWJyYXBhLm
> JyCgo="|base64 -d
>
> --
> __________________________
> Aviso de confidencialidade
>
> Esta mensagem da
> Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
> federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro
> de 1972, e enviada exclusivamente a seu destinatario e pode conter
> informacoes confidenciais, protegidas por sigilo profissional. Sua
> utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
> Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> emitente, esclarecendo o equivoco.
>
> Confidentiality note
>
> This message from
> Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
> company established under Brazilian law (5.851/72), is directed
> exclusively to its addressee and may contain confidential data,
> protected under professional secrecy rules. Its unauthorized use is
> illegal and may subject the transgressor to the law's penalties. If you
> are not the addressee, please send it back, elucidating the failure.
>
--
Daan
Re: How to control resource limits when account is linked to LDAP?
Posted by Jorge Luiz Correa <jo...@embrapa.br.INVALID>.
Thank you Daan !
I was looking in the wrong place. If I go to Domains, click the account
name and look at Resources everything is being correctly updated.
Tks!!
Em seg., 13 de dez. de 2021 às 06:17, Daan Hoogland <da...@gmail.com>
escreveu:
> Jorge,
> It seems like a bug as you describe it, but maybe you are looking at the
> wrong figures. When you try to create more resources than the total account
> limit, do they still get created? If so, please log a bug at
> https://github.com/apache/cloudstack/issues/new/choose
>
> On Mon, Nov 22, 2021 at 8:22 PM Jorge Luiz Correa
> <jo...@embrapa.br.invalid> wrote:
>
> > When we have an account UserA with a user UserA inside it, we can see and
> > control usage limits configuring the UserA "account".
> >
> > I'm testing the link accounttoldap feature.
> >
> > cmk -p admin@www.hpc link accounttoldap account='DomainAdmins'
> > accounttype=2 ldapdomain='cn=cs_hpc_domain_admins,ou=grupos,...'
> type=GROUP
> > domainid=$DOMAINUD
> > cmk -p admin@www.hpc link accounttoldap account='Users' accounttype=0
> > ldapdomain='cn=cs_hpc_users,ou=grupos,...' type=GROUP domainid=$DOMAINUD
> >
> > So, I got two accounts: DomainAdmins and Users. Each user in
> > cs_hpc_domain_admins LDAP group is created as a user inside DomainAdmins
> > account and each user in cs_hpc_users is created as a user inside Users
> > account.
> >
> > Both DomainAdmins and Users accounts have resource limits configured
> (like
> > UserA). But, when users create virtual machines these limits don't
> change!
> > I can't define limits to users inside accounts, only to accounts. So, I
> > couldn't find a way to limit usage when accounts are linked to LDAP
> groups.
> >
> > I was hoping that all the resources created by all the users inside the
> > account would be discounted from the limits of the account. But the
> account
> > total usage never changes.
> >
> > Am I doing something wrong or this is a bug?
> >
> > CloudStack 4.15.2.0
> >
> > Tks!
> >
> > --
> > Jorge Luiz Corrêa
> > Embrapa Agricultura Digital
> >
> > echo "CkpvcmdlIEx1aXogQ29ycmVhCkFu
> > YWxpc3RhIGRlIFJlZGVzIGUgU2VndXJhbm
> > NhCkVtYnJhcGEgQWdyaWN1bHR1cmEgRGln
> > aXRhbCAtIE5USQpBdi4gQW5kcmUgVG9zZW
> > xsbywgMjA5IChCYXJhbyBHZXJhbGRvKQpD
> > RVAgMTMwODMtODg2IC0gQ2FtcGluYXMsIF
> > NQClRlbGVmb25lOiAoMTkpIDMyMTEtNTg4
> > Mgpqb3JnZS5sLmNvcnJlYUBlbWJyYXBhLm
> > JyCgo="|base64 -d
> >
> > --
> > __________________________
> > Aviso de confidencialidade
> >
> > Esta mensagem da
> > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
> > federal regida pelo disposto na Lei Federal no. 5.851, de 7 de
> dezembro
> > de 1972, e enviada exclusivamente a seu destinatario e pode conter
> > informacoes confidenciais, protegidas por sigilo profissional. Sua
> > utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
> > Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> > emitente, esclarecendo o equivoco.
> >
> > Confidentiality note
> >
> > This message from
> > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
> > company established under Brazilian law (5.851/72), is directed
> > exclusively to its addressee and may contain confidential data,
> > protected under professional secrecy rules. Its unauthorized use is
> > illegal and may subject the transgressor to the law's penalties. If you
> > are not the addressee, please send it back, elucidating the failure.
> >
>
>
> --
> Daan
>
--
__________________________
Aviso de confidencialidade
Esta mensagem da
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro
de 1972, e enviada exclusivamente a seu destinatario e pode conter
informacoes confidenciais, protegidas por sigilo profissional. Sua
utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
emitente, esclarecendo o equivoco.
Confidentiality note
This message from
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
company established under Brazilian law (5.851/72), is directed
exclusively to its addressee and may contain confidential data,
protected under professional secrecy rules. Its unauthorized use is
illegal and may subject the transgressor to the law's penalties. If you
are not the addressee, please send it back, elucidating the failure.