Tagging a VM that was not provisioned with broker


#1

My team will soon be migrating a number of legacy VMware VMs to a the vCenter that we are using as our “Provider”. We have created roles and groups and when provisioning, all the correct tags apply and successfully control access to the VMs.

My problem is that when I manually tag the imported VMs, my groups are unable to see the new VMs. It isn’t until I click “configuration > set ownership” on the VM, are the desired groups able to see the VMs. I have always understood that the tag was what controlled this access. As long as my group tags and VM tags match up, that is all the access control that I need. Am I wrong? Additionally, the role that I am assigning to my groups is set to “Only User or Group Owned”. Thank you


#2

Hi @Yaemish

I have the same case and I just use ‘vm.group=’ method to set ownership of inventoried VMs. A group is the object from vmdb:

group  = $evm.vmdb('miq_group').where(:group_type => 'user', :name => <group_name>).first
vm.group = group
vm.tag_assign(tag)

Dont forget that if you use tenants the visibility of objects also depend on tenatns of users.


#3

Thank you for all the information! The method that you posted, should I place it in a button or make it a control?

As for tenants, we are using them and I tag the tenants and the group (the group a member of the tenant) with the same tag that I wanted to use for access control on the VMs. Is there anything special that I need to consider based on the information that I provided?


#4

@Yaemish

This method I use through event_handler of ems_auth_valid event. Every time refresh worker start this event occurred and I can assign tag to newly created VMs which have created outside of MIQ and discovered through inventory refresh.

This orphaned vms not have miq_provision association (and service association because I use only services for vm provision)

I use tenants synced from OpenStack projects (cloud_tenants) and I have one to one reloationship tenant->group->tag and I get group of tenant related to cloud_tenant and assign this group to vm and than assign related tag to vm.