fix: simplify PulseMonitor role creation in setup script

Delete and recreate the PulseMonitor role each time instead of trying to modify it. This ensures a clean, predictable state with exactly the permissions needed. Also fixes incorrect pveum command syntax - should be 'role add' not 'role create'. Addresses issue reported by NameLessJedi in #340
2026-05-15 09:49:48 +00:00 · 2025-08-22 14:56:03 +00:00 · 2025-08-22 14:56:03 +00:00 · e8e06d6d20
commit e8e06d6d20
parent fc3e6c1381
2 changed files with 6 additions and 5 deletions
--- a/frontend-modern/src/components/Settings/NodeModal.tsx
+++ b/frontend-modern/src/components/Settings/NodeModal.tsx
@ -708,7 +708,7 @@ export const NodeModal: Component<NodeModalProps> = (props) => {
                                  <div class="relative bg-white dark:bg-gray-800 rounded-md p-2 font-mono text-xs mb-1">
                                    <button type="button"
                                      onClick={async () => {
-                                        const cmd = 'pveum aclmod / -user pulse-monitor@pam -role PVEAuditor && pveum role create PulseMonitor -privs VM.Monitor 2>/dev/null; pveum aclmod / -user pulse-monitor@pam -role PulseMonitor';
+                                        const cmd = 'pveum aclmod / -user pulse-monitor@pam -role PVEAuditor && pveum role delete PulseMonitor 2>/dev/null; pveum role add PulseMonitor -privs VM.Monitor && pveum aclmod / -user pulse-monitor@pam -role PulseMonitor';
                                        if (await copyToClipboard(cmd)) {
                                          showSuccess('Command copied!');
                                        }
@ -721,7 +721,7 @@ export const NodeModal: Component<NodeModalProps> = (props) => {
                                        <path d="M5 15H4a2 2 0 01-2-2V4a2 2 0 012-2h9a2 2 0 012 2v1"></path>
                                      </svg>
                                    </button>
-                                    <code class="text-gray-800 dark:text-gray-200 whitespace-pre-line">{'pveum aclmod / -user pulse-monitor@pam -role PVEAuditor\npveum role create PulseMonitor -privs VM.Monitor 2>/dev/null\npveum aclmod / -user pulse-monitor@pam -role PulseMonitor'}</code>
+                                    <code class="text-gray-800 dark:text-gray-200 whitespace-pre-line">{'pveum aclmod / -user pulse-monitor@pam -role PVEAuditor\npveum role delete PulseMonitor 2>/dev/null\npveum role add PulseMonitor -privs VM.Monitor\npveum aclmod / -user pulse-monitor@pam -role PulseMonitor'}</code>
                                  </div>
                                  <div class="relative bg-white dark:bg-gray-800 rounded-md p-2 font-mono text-xs">
                                    <button type="button"
--- a/internal/api/config_handlers.go
+++ b/internal/api/config_handlers.go
@ -2132,9 +2132,10 @@ fi
 echo "Setting up permissions..."
 pveum aclmod / -user pulse-monitor@pam -role PVEAuditor%s

-# Add VM.Monitor permission for guest agent access (disk usage monitoring)
-echo "Adding VM.Monitor permission for guest agent access..."
-pveum role create PulseMonitor -privs VM.Monitor 2>/dev/null || true
+# Create PulseMonitor role with VM.Monitor permission (remove old one if exists)
+echo "Setting up PulseMonitor role for guest agent access..."
+pveum role delete PulseMonitor 2>/dev/null || true
+pveum role add PulseMonitor -privs VM.Monitor
 pveum aclmod / -user pulse-monitor@pam -role PulseMonitor

 echo ""