Milestone 6.1 Storage Roles - zacharylongo/Tech-Journals GitHub Wiki

NFS Setup

  • In Vsphere: right click your domain for the drop down menu and select ("Storage" ---> "New Datastore")

image

image

image

  • Remember to click add in the next step

  • Do not use Kerberos authentication

image

  • After this, navigate to the "files" tab.

  • Create a simple txt file on your machine

  • Back to the "files" tab, select the "Upload Files" option.

Creating VM on NFS Datastore:

  • Utilize the same process as earlier to create another datastore:

image

image

image

  • In the VM's tab, create a new VM from template

  • When selecting storage, make sure to select your newly created VM NFS.

image

RBAC setup and demo

  • Create an rbac folder (domain tab in Vsphere)

image

  • Create folders for users Alice, Bob, & Charlie

  • Use the following commands to create the associated users on your AD machine:

New-ADGroup -Name "sys350-power-user" -SamAccountName sys350-power-user -GroupCategory Security -GroupScope Global -DisplayName "sys350-power-user" -Path "OU=Accounts,OU=350,DC=zach,DC=local" -Description "sys350-power-user"

New-ADGroup -Name "sys350-restricted-user" -SamAccountName sys350-restricted-user -GroupCategory Security -GroupScope Global -DisplayName "sys350-restricted-user" -Path "OU=Accounts,OU=350,DC=zachDC=local" -Description "sys350-restricted-user"

New-ADUser -Name alice -AccountPassword $password -Passwordneverexpires $true -Enabled $true -Path "OU=Accounts,OU=350,DC=zach,DC=local"
$password = Read-Host -AsSecureString

New-ADUser -Name bob -AccountPassword $password -Passwordneverexpires $true -Enabled $true -Path "OU=Accounts,OU=350,DC=zach,DC=local"
$password = Read-Host -AsSecureString

New-ADUser -Name charlie -AccountPassword $password -Passwordneverexpires $true -Enabled $true -Path "OU=Accounts,OU=350,DC=zach,DC=local"
$restricted = @("bob","charlie")
Add-ADGroupMember -Identity "sys350-power-user" -Members alice
Add-ADGroupMember -Identity "sys350-restricted-user" -Members $restricted
  • On your newly created "Alice" folder, click the add permission tab:

image

  • Make sure to correctly input your domain *

image

  • After this, move a VM into the folder. You should be able to login as Alice.

  • Create a shared-vms folder if you haven't already (Using the same config as before) Drop a VM in the aforementioned folder.

  • Bob should not be able to take snapshots as he is a restricted user.