<p dir="ltr">Excellent! Many thanks. I was looking at cloud-init but haven't had the study time to really dig into it. Your method makes perfect sense to me. I never considered using the first boot process. That really is the key. <br>
Many thanks!!</p>
<div class="gmail_quote">On Nov 2, 2014 9:16 AM, "Amedeo Salvati" <<a href="mailto:amedeo@oscert.net">amedeo@oscert.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jim,<br>
<br>
I use ovirt template and freeipa for authentication, and on template i put a simple script "setup-freeipa-client.sh" to run on first boot, specifically for first boot I use cloud-init functions on ovirt, via web UI or via python sdk, and with cloud-init you can pass **evethings** you need -> new hostname, new ssh keys, new network configurations, new root password, new content on configuration files, or simply executing a new script.<br>
<br>
If you are interested on cloud-init functions on python sdk have a look on a simple script that i wrote for our disaster recovery automation where on function buildYamlFile(line 124-137) by using cloud-init execution program/script, I change our freeipa server (lines 132-136) avoiding sssd timeout on contacting first two production freeipa server.<br>
<br>
<a href="https://github.com/amedeos/ovirt-scripts-dr/blob/master/StartAllVM.py" target="_blank">https://github.com/amedeos/<u></u>ovirt-scripts-dr/blob/master/<u></u>StartAllVM.py</a><br>
<br>
HTH<br>
Amedeo Salvati<br>
<br>
Il 31/10/2014 20:01, <a href="mailto:users-request@ovirt.org" target="_blank">users-request@ovirt.org</a> ha scritto:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Date: Fri, 31 Oct 2014 14:55:46 -0400<br>
From: Jim Kinney<<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>><br>
To:"<a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>" <<a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br>
Subject: [ovirt-users] templates and freeipa<br>
Message-ID:<br>
<CAEo=5PwfhT=<a href="mailto:cvvahCuj4GsxkufD-UFUNbsN0q5Mi9ee76eg3ug@mail.gmail.com" target="_blank">cvvahCuj4GsxkufD-<u></u>UFUNbsN0q5Mi9ee76eg3ug@mail.<u></u>gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Ovirt 3.5 is running well for me and I have freeIPA controlling access to<br>
the user portal. I would like to provide templates of various linux setups<br>
that all have freeipa for user authentication in the VM for my developers<br>
to be able to create a new VM from and then log in using their freeIPA<br>
access and sudo control. I'm wanting to group developers by project and use<br>
freeIPA to set sudo commands as needed (group A get oracle, group B get<br>
postgresql, etc). Wanting to maximize developer ability while minimizing my<br>
clean up time:-) They will be able to delete VMs they create.<br>
<br>
It's possible to do a kickstart deploy with freeIPA registration but a<br>
template from that will be a problem as it will have the same keys for all<br>
VMs.<br>
<br>
Is there a post-creation scripting process I can attach to in ovirt or<br>
should I look at a default root user and script that personalizes the new<br>
VM?<br>
</blockquote>
<br>
</blockquote></div>