12:55 p.m.
Hello everyone, I am new to ovirt and would like to apologise if this has been asked
before.
When I created a cluster of ovirt 4.3, I was presented with the option of creating an
admin user.
However, we would like to assign different login credentials for our employees with
different set of rules.
I was able to view the users menu under the Administration > Users.
Currently we only have an admin user with internal-authz. When clicking on the add button,
I only see "internal-authz" and "*" under namespace.
Clicking on Go button simply shows admin user again.
I created a new role under the Administration > Configure > Roles, however, there is
no option to add new user anywhere.
Can you please point me to the right steps for adding new users?
Thanks
1:11 p.m.
Hello,
engine itself doesn't manage users directly, it just connects to
different user directories. Admin is created in internal profile, that
is specifically created for engine.
You can manage internal users with AAA JDBC tool.
See
https://www.ovirt.org/develop/release-management/features/infra/aaa-jdbc....
On 5/19/21 11:55 AM, gaurav.gohan(a)gmail.com wrote:
Hello everyone, I am new to ovirt and would like to apologise if this
has been asked before.
When I created a cluster of ovirt 4.3, I was presented with the option of creating an
admin user.
However, we would like to assign different login credentials for our employees with
different set of rules.
I was able to view the users menu under the Administration > Users.
Currently we only have an admin user with internal-authz. When clicking on the add
button, I only see "internal-authz" and "*" under namespace.
Clicking on Go button simply shows admin user again.
I created a new role under the Administration > Configure > Roles, however, there
is no option to add new user anywhere.
Can you please point me to the right steps for adding new users?
Thanks
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTW...
Best regards,
--
Lucie Leistnerova
Associate Manager, Quality Engineering, RHV - QE Core & Tools
GChat: lleistne @ Virtualization <https://chat.google.com/room/AAAA7lwAJb4>
Red Hat EMEA <https://www.redhat.com>
1:29 p.m.
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an additional
package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What exactly does this
mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and
it prompted me to create a new VM with hosted engine. I followed through by providing a
FQDN from our DNS server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the right steps
here?
Thank you
2:01 p.m.
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as a
part of oVirt Engine, so in order to use it, you need to SSH to oVirt
Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
Anyway aaa-jdbc extension is useful mostl for small installations within
organizations which don't have their users/groups provided on LDAP server.
If your organization has LDAP server, then I suggest to use aaa-ldap
extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
Regards,
Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan(a)gmail.com> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool as an
additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup? What
exactly does this mean and seems rather complicated for adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
bit and it prompted me to create a new VM with hosted engine. I followed
through by providing a FQDN from our DNS server. However, this procedure
failed to create the VM.
Am I doing something wrong? Could you please elaborate what would be the
right steps here?
Thank you
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
3:04 p.m.
Hi,
I would recommend to use ansible, that way you can have your
configuration as code.
https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_use...
Greetings
Klaas
On 5/19/21 1:01 PM, Martin Perina wrote:
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as
a part of oVirt Engine, so in order to use it, you need to SSH to
oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
<https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
Anyway aaa-jdbc extension is useful mostl for small installations
within organizations which don't have their users/groups provided on
LDAP server. If your organization has LDAP server, then I suggest to
use aaa-ldap extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
<https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
Regards,
Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan(a)gmail.com
<mailto:gaurav.gohan@gmail.com>> wrote:
Thank you Lucie,
So if I understand correctly, we need to install the AAA JDBC tool
as an additional package on the server running the hosted engine?
The link you sent me suggests that we have to run engine-setup?
What exactly does this mean and seems rather complicated for
adding a new user.
Anyways, I ran the command "ovirt-hosted-engine-setup" after
googling a bit and it prompted me to create a new VM with hosted
engine. I followed through by providing a FQDN from our DNS
server. However, this procedure failed to create the VM.
Am I doing something wrong? Could you please elaborate what would
be the right steps here?
Thank you
_______________________________________________
Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org>
To unsubscribe send an email to users-leave(a)ovirt.org
<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/privacy-policy.html
<https://www.ovirt.org/privacy-policy.html>
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
<https://www.ovirt.org/community/about/community-guidelines/>
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV...
4:24 p.m.
