Creating System Owners
Before creating any system owner accounts for Cloudmin Services clients, you should read the general documentation on system owners , which explains how they can be added and managed.
For service creation purposes, it is not necessary for an owner to actually be able to manage or create any systems. However, if your Cloudmin server is managing virtual systems that belong to an owner, it makes sense for the same account to be used for service creation as well.
When creating or editing an owner, make sure that in the Limits and restrictions section, the Allowed operations field has at least the Call remote API box checked. Without this it will be impossible for Virtualmin on a client system to connect to the Cloudmin master to request the provisioning of features. This operation can also be granted at the plan level, which makes it available to owners on that plan.
System owners must also be granted permissions to provision features up to some limits, which are set in the Additional limits and capabilities section of the Edit System Owner page. This section also lists all features that have been created for that owner, and shows which host systems they have been created on. Once a limit is hit, requests from clients to create additional features of the limited type will fail.
Plans and Service Limits
Limits on features to create can also be set at the plan level, at Cloudmin Settings -> Account Plans. When creating or editing a plan, these are set in the Additional owner limits and capabilities section. However, these will only apply to system owners who have the Use services limits from plan? option set - otherwise, their individual limits will apply.
Setting Services Limits Via the API
Cloudmin has commands that can be run as root
from the shell on the master system to create and modify system owners, documented on the owners API page.
When the Cloudmin Services plugin is installed, the modify-owner
and create-owner
commands gain additional flags to set services limits. For example, you could set the number of allowed DNS zones with a command like :
cloudmin modify-owner --name bob --max-provision-dns 77
To control if an owner inherits services limits from a plan, use the --provision-from-plan
flag followed by either true
or false
.
To see the full list of available flags, run :
cloudmin modify-owner --help
To remove access to a Cloudmin Services feature, just set the limit to 0.
This same flags can be used when the API is called remotely via HTTP, but as URL parameters.
Shell and remote API commands to create and modify plans also accept the same flags, and will apply the specified limits to system owners on the plan being changed.