How to create new users other than admin
Hello everyone, I am new to ovirt and would like to apologise if this has been asked before. When I created a cluster of ovirt 4.3, I was presented with the option of creating an admin user. However, we would like to assign different login credentials for our employees with different set of rules. I was able to view the users menu under the Administration > Users. Currently we only have an admin user with internal-authz. When clicking on the add button, I only see "internal-authz" and "*" under namespace. Clicking on Go button simply shows admin user again. I created a new role under the Administration > Configure > Roles, however, there is no option to add new user anywhere. Can you please point me to the right steps for adding new users? Thanks
Hello, engine itself doesn't manage users directly, it just connects to different user directories. Admin is created in internal profile, that is specifically created for engine. You can manage internal users with AAA JDBC tool. See https://www.ovirt.org/develop/release-management/features/infra/aaa-jdbc.htm... On 5/19/21 11:55 AM, gaurav.gohan@gmail.com wrote:
Hello everyone, I am new to ovirt and would like to apologise if this has been asked before. When I created a cluster of ovirt 4.3, I was presented with the option of creating an admin user. However, we would like to assign different login credentials for our employees with different set of rules.
I was able to view the users menu under the Administration > Users. Currently we only have an admin user with internal-authz. When clicking on the add button, I only see "internal-authz" and "*" under namespace. Clicking on Go button simply shows admin user again.
I created a new role under the Administration > Configure > Roles, however, there is no option to add new user anywhere.
Can you please point me to the right steps for adding new users?
Thanks _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTWWJJ... Best regards, --
Lucie Leistnerova Associate Manager, Quality Engineering, RHV - QE Core & Tools GChat: lleistne @ Virtualization <https://chat.google.com/room/AAAA7lwAJb4> Red Hat EMEA <https://www.redhat.com>
Thank you Lucie, So if I understand correctly, we need to install the AAA JDBC tool as an additional package on the server running the hosted engine? The link you sent me suggests that we have to run engine-setup? What exactly does this mean and seems rather complicated for adding a new user. Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and it prompted me to create a new VM with hosted engine. I followed through by providing a FQDN from our DNS server. However, this procedure failed to create the VM. Am I doing something wrong? Could you please elaborate what would be the right steps here? Thank you
Hi, ovirt-engine-extension-aaa-jdbc package is installed automatically as a part of oVirt Engine, so in order to use it, you need to SSH to oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally: https://www.ovirt.org/documentation/administration_guide/index.html#sect-Adm... Anyway aaa-jdbc extension is useful mostl for small installations within organizations which don't have their users/groups provided on LDAP server. If your organization has LDAP server, then I suggest to use aaa-ldap extension: https://www.ovirt.org/documentation/administration_guide/index.html#Introduc... Regards, Martin On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan@gmail.com> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What exactly does this mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and it prompted me to create a new VM with hosted engine. I followed through by providing a FQDN from our DNS server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the right steps here?
Thank you _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJP...
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
Hi, I would recommend to use ansible, that way you can have your configuration as code. https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_m... Greetings Klaas On 5/19/21 1:01 PM, Martin Perina wrote:
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as a part of oVirt Engine, so in order to use it, you need to SSH to oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-Adm... <https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline>
Anyway aaa-jdbc extension is useful mostl for small installations within organizations which don't have their users/groups provided on LDAP server. If your organization has LDAP server, then I suggest to use aaa-ldap extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Introduc... <https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers>
Regards, Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan@gmail.com <mailto:gaurav.gohan@gmail.com>> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What exactly does this mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and it prompted me to create a new VM with hosted engine. I followed through by providing a FQDN from our DNS server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the right steps here?
Thank you _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJP... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/>
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ...
On Wed, May 19, 2021 at 2:05 PM Klaas Demter <klaasdemter@gmail.com> wrote:
Hi,
I would recommend to use ansible, that way you can have your configuration as code.
https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_m...
This only registers existing user provided by aaa-ldap or aaa-jdbc into oVirt Engine, it cannot create new user.
Greetings
Klaas
On 5/19/21 1:01 PM, Martin Perina wrote:
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as a part of oVirt Engine, so in order to use it, you need to SSH to oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-Adm...
Anyway aaa-jdbc extension is useful mostl for small installations within organizations which don't have their users/groups provided on LDAP server. If your organization has LDAP server, then I suggest to use aaa-ldap extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Introduc...
Regards, Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan@gmail.com> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What exactly does this mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and it prompted me to create a new VM with hosted engine. I followed through by providing a FQDN from our DNS server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the right steps here?
Thank you _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJP...
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ...
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFA...
