Re: [ovirt-users] Add host to oVirt: unprovisioned without using username/password in vdsm-tool
Hello Matt,
On 01/30/2017 08:52 AM, Matt . wrote:
In a puppetized environment it's just too easy to include a
manifest/class that will use the ssh key for that manifest, I want to
avoid that and control the acceptance from the GUI when a possible
host is added to to engine but not capable to join the cluster yet.
I would suggest:
# vdsm-tool register --engine-fqdn myengine.localdomain
or without the check of fqdn:
# vdsm-tool register --engine-fqdn IP_ADDRESS --check-fqdn false
Later you might want to approve the host via GUI, SDK or REST API.
A quick example of rest api:
https://github.com/dougsland/ovirt-restapi-scripts/commit/91dcb3fcd2cae65...
The idea how I used it was very plain and simple, the host exists in
oVirt but was unprovisioned, you clicked install and there it went. If
that would be possible again or is in some way I would like to know.
2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul(a)redhat.com>:
>
>
> On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014(a)gmail.com> wrote:
>>
>> Could do but then there is still some password like thingy around in
>> my provisioning system, a key is just a fingerprint which is matched.
>
>
> It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for
> the authentication.
>
>>
>> What is also the case is that I want to decide in the engine if it's
>> valid to be provisioned or not.
>
>
> So don't add that SSH key to hosts that you don't want to provision.
> We don't have this extra phase of 'approving a host when you add it'.
> If you have permissions to add a host, it'll be added - via the Engine, by
> the Engine.
>
>>
>>
>> Security wise it's not ideal if you ask me, that is why I did it using
>> the URL, http/https was possible.
>>
>> No clue there ?
>
>
> I'm probably missing the use case here.
> Y.
>
>>
>>
>> Thanks!
>>
>> Matt
>>
>> 2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul(a)redhat.com>:
>>> Have you tried using SSH public key auth.?
>>> Y.
>>>
>>>
>>> On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014(a)gmail.com>
wrote:
>>>>
>>>> Hi All,
>>>>
>>>> In the past I was using an URL to add my hosts to over so they exists
>>>> in the ovirt WebGui but they were unprovisioned so I needed to install
>>>> them only.
>>>>
>>>> This is what I used:
>>>>
>>>>
>>>>
>>>>
http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ip=HOSTFQDN&port=...
>>>>
>>>> Is there some way to accomplish this still without using a user/pass
>>>> combiation ?
>>>>
>>>> Thanks!
>>>>
>>>> Matt
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users