XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to protect a VM and Disks from accidental exclusion

    Scheduled Pinned Locked Moved XCP-ng
    7 Posts 4 Posters 89 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dfrizonD Offline
      dfrizon
      last edited by

      Hello everyone!

      We want to protect some VMs and associated disks from being deleted (acidental or proposal). The command below protects the VM from being deleted but not the associated disks:

      xe vm-param-set uuid=<UUID_OF_THE_VM> blocked-operations:destroy=true

      What parameter is missing to be included?

      Thanks!!

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        DustinB @dfrizon
        last edited by

        @dfrizon said in How to protect a VM and Disks from accidental exclusion:

        Hello everyone!

        We want to protect some VMs and associated disks from being deleted (acidental or proposal). The command below protects the VM from being deleted but not the associated disks:

        xe vm-param-set uuid=<UUID_OF_THE_VM> blocked-operations:destroy=true

        What parameter is missing to be included?

        Thanks!!

        Within XO this is very straight-forward. Under the VM's advanced details tab

        00ab4048-65c0-4193-ab4f-d7c57f3f7a03-image.png

        dfrizonD 1 Reply Last reply Reply Quote 0
        • dfrizonD Offline
          dfrizon @DustinB
          last edited by

          @DustinB Thanks for the quick answer, but the problem is "how to protect the DISKS from accidental exclusion". The VM protection is ok, but if you go to the disks tab you can delete de disk, that is worst that delete a VM...

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Offline
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by

            You have a confirmation modal when you try to remove a drive. Can you describe more your use case, functionally speaking?

            dfrizonD 1 Reply Last reply Reply Quote 0
            • A Offline
              acebmxer
              last edited by

              While the system prevents you from deleting as VM's disk while the vm is running. There is nothing to stop you from deleteing a disk to a vm that is powered off.

              The check box under advance for the vm just protects the VM itself but not the disk seperatatly.

              I guess they have some staff that like to clean up things that should be left alone... thats my take.

              1 Reply Last reply Reply Quote 0
              • dfrizonD Offline
                dfrizon @olivierlambert
                last edited by

                @olivierlambert The idea is to block the VM and exclusion disks even by root itself, and make it possible only via command line in the console. That's why I started the post by mentioning the command...
                We dream of the day when MFA authentication will be required to delete a VM...

                D 1 Reply Last reply Reply Quote 0
                • D Offline
                  DustinB @dfrizon
                  last edited by

                  @dfrizon said in How to protect a VM and Disks from accidental exclusion:

                  @olivierlambert The idea is to block the VM and exclusion disks even by root itself, and make it possible only via command line in the console. That's why I started the post by mentioning the command...
                  We dream of the day when MFA authentication will be required to delete a VM...

                  How would you prevent the root account from taking action..... that is the absolute opposite permission set of root, as if there is an account with even more permissions than root.

                  You can use permission sets and move your team who are deleting powered off VM's that are protected from accidental deletion into a group that doesn't have the permission to delete VMs, at the same time, remove their permissions from deleting items from your SR.

                  I think that would solve your problem, and doesn't cause any logical permission issues like above.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post