11.8. Managing Power Panel Policies¶
Note
This feature is only supported for Virtuozzo 6 servers.
Virtuozzo Power Panel is a tool allowing individual users to manage their virtual environments through a common web browser. As virtual environment administrators, they have full control over their virtual environments. For example, they can:
start, stop, or restart the virtual environment;
back up and restore the virtual environment;
start, stop, or restart certain services inside the virtual environment;
view the processes currently running in the virtual environment and send signals to them;
view the current resources consumption and resources overusage alerts.
In Virtuozzo Automator, you can configure the rights users will have in respect of their virtual environments by creating policies. A policy is a set of rules that prohibits users from accessing certain functionality in Virtuozzo Power Panel or sets limitations on performing certain operations in the virtual environment context. For example, you can create a policy that will enable the user to create no more than two backups of their virtual environment or completely hide the backup functionality from the user in Power Panel.
Policies can be set on three levels:
Global level. The policies applied on this level have effect on all virtual environments that reside on all physical servers registered in Virtuozzo Automator. You can manage policies on the global level by following the Manage Infrastructure > Global Policies link on the Infrastructure toolbar.
Physical server level. The policies applied on this level have effect on all virtual environments residing on a particular physical server. You can manage policies on the physical server level by following the Manage > Power Panel Policies link on the physical server toolbar.
Virtual environment level. The policies applied on this level have effect on particular virtual environments. You can manage policies on the virtual environment level by following the Manage > Power Panel Policies link on the virtual environment toolbar.
11.8.1. Managing Policies¶
On the Policies screen, you can manage the policies currently existing in Virtuozzo Automator on three levels: the global level, the physical server level, and the virtual environment level. You can perform the following operations on each level:
Operation |
Global Level |
Physical Server Level |
Virtual Environment Level |
---|---|---|---|
Viewing policies |
View the policies in the Assigned Policies table that are currently applied to all virtual environments residing on all physical servers registered in VA Control Center. |
View the policies in the Assigned Policies table that are currently applied to all virtual environments residing on the given physical server. |
View the policies in the Assigned Policies table that are currently applied to the given virtual environment. |
Viewing rules |
View the restriction rules included in the policies listed in the Assigned Policies table. These rules have effect on all virtual environments in Virtuozzo Automator. All the restriction rules are displayed in the Effective Policy Rules table. |
View the restriction rules included in the policies listed in the Assigned Policies table. These rules have effect on all virtual environments of the given physical server. All the restriction rules are displayed in the Effective Policy Rules table. |
View the restriction rules included in the policies listed in the Assigned Policies table. These rules have effect on all virtual environments of the given physical server only. All the restriction rules are displayed in the Effective Policy Rules table. |
Adding and removing policies |
Add new polices that will be applied to all virtual environments in Virtuozzo Automator and remove existing ones. To this effect, follow the Manage Assignment link and perform the necessary operation. |
Add new polices that will be applied to all virtual environments of the given physical server and remove existing ones. To this effect, follow the Manage Assignment link and perform the necessary operation. |
Add new polices that will be applied to the given virtual environment and remove existing ones. To this effect, follow the Manage Assignment link and perform the necessary operation. |
11.8.2. Performing Main Operation on Policies¶
The Power Panel Policies screen accessible by clicking Setup > Power Panel Policies on the VA menu allows you to manage your policies in the following way:
view all Power Panel policies currently existing in Virtuozzo Automator in the table,
create a new policy by following the New Policy link above the table,
configure the policy parameters by clicking the name of the corresponding policy in the table,
remove the policies that you do not need any more by selecting the check boxes next to the corresponding policies in the table and clicking the Delete button.
11.8.3. Creating New Policy¶
A policy restricts user access to certain Power Panel functionality and/or set limitations on performing certain operations on the corresponding virtual environment(s) or physical server(s). The New Policy screen can be accessed by clicking New Policy on the Power Panel Policies screen.
