Virtual Hosting by unprivileged users

Hello Everyone,

I hope you’re doing fine !

Why can’t a standard user, not an admin, deploy a KVM / LXD host?

Thanks in adavance,
Have a nice day,
Best Regards,

actions which could alter the environment, such as deploying a VM, are considered privileged in the MAAS model.

Hello Bill,

Thanks for your answer !

Could you be more specific, what do you mean by alter the environment, which environment ? Which alteration ?
Do you have examples?

Also could you link to some documentation about the MaaS Model?

Thanks in advance,
Have a nice day,
Best Regards,

sadly, we don’t have a good MAAS permissions model.

lemme use my local MAAS to get you some examples.

so here i have a MAAS with a few admins and at least one “User” (Chekov):

i log in as “Archer” who is an admin:

if i select a “Ready” machine (Hood), i can do these things with it (see the pulldown menu):

now i’m going to log out, and log in as user Chekov:

you’ll notice right away, as Chekov, i have no access to Settings:

and i only have access to machines that were not previously allocated to someone else:

note that i can allocate this “Ready” machine to Chekov, and then deploy it:

i realize now that i confused you above. you had said “why can’t a regular user deploy a machine” – i assumed it was already allocated to someone else, my bad. a regular user can deploy an unallocated machine that is in the Ready state, but they can’t even see machines that are allocated to someone else.

that’s what i mean by “not disturbing the environment” – if someone else “owns” a machine for the moment (i.e., has it allocated), a regular user can’t change the state of that machine in any way. we assume that a regular user doesn’t have enough information or privilege to undo what another user is doing. it’s the same as the difference between root and a regular user in UNIX, except that MAAS doesn’t show what’s available and give “permission denied” warnings – it just doesn’t show things to regular users at all.

hope this helps. happy to sketch out a few more scenarios if that will help you, i have a local MAAS and i can play with it at will.

Hello Bill,

Thanks for your answer.
Sorry for that, but we had well understood all that and we’re fine with it.

My question, maybe not well phrased is that when deploying a physical machine an admin can makes it an LXD/KVM host, why not unprivileged users?

Or maybe it just doesn’t work for jammy.

When will 3.2 be avaible for production ?

Thanks in advance,
Best Regards,

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

3.2 is imminent, AFAICT. closer to days than weeks atm.

3.2 has been released.