2010-07-24 08:23 AM
Hi all, it seems that I've some problems to configure RBAC to use RCU from VSC 2.0.
I had RBAC configured from RCU 3.0 and it was working fine with that version. I've checked on the documentation and it seems that nothing changed but when I try to add a host to RCU part of VSC 2.0 I get an error saying that some role are missing.
It seems something related to some cli-* role missing from my definition. Anyone have the correct RBAC role to put on the storage to make RCU work on VSC 2.0?
2010-07-24 10:10 AM
Some additional APIs have been added for the 3.1 version of RCU. They are found in the IAG.
The additional APIs required to add a controller to RCU 3.1 are these:
2010-07-24 10:34 AM
Thanks for the answer. I've checked back the installation guide for VSC and I can find those api listed in the VSC capabilities:
So should I add the entire VSC user role capability to the capability used by RCU user (we had different user for vsc/rcu/smvi defined on the storage)?
I cannot find those in the documentation. Do you know in what specific role they need to go? create_clones/create_datastore/destroy_datastore/modify_datastore ?) :
To make rcu 3.0 work i had only those roles defined (and i was using all but destroy_datastore role in the rcu user):
Allowed Capabilities: login-http-admin,api-system-get-version,api-system-get-info,api-system-cli,api-license-list-info,cli-ifconfig,api-aggr-list-info,api-volume-list-info,api-lun-list-info,api-lun-map-list-info,api-igroup-list-info,api-ems-autosupport-log,api-file-get-file-info,api-clone-*,api-file-create-directory,api-file-read-file,api-file-delete-file,api-file-write-file,cli-mv,api-file-delete-directory,cli-ndmpd,cli-ndmpcopy,api-useradmin-user-list,api-cf-status,api-snapshot-list-info,api-volume-autosize-get,api-iscsi-session-list-info,api-iscsi-portal-list-info,api-fcp-service-status,api-iscsi-service-status,cli-df,api-snapmirror-get-volume-status,api-quota-report,api-qtree-list,api-system-api-list,api-vfiler-list-info
Allowed Capabilities: api-volume-create,api-volume-set-option,api-volume-autosize-set,api-sis-enable,api-sis-start,api-snapshot-create,api-snapshot-set-reserve,api-volume-clone-create,api-nfs-exportfs-list-rules-2,api-nfs-exportfs-modify-rule-2,api-nfs-exportfs-load-exports,api-igroup-create,api-lun-create-by-size,api-lun-map,api-lun-set-comment,api-igroup-add,cli-qtree,cli-iscsi,api-nfs-exportfs-append-rules-2
Allowed Capabilities: api-volume-offline,api-volume-destroy,api-lun-offline,api-lun-destroy
Allowed Capabilities: api-volume-size,api-sis-disable,api-sis-stop,api-lun-resize
Thanks for the help