To make a new policy, you should perform the following operations:
In the General Settings section, specify a policy name in the Name field. You can also provide brief description for the policy in the Description field.
In the Power Panel Policy Rules section, choose the restriction rules that will comprise the policy. The following rules can be selected:
Rule Name
Description
Backups Management
Deny access to the backup management functionality in Virtuozzo Power Panel. In this case, the user will not be able to create and restore virtual environment backups.
Backup Total Count
Having enabled the Backups Management functionality, you can set a limit on the number of backups the user is allowed to create for their virtual environment.
With the Unlimited option, there is no limitation for backup creation.
With the Limited option, specify the maximum number of allowed backups in the Total field.
Note
At least one backup should be allowed.
Backup Total Size
Set a limit on the maximal size of all created backups for a particular virtual environment. If you select this rule, you will need to specify the desired size in the Total field.
Packages Management
Prohibit the user from managing
rpm
anddeb
packages in the virtual environment context using Virtuozzo Power Panel.Files Management
Prohibit the user from managing the virtual environment files using Virtuozzo Power Panel.
Applications Management
Prohibit the user from managing applications in the virtual environment context using Virtuozzo Power Panel.
Control Panel Management
Prohibit the user from managing the Plesk control panel from Virtuozzo Power Panel. With this restriction turned on, the Control Panels menu item is removed from the Virtuozzo Power Panel.
Note
This rule can be applied to containers only
Click the Save button.
After a while, the newly created policy will be displayed in the table on the Power Panel Policies screen.
To apply any of the policies to a certain virtual environment or physical server, go to the corresponding object and click Manage > Power Panel Policies on its toolbar. You can manage policies on the global level by following the Manage Infrastructure > Global Policies link on the Infrastructure toolbar. On the Policies screen, you will see if any policies have already been applied to this objects and you will be able to apply new policies.
11.8.4. Configuring Policy Parameters¶
The Configure Policy screen allows you to configure the parameters of any policies existing in Virtuozzo Automator. To display this screen, click the name of the policy you wish to edit in the table on the Power Panel Policies screen.
You can configure the policy parameters as follows:
In the General Settings section, you can
modify the name currently assigned to the policy in the Name field;
change the policy description in the Description field.
In the Power Panel Policy Rules section, you can
add new restrictions rules to the policy by selecting the check boxes next to the corresponding rules;
remove any of the restriction rules currently included in the policy by clearing the check box next to the corresponding rules.
When you are ready, click the Save button to save the changes made.
11.8.5. Managing Policy Assignments¶
The Manage Assignment screen allows you to assign new policies to your virtual environments and remove those policies that you do not need any more. This screen is displayed on clicking the Manage Assignment link on the Policies screen.
The Available Policies table displays all the policies that currently exist in Virtuozzo Automator and are not yet assigned to your virtual environments. Depending on the level where a policy will be applied, it will have effect on:
all virtual environments that reside on physical servers registered in Virtuozzo Automator (the global level);
all virtual environments that reside on a particular physical server (the physical server level);
a particular virtual environment (the virtual environment level).
To assign a new policy:
Select the check box next to its name and click the >> button. The policy will appear in the Assigned Policies table.
In the drop-down list box under the policy name, select:
Allow to override on sublevels if you wish to allow policies set on lower levels redefine those assigned on higher levels. If this option is enabled (the default behavior):
the policies set on the physical server and virtual environment levels will be able to redefine those assigned on the global level,
the policies set on the virtual environment level will be able to redefine those assigned on the physical server level.
Force on all sublevels if you wish to forbid redefining policies set on higher levels by those assigned on lower levels.
Click the Save button.
After a while, the policy name will appear in the Assigned Policies table on the Policies screen.
The Assigned Policies table on the Manage Assignment screen lists those policies that are currently assigned to your virtual environments. To remove a policy:
Select the check box next to its name and click the << button. The policy will be moved to the Assigned Policies table.
Click the Save button.