On Wed, May 19, 2021 at 2:05 PM Klaas Demter <klaasdemter(a)gmail.com> wrote:
Hi,
I would recommend to use ansible, that way you can have your configuration
as code.
https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_use...
This only registers existing user provided by aaa-ldap or aaa-jdbc into
oVirt Engine, it cannot create new user.
Greetings
Klaas
On 5/19/21 1:01 PM, Martin Perina wrote:
Hi,
ovirt-engine-extension-aaa-jdbc package is installed automatically as a
part of oVirt Engine, so in order to use it, you need to SSH to oVirt
Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
Anyway aaa-jdbc extension is useful mostl for small installations within
organizations which don't have their users/groups provided on LDAP server.
If your organization has LDAP server, then I suggest to use aaa-ldap
extension:
https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
Regards,
Martin
On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan(a)gmail.com> wrote:
> Thank you Lucie,
>
> So if I understand correctly, we need to install the AAA JDBC tool as an
> additional package on the server running the hosted engine?
>
> The link you sent me suggests that we have to run engine-setup? What
> exactly does this mean and seems rather complicated for adding a new user.
>
> Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
> bit and it prompted me to create a new VM with hosted engine. I followed
> through by providing a FQDN from our DNS server. However, this procedure
> failed to create the VM.
>
> Am I doing something wrong? Could you please elaborate what would be the
> right steps here?
>
> Thank you
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
>
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV...
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3...
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
10:15 p.m.
Oh damn yeah, I only use it to register users that already exist in AD,
nvm the noise --- sorry :)
Greets
Klaas
On 5/19/21 3:24 PM, Martin Perina wrote:
On Wed, May 19, 2021 at 2:05 PM Klaas Demter <klaasdemter(a)gmail.com
<mailto:klaasdemter@gmail.com>> wrote:
Hi,
I would recommend to use ansible, that way you can have your
configuration as code.
https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_use...
<https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_use...
This only registers existing user provided by aaa-ldap or aaa-jdbc
into oVirt Engine, it cannot create new user.
Greetings
Klaas
On 5/19/21 1:01 PM, Martin Perina wrote:
> Hi,
>
> ovirt-engine-extension-aaa-jdbc package is installed
> automatically as a part of oVirt Engine, so in order to use it,
> you need to SSH to oVirt Engine host/VM and execute
> ovirt-aaa-jdbc-tool locally:
>
>
https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
>
<https://www.ovirt.org/documentation/administration_guide/index.html#sect-...
>
> Anyway aaa-jdbc extension is useful mostl for small installations
> within organizations which don't have their users/groups provided
> on LDAP server. If your organization has LDAP server, then I
> suggest to use aaa-ldap extension:
>
>
https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
>
<https://www.ovirt.org/documentation/administration_guide/index.html#Intro...
>
> Regards,
> Martin
>
>
> On Wed, May 19, 2021 at 12:30 PM <gaurav.gohan(a)gmail.com
> <mailto:gaurav.gohan@gmail.com>> wrote:
>
> Thank you Lucie,
>
> So if I understand correctly, we need to install the AAA JDBC
> tool as an additional package on the server running the
> hosted engine?
>
> The link you sent me suggests that we have to run
> engine-setup? What exactly does this mean and seems rather
> complicated for adding a new user.
>
> Anyways, I ran the command "ovirt-hosted-engine-setup" after
> googling a bit and it prompted me to create a new VM with
> hosted engine. I followed through by providing a FQDN from
> our DNS server. However, this procedure failed to create the VM.
>
> Am I doing something wrong? Could you please elaborate what
> would be the right steps here?
>
> Thank you
> _______________________________________________
> Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org>
> To unsubscribe send an email to users-leave(a)ovirt.org
> <mailto:users-leave@ovirt.org>
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> <https://www.ovirt.org/privacy-policy.html>
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> <https://www.ovirt.org/community/about/community-guidelines/>
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
>
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWU...
>
>
>
> --
> Martin Perina
> Manager, Software Engineering
> Red Hat Czech s.r.o.