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
Oh damn yeah, I only use it to register users that already exist in AD, nvm the noise --- sorry :) Greets Klaas On 5/19/21 3:24 PM, Martin Perina wrote:
On Wed, May 19, 2021 at 2:05 PM Klaas Demter <klaasdemter@gmail.com <mailto:klaasdemter@gmail.com>> wrote:
Hi,
I would recommend to use ansible, that way you can have your configuration as code.
https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_m... <https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_module.html#ansible-collections-ovirt-ovirt-ovirt-user-module>
This only registers existing user provided by aaa-ldap or aaa-jdbc into oVirt Engine, it cannot create new user.
Greetings
Klaas
On 5/19/21 1:01 PM, Martin Perina wrote:
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as a part of oVirt Engine, so in order to use it, you need to SSH to oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-Adm... <https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline>
Anyway aaa-jdbc extension is useful mostl for small installations within organizations which don't have their users/groups provided on LDAP server. If your organization has LDAP server, then I suggest to use aaa-ldap extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Introduc... <https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers>
Regards, Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan@gmail.com <mailto:gaurav.gohan@gmail.com>> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What exactly does this mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and it prompted me to create a new VM with hosted engine. I followed through by providing a FQDN from our DNS server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the right steps here?
Thank you _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJP... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/>
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list --users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email tousers-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement:https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFA... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFAYLDBS5J54DRUDVOQDI/>
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool user add" command on the hosted engine server, but got the following error: /usr/bin/ovirt-aaa-jdbc-tool: line 3: /usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh: No such file or directory At first I thought the package doesn't exist, and so I installed it using - yum install ovirt-engine-extension-aaa-jdbc https://ovirt.org/documentation/administration_guide/index.html#sect-Configu... But I continue to receive this same error.
On Thu, May 20, 2021 at 8:10 AM <gaurav.gohan@gmail.com> wrote:
Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool user add" command on the hosted engine server, but got the following error: /usr/bin/ovirt-aaa-jdbc-tool: line 3: /usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh: No such file or directory
At first I thought the package doesn't exist, and so I installed it using - yum install ovirt-engine-extension-aaa-jdbc https://ovirt.org/documentation/administration_guide/index.html#sect-Configu...
But I continue to receive this same error.
You should do this on the engine machine (VM), not on a host. You should not need to install this tool on a host, and on the engine you should already have it. Best regards, -- Didi
Thank you so much..I was a bit confused about this but now I have successfully added the users. However, I am still having trouble assigning login permit for these users. I get the error- The user @internal is not authorized to perform login. I can only bypass this by assigning some kind of admin roles which we do not wish to have in our setup. Is there a specific user permission that must be added to permit login? I have already tried creating a custom role with Login permission but that doesn't work. https://postimg.cc/4m8YhV6Z
On Thu, May 20, 2021 at 10:05 AM <gaurav.gohan@gmail.com> wrote:
Thank you so much..I was a bit confused about this but now I have successfully added the users. However, I am still having trouble assigning login permit for these users. I get the error- The user @internal is not authorized to perform login.
I can only bypass this by assigning some kind of admin roles which we do not wish to have in our setup.
Is there a specific user permission that must be added to permit login? I have already tried creating a custom role with Login permission but that doesn't work. https://postimg.cc/4m8YhV6Z
Any user can login to the VM portal. Only users that have at least one admin role can login to the admin portal. You can create a custom admin role and not give it any other permissions (other than login), then give it to the user you created - I think this should be enough. Best regards, -- Didi
For specific users local to the ovirt engine https://ovirt.org/documentation/administration_guide/index.html#sect-Adminis... OK for an emergency admin user or perhaps external system user, but this doesn't scale very well. But generally you might want to setup LDAP logins with https://ovirt.org/documentation/administration_guide/index.html#sect-Configu... and manage users externally across multiple machines. On Wed, May 19, 2021 at 5:59 AM <gaurav.gohan@gmail.com> wrote:
Hello everyone, I am new to ovirt and would like to apologise if this has been asked before. When I created a cluster of ovirt 4.3, I was presented with the option of creating an admin user. However, we would like to assign different login credentials for our employees with different set of rules.
I was able to view the users menu under the Administration > Users. Currently we only have an admin user with internal-authz. When clicking on the add button, I only see "internal-authz" and "*" under namespace. Clicking on Go button simply shows admin user again.
I created a new role under the Administration > Configure > Roles, however, there is no option to add new user anywhere.
Can you please point me to the right steps for adding new users?
Thanks _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTWWJJ...
participants (6)
-
Edward Berger -
gaurav.gohan@gmail.com -
Klaas Demter -
Lucie Leistnerova -
Martin Perina -
Yedidyah Bar David