user-id
bg: when you call session.signIn you get the user-id and that id is used to fetch user specific vms.
{
"id": -9007199254740991,
"jsonrpc": "2.0",
"result": {
"id": "f2858952-b02a-403a-98ca-d94e4cdaa57e",
"email": "testirtaza1",
"groups": [],
"permission": "none",
"preferences": {}
}
}
@olivierlambert yes, issue is resolved. Thanks to @MathieuRA and @Danp 
@MathieuRA endpoint is not returning vms created by user but that user have vms and it's shown in XO when login by testirtaza1 user.
you saved my life bro, thank you so much. I got the right way.
@bvitnik we provisioned VLANS with respect to DCs, like VLAN5 in KPK-DC1, VLAN5 in RWP-DC4 and these are private in its nature so we do firewall to route the traffic to the 0.0.0.0. I will be happy to hear more from your side to have better network architecture for this kind of work.
I have two users test.irtaza, testirtaza1 in a resource set named customer. And when login any of the account this is the output of resourceSet.getAll
login via test.irtaza
{
"id": -9007199254740984,
"jsonrpc": "2.0",
"result": [
{
"id": "V7Gr0uoqGwE",
"ipPools": [],
"limits": {
"cpus": {
"usage": 1
},
"disk": {
"usage": 10737418240
},
"memory": {
"usage": 4294967296
},
"vms": {
"usage": 1
}
},
"name": "customer",
"objects": [
"d4515c45-71ca-7675-ea70-0fe0a8f7dbe4-7aa32be8-a06c-4ade-8a1d-49e51e03e9d2",
"d4515c45-71ca-7675-ea70-0fe0a8f7dbe4-09d6b4cc-dd4b-4619-aacb-01576ccd5b0f",
"20e6d987-f8cb-d1b6-2b49-744a87358ae3",
"ca780b00-fd77-4a2a-fbb2-6f2859e6b4a7"
],
"subjects": [
"78f3286b-f4a1-4ba5-80a4-bda4967d47a8"
],
"shareByDefault": false,
"tags": []
}
]
}
login via testirtaza1
{
"id": -9007199254740984,
"jsonrpc": "2.0",
"result": [
{
"id": "V7Gr0uoqGwE",
"ipPools": [],
"limits": {
"cpus": {
"usage": 2
},
"disk": {
"usage": 21474836480
},
"memory": {
"usage": 8589934592
},
"vms": {
"usage": 2
}
},
"name": "customer",
"objects": [
"d4515c45-71ca-7675-ea70-0fe0a8f7dbe4-7aa32be8-a06c-4ade-8a1d-49e51e03e9d2",
"d4515c45-71ca-7675-ea70-0fe0a8f7dbe4-09d6b4cc-dd4b-4619-aacb-01576ccd5b0f",
"20e6d987-f8cb-d1b6-2b49-744a87358ae3",
"ca780b00-fd77-4a2a-fbb2-6f2859e6b4a7"
],
"subjects": [
"78f3286b-f4a1-4ba5-80a4-bda4967d47a8",
"f2858952-b02a-403a-98ca-d94e4cdaa57e"
],
"shareByDefault": false,
"tags": []
}
]
}
is the array of subjects are the users and array of objects are those things which these subjects have access on?
Also
session.signIn method returns the id of user
{
"id": -9007199254740991,
"jsonrpc": "2.0",
"result": {
"id": "f2858952-b02a-403a-98ca-d94e4cdaa57e",
"email": "testirtaza1",
"groups": [],
"permission": "none",
"preferences": {}
}
}
and, acl.getCurrentPermissions method returns those things which belongs to the current loggedIn user?
to call acl.getCurrentPermissions method we have signin by the user credentials(username,password/token)
{
"id": -9007199254740711,
"jsonrpc": "2.0",
"result": {
"58fdee6c-ed56-8a83-31d5-505748165658": {
"view": 1,
"operate": 1,
"administrate": 1
},
"89fd8cc9-6fa1-a7cb-a492-19eefd689631": {
"view": 1,
"operate": 1,
"administrate": 1
}
}
}
means I have to create the user first then store these credentials at my space so that I can call acl.getCurrentPermissions method and get his VM's and then list those vm's to my portal and allow him to manage their vms from my custom built portal? Is my thinking is correct?
@Danp said in User specific data:
currently possible with the REST API.
can we do this using JSON-RPC?
@Danp yes we are testing self service.
Can you elaborate on this? What specific API is the user calling to retrieve this information?
we want to retrieve and perform these > vm list, vm stats, console, actions etc
we do not want to using each user token to access their objects. we want a single point to get the data
@olivierlambert got it, we have to think about it. How anycast will help us to achieve geography based decisions? or glbs or anything based on dns level magic?
@bvitnik we are using VLAN based networking, and it's a big cidr block. also we have handle the case to check available of ip-space in the vlan. like when we assign an ip to the vm via cloud-init at that time we are keeping the record in our side a count. Assume if that VLAN gets a defined threadhold then we assign a new VLAN of PIF and it's handled programmatically to pick a new vlan. Also to clear network part our network connectivity gets properly tested before using it in the production env.
yes we have a large infra deployed. we are planning to expand it. We don't want to use any 3rd party provider that's why we are natively depending on the XO apis.
rn in XO each user can create VMs. When user logged In to the XO he see the list of vms or he uses the token then he fetches the vms via apis. But In my case I want to fetch the vms of other users by using the admin account token.
I have created a resource group in self service and add newly created user to that resource group.
login as test.irtaza : I created a vm in that resource set.
Now I want to fetch the vms of test.irtaza by using the token of admin account.
You are correct that there are no universal rules, and the decision logic should be implemented on top of XO or by using the XO API. My goal is to automatically decide which pool to use for VM creation based on available resources.
For this, I need to consider parameters such as?
This is not what I'm looking for, /users endpoint will give you info about the users but I want to extract the vms of the user by using admin token. If you need more info, I will provide you.
I have multiple DC's in my country based on region. Each dc in the region have xcp-ng running and each xcp-ng have multiple pools and each pool have 64 host attached to it and also storage and network accordingly. Now I want to select the pool so which param should I consider for vm creation?
Storage, RAM, or anything else?
xe pool-list params=uuid,name-label
[{pool1},{pool2},...]
assume pool(n) is having low resources like RAM, Storage then I chose a different pool, to make this decision i have to know those params which help me to pick the pool.
I want to retrieve user data by calling an API using an admin API token for all requests. With this token, I want to fetch data for individual users that I have created on XO.
Token: Admin privileges
Medium: REST APIs
Users: User1, User2
I want to pass the username of the desired user and receive their corresponding data in the response.
@bufanda yes I have checked that feature too. Let me dig further to make it useable for my use case.
@olivierlambert please update once repo are made public.
@olivierlambert said in ACL security issue with ansible:
the REST API.
please start this, happy to contribute for python sdk.