>
> _______________________________________________
> Users mailing list --users(a)ovirt.org <mailto:users@ovirt.org>
> To unsubscribe send an email tousers-leave(a)ovirt.org
<mailto:users-leave@ovirt.org>
> Privacy Statement:https://www.ovirt.org/privacy-policy.html
<https://www.ovirt.org/privacy-policy.html>
> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/
<https://www.ovirt.org/community/about/community-guidelines/>
> List
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/UP...
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV...
_______________________________________________
Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org>
To unsubscribe send an email to users-leave(a)ovirt.org
<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/privacy-policy.html
<https://www.ovirt.org/privacy-policy.html>
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
<https://www.ovirt.org/community/about/community-guidelines/>
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3...
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3...
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
8:09 a.m.
Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool user
add" command on the hosted engine server, but got the following error:
/usr/bin/ovirt-aaa-jdbc-tool: line 3:
/usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh: No
such file or directory
At first I thought the package doesn't exist, and so I installed it using - yum
install ovirt-engine-extension-aaa-jdbc
https://ovirt.org/documentation/administration_guide/index.html#sect-Conf...
But I continue to receive this same error.
8:48 a.m.
On Thu, May 20, 2021 at 8:10 AM <gaurav.gohan(a)gmail.com> wrote:
Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool user
add" command on the hosted engine server, but got the following error:
/usr/bin/ovirt-aaa-jdbc-tool: line 3:
/usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh: No
such file or directory
At first I thought the package doesn't exist, and so I installed it using - yum
install ovirt-engine-extension-aaa-jdbc
https://ovirt.org/documentation/administration_guide/index.html#sect-Conf...
But I continue to receive this same error.
You should do this on the engine machine (VM), not on a host.
You should not need to install this tool on a host, and on the engine
you should already have it.
Best regards,
--
Didi
10:03 a.m.
Thank you so much..I was a bit confused about this but now I have successfully added the
users.
However, I am still having trouble assigning login permit for these users. I get the
error- The user @internal is not authorized to perform login.
I can only bypass this by assigning some kind of admin roles which we do not wish to have
in our setup.
Is there a specific user permission that must be added to permit login? I have already
tried creating a custom role with Login permission but that doesn't work.
https://postimg.cc/4m8YhV6Z
10:32 a.m.
On Thu, May 20, 2021 at 10:05 AM <gaurav.gohan(a)gmail.com> wrote:
Thank you so much..I was a bit confused about this but now I have successfully added the
users.
However, I am still having trouble assigning login permit for these users. I get the
error- The user @internal is not authorized to perform login.
I can only bypass this by assigning some kind of admin roles which we do not wish to have
in our setup.
Is there a specific user permission that must be added to permit login? I have already
tried creating a custom role with Login permission but that doesn't work.
https://postimg.cc/4m8YhV6Z
Any user can login to the VM portal.
Only users that have at least one admin role can login to the admin portal.
You can create a custom admin role and not give it any other
permissions (other than login), then give it to the user you created -
I think this should be enough.
Best regards,
--
Didi
4:33 p.m.
For specific users local to the ovirt engine
https://ovirt.org/documentation/administration_guide/index.html#sect-Admi...
OK for an emergency admin user or perhaps external system user, but this
doesn't scale very well.
But generally you might want to setup LDAP logins with
https://ovirt.org/documentation/administration_guide/index.html#sect-Conf...
and manage users externally across multiple machines.
On Wed, May 19, 2021 at 5:59 AM <gaurav.gohan(a)gmail.com> wrote:
Hello everyone, I am new to ovirt and would like to apologise if this
has
been asked before.
When I created a cluster of ovirt 4.3, I was presented with the option of
creating an admin user.
However, we would like to assign different login credentials for our
employees with different set of rules.
I was able to view the users menu under the Administration > Users.
Currently we only have an admin user with internal-authz. When clicking on
the add button, I only see "internal-authz" and "*" under namespace.
Clicking on Go button simply shows admin user again.
I created a new role under the Administration > Configure > Roles,
however, there is no option to add new user anywhere.
Can you please point me to the right steps for adding new users?
Thanks
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTW...
1282
days inactive
1283
days old
11 comments
6 participants
participants (6)
-
Edward Berger -
gaurav.gohan@gmail.com -
Klaas Demter -
Lucie Leistnerova -
Martin Perina -
Yedidyah Bar David